It’s surprising how much corporate IT technology is driven by the CEO asking “why not?”. In today’s episode, it’s the CEO asking why he can’t be a cool kid and use his new, shiny smartphone or tablet at work. (Stop groaning.)
The blurring of work and personal life has spilled over into smart mobile devices being viewed as work tools. It’s seemingly the smart thing to bring your own device – BYOD – to work.
But we’re not there yet. Verizon’s VP of strategy asked for a show of hands at a recent talk. “How many of you bring your own device?” About half the hands in the room went up. “OK, how many of you do that in a sanctioned manner with employer approval?” About 2/3rds of those hands went down, with sheepish looks.
The sentiment is out there, and as a technologist I know I’ve had this thought:
If you don’t pay for my device, you don’t tell me what to carry. My (blank) is better than what you’re trying to give me.
There are rules when it comes to corporate IT, and with good reason. When access, workflow, storage, and policies get more difficult and expensive to implement and manage, and the more sensitive the enterprise data is, and the more often the mobile device is in the flow, there are a lot of things to think about.
Thinking is the last thing people tend to do when something looks easy. I remember in Web 1.0 when the big corporation I worked for put in a way-cool Oracle 11 implementation, and one of the selling points was the apps are web driven, so people will be able to access them with a browser. So, why can’t our supply chain partners use it if we issued them logins? Good question, let’s try it from home and see if we can get in. Denied. Port numbers. Firewalls. IT security types at corporate:
You wanna open what port? Why? Bzzzzt. Thanks for playing.
Smaller organizations have an easier time, and if you’re completely browser and cloud based BYOD can work. My last employer, a publisher, was BYOD if you weren’t going Apple. It worked because we were in a file-sharing environment with a simple workflow having just three or four folks involved, and as long as people remembered to put their stuff in the Dropbox things went well. Once the info was published, its sensitivity went away. For internal planning and data, we also used Salesforce.com and Google Docs, entirely browser and cloud driven. Simple, but I can say there were the occasional headaches with browser and plug-in versions.
Now many CIOs at larger firms are embracing the idea behind BYOD too, not just because their CEO is asking but because it’s a perk and a productivity boost for employees who are increasingly on 24/7, and potentially a cost reducer in the long run.
Think it through. You will need a few lawyers and significant amounts of money to make BYOD work. You really don’t want to commit to it, be surprised, and have problems down the line. It may work in your situation, or at least you could come to a hybrid model where some jobs are able to operate with BYOD and others need corporate issued-devices. Or you may decide it’s not for you, and you’ll have to educate the CEO.
Here are some of the points that need to be looked at. Yes, many of these problems exist for corporate-issued devices as well, but there’s a difference: you can confiscate that thing, put it in the IT shop for a couple days, and fix the problem. Try prying the employee-owned smartphone out of their hands for more than a couple minutes (this is one of the areas where your lawyer will be needed). Let’s proceed on the basis your employees are willing to participate and let you install something.
Devices within reason.The embedded world practices lock-down where device configurations are tightly defined and controlled. No such luck with BYOD and the enterprise, and it’s only going to get worse. Ralph de la Vega of AT&T said recently that device life cycles are now getting much less than 2 years. I can’t pick just any device and expect the IT team to make it all work, and as an enterprise you still have to strike a balance between legacy support, mainstream, and new device support. (And oh yeah, don’t even think about jailbroken devices.)
Upgrade your OS and browser lately? If you thought browsers and plug-ins were fun on the desktop, wait until the mobile beast is unleashed. IT departments often wait to roll out a new OS or browser until they’ve tested and planned – it’s completely out of your control on BYOD. Major upgrades like iOS5 and Android 4 will trigger major outbursts of angst and support calls. Some devices won’t even be upgradable. Some devices will brick when the upgrade glitches. Some apps will break, and have to go back to the hangar for a new version. Some folks won’t upgrade even when you want them to and all their friends have. Meanwhile, user productivity will go way down for the segment of the population affected, and your people will be scrambling to recover.
Tell me there’s no data on that device. This has been one of the primary concerns of both sides. Users don’t want their device “wiped”, either in the beginning or the end, to satisfy corporate security concerns. Enterprises don’t want data trapped on a device that gets lost or poached for security reasons. What’s emerging are new apps that firewall a work profile on the device that has secure access to some type of cloud where the enterprise-only apps run and access data, and only the access app stays on the device until it’s removed.
More fuel on the HTML5 vs native app fire. BYOD is one of the really strong arguments for CIOs to develop their in-house apps on HTML5. If you have to support a bunch of platforms, developing the expertise and resources to support native apps is going to get daunting. But with that said, there are reasons to have a “preferred” device – for instance, video content would be a good spot for a RIM PlayBook – with specific features supported in a native app.
Which carrier and data plan? If device and OS configs aren’t enough to worry about, now you have carrier support and coverage and plans to worry about. Some of your remote users might have limited or slow coverage on a certain carrier, which impacts performance. Some have metered or throttled data plans – got those sales figures, wait, I’m over my data limit, arrrgggh. And carrier support for the OS itself, especially on Android, varies in what features get implemented on that device – something supported on Sprint may not be supported on TMobile or Verizon or AT&T, even on the same or very similar device.
Authorizing devices and distributing apps. CIOs need a way to positively identify a device, and a policy to allow it on the network, and then a framework to distribute apps. Solutions are starting to emerge here, but will face challenges in scalability and maintenance as time progresses. This is the area of BYOD getting the most energy, because it’s a problem a vendor can help solve right now.
These don’t get viruses. Uh-huh. I shouldn’t need to tell you as devices continue to proliferate, they and the cloud will be attacked – intensely. Here’s a recent take on this:
Be prepared for before jumping into the BYOD fray. These are just some of the considerations, and we haven’t even discussed the implications in the app developer ecosystems, or what happens if and when your security is breached. There are creative solutions starting to emerge, and there’s more to be heard from both the BYOD and the corporate-issued camps because big data will continue to drive the agenda. I’d be happy to hear your thoughts on BYOD (or not), or help take a look at your situation.