The BYOD dilemma - accessing corporate applications

Companies wanting to harness the urge staff have to bring and use their own access devices often run right into a dilemma - how to make access to corporate applications each and safe. Typically they turn to one of three approaches.
Written by Dan Kusnetzky, Contributor

I thought it would be useful to review the different ways companies have chosen to harness staff member's interest in bringing their own devices to work and allowing them to safely, securely access corporate applications and data.

The approaches seem focus on one of the following: encapsulating workloads and delivering them to the remote device, creating a new user interface for applications that can be accessed by mobile staff members, building a company-specific App or encapsulating traditional client software and delivering it as a virtual desktop. Which is the best approach depends upon where IT decision makers believe the workloads should execute (client or server) and where the data being processed should reside (client, server or storage sever hosted in their own or a partner's data center).

Citrix, Microsoft, VMware and many others have staked out their turf and are waging a battle for the hearts and minds of IT decision makers.

Delivering workloads to the remote device

Client-centric workloads, in this approach, are encapsulated and delivered to the remote devices for execution. The goal here is that the workload use the computing resources of the intelligent device rather than simply being accessed remotely.

Some suppliers include virtual machine software in their products that allow the application to happily execute on bare metal, under another operating system or under their own monitor.

Since it is very likely that the workload was originally developed to support an X86-based client running Windows, this approach can limit which remote devices can be supported. Since the majority of smartphones and tablets aren't based upon an X86 processor and don't run windows, making this work can be complex. The supplier must offer either an application virtualization or a processing virtualization solution that will allow X86/Windows applications to run under Android, IOS or some other mobile operating system on whatever processor that is hosting software on the remote device.

This approach can be made to work if the company supports only a small, controlled selection of devices. If a broader selection of devices must be supported one of the other approaches would be better.

Creating a new Web-based user interface

Companies have also been known to create a new Web-based user interface that gives mobile staff access to centrally hosted applications and data. Since most smartphones and tablets can access Web-based applications, this approach appears appealing at first glance. This means that staff can bring in just about any type of device.

There are challenges to this approach too. The devices are likeky to offer different screen resolutions and different complements of processor power, memory capacity and network speed. Unless the developers of the user interface have thought in very general terms, workloads may be accessible, but not really usable, on some devices. Furthermore, this approach requires access to the network. A mobile staff member may not have access to teh network while traveling or at a client's site.

Building an App

Some companies chose to build an App that allows access to their corporate applications and data. This approach is quite similar to building a Web-based user interface. As with that other approach, access to the network is required. Additionally, the company must either develop their own expertise in all of the supported operating systems and devices or engage a development partner.


This approach is very flexible. Workloads can be encapsulated and execute on the local device, on a departmental server or back in the corporate data center. Access virtualization technology is then used to allow staff members to access corporate workloads on their devices.

The benefit of this approach is that client-focused applications need not be changed nor is it necessary to develope a new user interface. The workload that's being executed can be accessed using one device, by a second device later and then by the original device. The workload that is executing on a host can be made to wait for the user. The user can access the application from just about any device supported by the access virtualization technology. Concerns about client device form factor, processing power, memory and storage can largely be put aside. Concerns about access to the network, however, continue to be important.

What's the best approach?

As with many IT decisions, there isn't a single correct answer that addresses the needs of all organizations. Each of the approaches mentioned above are useful and can be the correct approach to address a specific company's needs.

IT decision makers need to consider the following things when making their selection:

  • Are ony a few, selected devices to be supported? If so, all three of the approaches can be considered.
  • Are staff members always going to have access to the network? If not, then deliving an encapsulated application to the device or deploying a company-specific app are the best choices.
  • Do the company's security and data protection plans require that applications and data only reside in the corporate IT infrastructure? If this is true, Web-based UI, company-specific App and VDI are the best choices.
Editorial standards