Sunil Lalvani writes about how Indian companies are dealing with BYOD and what MDM can do for them
Consumers are comfortable with their mobile devices. They use these devices for a variety of tasks—from keeping track of friends, their social interactions for shopping, education, entertainment, news alerts and taking instant decisions with regard to their investments, etc. So why not use them at work? Increasingly, personal devices are being used for collaboration, seeking work-related information, analyzing workplace requirements and conveying decisions.
This trend, known as Bring Your Own Device or BYOD is taking the workplace by storm, forcing worried CIOs to create processes, policies and standards that do not compromise enterprise security and adversely impact reputation. On the other hand, ironically, CIOs are delighted. As employees bring their own smart devices to work, there is greater employee satisfaction. BYOD helps drop the cost of hardware provisioning and the enterprise keeps pace with changing technology as users upgrade their devices almost routinely.
There are plenty of things to worry about, however. For one, as mobile devices change, so must the related processes, policies and standards. There are other issues such as which devices to provision for. After all, a business cannot provision for every device form factor and OS. As if that weren’t enough, there is the sticky issue of providing support to users for these devices.
The BYOD phenomenon is neither trivial nor is it transient. A Citrix study forecasts that by mid-2013, 94% of companies will have a BYOD policy. Gartner adds that by 2014, 90% of organizations will support corporate applications on devices owned by workers.
Possibly the biggest concern for an enterprise is data security. Simple examples help illustrate the concern. What happens if a user loses or misplaces a mobile device? Enterprise data, networks and applications available on the device are at immediate risk. There are solutions to the problem, each with its own set of secondary concerns. One may assume that it is easy for a business to remotely lock or erase all data on a lost device. However, the decision to erase device data and capabilities is dependent on who owns the device. If the employee owns it, a set of policies and permissions are required to manage the situation.
In a slightly different scenario, the device may not be lost or misplaced, but it could be the device owner (employee) who is compromising data. The solution is to monitor device usage. Again, there are secondary concerns.
For example, a user may have more than one device logged in. This implies that the network should be able to recognize authorized devices and accordingly set access permissions for applications, networks, systems, data, etc.
Finally, there are employee separation issues that must be factored into any reasonable BYOD policy. When an employee leaves, how does an enterprise ensure that enterprise data is not leaving with the employee? By implication, all BYOD solutions are not necessarily technical in nature. They involve the HR and legal function as well.
Data loss fears are real. One of the popular solutions is to deploy Mobile Device Management (MDM) systems. However, the real answer to data security is not securing the mobile device but to secure the data.
Some Indian companies have begun to create policies and processes related to personal mobile devices at work. CSR India and SAP Labs India are just two such companies leading the way. SAP Labs India has a stake in the BYOD-mobility landscape as it helps enterprises set up their own mobile app store to facilitate smoother BYOD adoption.
At one Bangalore-based technology company that tried to formalize the BYOD movement, some employees complained bitterly. They said it was unfair to let others bring in what was not standard company-issue equipment. It changed the playing field, they said. The employees that complained were those who had lower pay scales and did not own personal smartphones. They said buying an expensive smartphone was not in their budgets and was the equivalent of taking a pay cut. In a bid to level the playing field, the company had to start providing interest-free loans to employees to buy smartphones and tablets. They are still trying to figure out how to segregate data access costs!
A MDM is the first step to managing and leveraging the BYOD trend. Selecting the right MDM technology with appropriate access solutions can help secure networks, devices, applications and data. MDMs have a variety of functions.
At the most fundamental level, they ensure role-based access with regard to users, device types and access parameters. An MDM can also assist in managing application usage that also helps check data theft/ loss.
At a more advanced level, a MDM can be deployed to manage the enterprise mobile app store. This means the enterprise can now control the apps while the employee can control the device. As simple as this sounds, it is a key MDM function because it lets the employee go about her business tasks without having to forfeit the pleasure of playing Fruit Ninja or accessing social networks.
Supplementing an MDM should be a sound application strategy. Native apps on smart devices can sometimes be a threat. It therefore makes business sense to opt for secure apps such as those for email and browsers. Securing the browser, address book & corporate communication is a fundamental step. Underlying such measures should be the tacit understanding that if an employee brings a personal device to work, security and monitoring applications will be installed on the device.
In effect, to leverage the BYOD trend and its cost benefits, CIOs must address the key issue of data security and not device security; they must examine appropriate MDM solutions to ease the pain of management; and develop a strategy around application deployment which secures enterprise data.
The author is Director, Enterprise Sales, RIM India