BYOD: Problems, Practices, and Solutions

The bring-your-own-device trend has made significant waves in both the private and public sectors as workers increasingly rely on their own devices to handle their unique needs. BYOD has also caused a few headaches for IT departments as they determine how to best secure a highly mobile environment. However, investing the time to incorporate BYOD as part of a larger business strategy may be beneficial in the long run. Assuming the issues of security and support can be addressed, companies can allow personal devices in the workplace without compromising productivity or data protection.

The prevalence of BYOD is becoming increasingly difficult to question, as the latest data from HDI Research found nearly half of those surveyed have a formal BYOD program of some kind. The devil is in the details when it comes to managing mobile devices in BYOD environments, and the digital ecosystem is only expected to become more diverse in the coming years. This means businesses will need to be prepared to consider the potential for BYOD-enabled transformation.

BYOD: The Great Transformation

One of the reasons BYOD can seem difficult is because it represents a substantial shift in IT environments. In fact, Gartner referred to the trend as the most radical shift in enterprise client computing since the introduction of the PC. IBM i users benefit from a well protected platform, particularly given its support for supplemental security solutions. However, BYOD changes things significantly—with a large volume of devices coming into the IT environment, it can be much more difficult to differentiate friend from foe. Additional considerations must be made for bandwidth usage and acceptable use practices from end users.

The question then remains whether IT should bother accommodating the needs of end users. One supportive argument has been the notion that BYOD is inevitable and some data even suggests that users are likely to develop a shadow IT culture in response to overly restrictive policies. However, it’s important to note that BYOD acceptance also has the potential to produce significant business benefits. Consulting firm PricewaterhouseCoopers identified improvements in worker productivity that could be linked directly to BYOD, for instance.

Some of these benefits can be explained by the devices themselves. By using platforms they are comfortable with in everyday life, employees know where their favorite software tools are and how to best use them. According to PwC, some of the shifts that result from BYOD acceptance have also contributed to enhancing productivity and actually making IT’s job easier. The firm specifically cited application virtualization, which makes it easier to provision software while also facilitating access for employees.

Hardware management costs may also be reduced as employees rely on devices they bought themselves rather than company-provisioned models. While this is not true in every implementation, it is a consideration to make as businesses begin crafting policies for their highly mobile workforce.

How Businesses Currently Manage BYOD

A number of solutions have emerged that address the issues surrounding BYOD. Mobile device management and its partner, mobile application management, have become the go-to solutions for many companies.

MDM technology is a bridge that gives IT some control over user devices. By requiring users to install MDM software, administrators can enforce policies such as strong passwords while gaining monitoring tools to ensure workers are both productive and safe from malware. Additional functionality such as remote wiping is helpful for addressing the risk posed by lost or stolen devices, particularly given the popularity of single sign-on features for accessing cloud data.

However, MDM software is inherently device-centric and can leave noticeable security gaps. This makes mobile application management a frequent supplement in a comprehensive BYOD framework. As the name suggests, MAM software gives IT departments more control over the applications on a user’s device, whether they come from the enterprise app store or from a vendor’s marketplace.

How Companies Could Do Better

The problem with relying on MDM and MAM technology is that these approaches are based on the safeguards used to protect environments dominated by PCs. An InformationWeek survey suggested that ineffective strategies stem from desperation—IT managers in a rush to accommodate the flood of devices turned to MDM to have something in place rather than no management solution at all.

In addition to requiring more for security, IT departments also need to look beyond data protection to make the most of bring-your-own-device. BYOD is largely about having the right tools for the job and at the right time. Rather than act solely as gatekeeper, IT can be better positioned by proactively meeting business needs.

Among the many shifts that happen as an organization accepts BYOD is the movement of control. As end users gain increased access to business applications and data, the effectiveness of BYOD programs is heavily dependent on trust. After all, if IT holds the keys to the entire enterprise digital kingdom, it undermines much of the productivity that would otherwise be gained by trusting users with their own devices. In addition to ensuring their security solutions avoid excessive restrictions, IT departments can benefit from raising user awareness in regard to best practices, whether that education comes in the form of a soft reminder to change passwords regularly or an alert about the latest mobile malware threat.

Effectively Implementing BYOD

Once some general principles are outlined for protecting the business in a BYOD-enabled world, companies must craft policies to guide how they will implement mobility programs. IBM’s Enterprise Mobility blog listed several action items that should go into the process. First, it’s important to take stock of the existing environment. What devices and operating systems are employees using? Are most employees always getting the latest gadgets?

Questions like those will help determine which platforms will need to be supported and how scalable the technology should be. An end-user assessment should be quickly followed by a clear outline of responsibilities and requirements. For instance, some businesses may require users to keep updated security software on the device to connect to the corporate network. Once these policies have been outlined, it is important to make sure they are clearly documented and communicated so that users throughout the organization are aware of their duties as well as any consequences that may come from compromised business data.

Between the pressure from end users and excitement from having a firm foundation for BYOD, it may be tempting to start ushering organization-wide change. However, it is important to ensure that policies, practices, and technology will actually be effective before investing heavily in implementation. For this reason, IBM highlighted the value in pilot projects. Starting with small-scale implementation ensures that BYOD practices are feasible to the business and allows for fine-tuning before large-scale deployment.

To BYOD or Not?

Accepting bring-your-own-device may not be an option for every company, but it is something all business decision makers will need to put some thought into. Those that decide to implement a BYOD program will need to implement effective policies to ensure that productivity gains are realized safely. Starting with a comprehensive framework that accounts for end user needs as well as business-centric demands such as security can ensure implementation is not only successful but provides quantifiable gains. BYOD environments require flexibility, as new devices increasingly connect to the corporate network. The security technology and business paradigms used to govern these environments must be similarly flexible to get the most out of the trend.