One in five BYOD programs destined to fail due to overly restrictive MDM policies

One in five BYOD programs destined to fail due to overly restrictive MDM policies

Summary: Enterprise CIOs are racing to implement mobile device management technologies and policies to facilitate BYOD, but a new Gartner report suggests that 20 percent of these programs will eventually fail because these measures are too restrictive.


Balancing convenience and functionality with compliance and security figures to be the bane of CIOs and IT managers for the foreseeable future as more and more personal devices and consumer-centric applications further entrench themselves in the enterprise.

Companies are spending a lot of time and money on mobile device management applications, elaborate BYOD policies and security protocols to at least attempt to bring order to their IT environments while simultaneously rolling out new mobile applications that drive profits and productivity at the price of further complicating their security challenges.

But a new Gartner report predicts that by 2016 about 20 percent of companies will ultimately fail to find the proper balance between these dueling priorities.

"Given the control that IT has exercised over personal computers by developing and deploying images to company-managed PCs, many IT organizations will implement strong controls for mobile devices," Ken Dulaney, a Gartner vice president, said in the report.

Indeed, companies are expanding their budgets for mobile security at a breakneck pace. ABI Research predicts total expenditures for mobile security management applications and services will double by 2015 to more than $1 billion.

But all this additional security and oversight – along with the inherent implementation and support issues – can cause a bigger problem with the employees who know or expect that IT organizations will also have access to their personal information once their mobile devices are brought under their employer's MDM umbrella.

"As a result, employees are becoming sensitive to giving IT organizations access to personal devices and demanding solutions that isolate personal content from business content and restrict the ability of the IT organization to access or change personal content and applications," according to the report.

The fact that 15 percent of mobile-device users store their password details – personal and business alike – on their smartphones and that one in three don't use a PIN or password to safeguard access to their devices makes life even more difficult for IT managers straddling the line somewhere between Big Brother and Mr. Magoo.

"Whether via formal BYOD programs, or just via devices coming in the back door and being configured to access corporate systems, the use of consumer technologies in the work environment presents a threat to IT control of endpoint computing resources," Dulaney added.

Topics: Mobility, Privacy, Security, BYOD and the Consumerization of IT


Larry Barrett is a freelance journalist and blogger who has covered the information technology and business sectors for more than 15 years.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • That's what MDM is about

    The entire point is to provide WMD against BYOD.

    This is an overcompensated self-entitled faction trying to fight change and retain budgets, influence, and power. They are not creative and not productive. If consumer computing threatens anything it is the blue collar "IT" hegemony promoting safety through inaction.
    • No

      it is a faction trying to safe the company from law suites!

      Maybe America is more relaxed, but in Europe, for example, if you BYOD a device, it must have a password, you cannot let a non-employee use the device (spouse and kids can't use the device any more, for example), the company has to be able to remote wipe it, if the device is lost or stolen.

      That isn't IT being power mad, that is IT following data protection law. If they didn't do that, the employer and employee would be liable to prosecution.

      In fact, in general, the employer letting the employee set-up their Exchange account on their private smartphone could lay them open to prosecution, if they don't get that covered properly in the data protection declaration that every employee has to sign, when they start working for a company.

      This is why BYOD is unpractical.
  • IT departments slow to implement MDM solutions

    Great points about pain in rolling out an MDM policy. MDM is a new frontier for most IT departments, and IT pros are still trying to figure out the best way to manage the flood of devices coming into the workplace.

    A few stats relevant to the conversation: According to a 2013 survey, ~75% of IT departments had not implemented a MDM solution. At the time of the survey, more than 50% of IT departments had no plans to implement MDM within the next 6 months, so it will still be a while until we see mass MDM adoption in the workplace.

    The MDM report is from the Spiceworks Community (which I help manage) and is located at:
    • Unsure about this

      Pretty much every major company used Blackberry from 2001-2008, this required BES which is a MDM so unsure who no companies have one. What I think you mean is not many are keen to deploy another (Good Technology, AirWatch, MobileIron etc.)

      The article speaks to the main sticking point that is clear to anyone who manages mobile. Employees do not want their device managed. They want access to to use all the consumer Apps that do not adhere to your corporate data policies. It's not just the device.

      The more a user feels managed - they less appealing using their device becomes, even moreso when it's on their dime. The traditional corporate paid device of old is just being re-invented with iPhones and Android. The problem is the more you secure these devices to act like the Blackberry - it impacts much of why employees want them.

      Remove all the hardware reasons as Blackberry 10 has now equaled or surpassed that, as well the browser is on par. It's all about consumer Apps.

      Personal usage and work have never mixed and seperation is the best way to keep both sides happy.
  • Just Say NO

    Companies want access to your mobile devices so they can "manage them". Keep your hands off my equipment.
    If you want me to have these devices to support your business, fine. You pay for it and you can manage it any way you choose.
    The simplest thing to do is to keep business and personal devices separate, even if you have to carry two phones.
    • or

      you keep your device away from my Enterprise, not on my wireless. Leave your personal device in your car or at your house. Nowhere does it say that you have a right to your personal device on my Enterprise network or in my building.
      • In fact

        in many jurisdictions, it would be illegal to use a private device on an enterprise network.
        • This is the problem...

          The whole thing about BYOD is a complete farce, who actually *wants* to connect their personal devices up to their employer's network? When I leave my desk I don't want to be bothered with work emails and I certainly don't think about doing work while I'm lying in bed or sitting in a bar!
          I have a work mobile and a work laptop provided by my employer, which I can take home, but the beauty of this is a can switch them off and still be able to contact my friends and play Minecraft without being disturbed.
          The whole BYOD concept is a trick to try and get more productivity from employees by getting business services to them on their own devices, whole hopefully reducing costs on IT-provided hardware and support.
          If employees disagree with the policies of MDM, then they simply won't sign up to them and the whole thing would have been a waste of time. It's true that employees have no expectation of privacy while using company resources, but to impose restrictions and the ability to audit and control personal devices completely crosses the line.

          My own view is that businesses should focus on delivering remote services to employees only where it's necessary and to ensure proper measures are in place to keep them secure and not even allow sensitive data to be broadcast to personal devices in the first place. All the MDM security policies in the world are not going to prevent a random stranger snooping on highly sensitive company HR or financial data over the shoulder of someone reading these on their iPad on the train home!
          • Cost shift

            Like other things being stripped away from employees (health benefits, flexible work schedules, traditional 40hr work weeks) this is yet another way to shift the cost from the corporate perspective.

            "Employees already have devices so why pay for them?" I heard this a lot when we stood up our BYOD program. The issue is there are many employees who have no desire to use their personal device at work. If you want access to me - pay for it. The bleeding of work into personal life and personal life into work is the bigger issue. We're all trying to get as much done in a day as we can.

            The other side in all this are all these MDM, MEAP vendors who can "solve" BYOD - just buy our product and everyone will be happy!

            There is no secret sauce. BYOD will vary from company to company as there are different cultures and in europe data laws around much of this.

            BYOD will die over the next 18 months and shift back to a more COPE type model. Corporate provided and some personal usage allowed. It's how things resolved in the desktop world and works.
          • BYOD ROI

            So yes, this is correct. The company SHOULD be paying for a portion of this service. I've migrated several large Enterprise orgs that were paying for CL device for years. The employees were generally estatic. They are already been carrying two devices and now can get what they want and off-set their monthly bill. At the same time the company saves a TON by doing this and offloads the management aspect of phone bills, overages, broken devices etc. That in itself is a huge, huge ROI. I am sorry to say but if you are a really MobileAdmin, corporate liable died along with the desktop world reference. Welcome to the mobile world.
  • MDM seems to be misunderstood a bit....

    ...At lease from my findings. IT is not looking to manage someone's entire personal device. What we want is to give users what they want, adjust to their usage patterns while still keeping things simple, affordable and secure.

    Also, this issue cuts both ways. For our company, despite all of the policy speak on paper, people still abused their plans, let the kids play with the device, break them frequently, etc. This cost us a boat-load of cash over the past few years. To control this properly, a good MDM solution is needed and will be VERY restrictive on a corp device. No apps. No Pandora, no games. Period. As a result, people are now forced to carry 2 devices.

    The other way to go is BYOD with MDM. Yes, MDM is unavoidable but we do have options on how we use it. In a BYOD situation, I don't care what else you are doing on the thing. All I care about is your connection to the corporate resources. A good MDM solution will allow for the logical partitioning of these two different data types and in the case of a termination, a wipe will only affect the corporate data and related connections. As an added bonus, retaining the ability to perform a complete device wipe on the request of the device owner is still nice to have if it is lost or stolen.

    So please do not misconstrue MDM as total control. It can be if desired but a good MDM solution will have options which can be smartly implemented along with good policy speak.
  • Misused of the word "Program"

    Program, to those of us in IT, though be it a legacy term, inherently implies software. So when you stat such in the title, it implies that the software is the limited factor. The term "initiatives" would be better suited. Moving on... I am commenting before reading the other's so pardon if I repeat. I am an MDM super-geek. I work with C-Levels on a daily bases on implementation strategies. BYOD is here. BYOD is happening. BYOD makes sense. Each day I am shocked at the number of organizations that do not have an MDM solution in place. Instead, they have a free-for-all and open up Exchange. I ask them how many devices are connected to Exchange. They give me a number. After I have them go into Exchange and see how many devices are actually attached, they are shocked and embarrassed at their lack of mis-management; rightfully so. The theory of "control" as a limiting factor is. Mobility is empowering employees to do their job unimpeded while protecting the corporate assets. I've had these discussions all the way back in 2004 when BlackBerry prospects would claim to "never give their employees a mobile device to access email on." Companies with a short-sited attitude and perception of MDM as being strictly a limited factor are missing great opportunities. BYOD is here. Embrace it or die.