Most employees now own and carry very powerful personal communications devices, particularly smartphones, laptops and tablets. Increasingly, they want to use these personal devices for work, particularly for access to privileged information and applications.
That can create big problems for IT managers and C-level execs, who might pine for the days of closed corporate computing networks, where every work-related mobile and portable device was provided by, and strictly controlled by, the employer.
Those days are gone, and they aren’t coming back. Employees don’t want to carry two smartphones around, one for personal use and one for work. They’d like to use their personal laptops for productivity applications, their own iPads to read work documents. They want (or need) access to their work network at any time, no matter where they might be — at home, on the road, even on vacation.
The emerging concept of BYOD (Bring Your Own Device) is based on the idea of formally integrating these personal devices into corporate and organizational computing networks.
BYOD may sound simple, but it presents a host of challenges for any organization. That’s why extensively planning for BYOD is so critical, because once you open this particular Pandora‘s box, it’s difficult to close it again.
On the surface, BYOD would appear to be great news for employers, who no longer need to invest nearly as much as they had been on laptops, phones and tablets for their employees’ use. Because BYOD devices are the property of the employees, employers can also enjoy reduced maintenance costs and can adopt new technology more quickly.
However, BYOD opens up a whole other can of worms.
“BYOD leaves the CIO in a conundrum,” says Chris Spain, vice president of Product Marketing for Cisco Systems’ Wireless Networking Group. “He’s thinking, ‘The rate of change is far bigger than anything I had to deal with before, with more devices changing more frequently…and my IT staff hasn’t gotten any bigger. So how do I get these devices on network easily and securely?'”
To ensure an organization’s BYOD roll out is solidly designed, IT decision-makers must address numerous issues, such as:
Security. What if an employee’s personal device is hacked, stolen or lost? What if an employee’s child wanders into sensitive documents on her parent’s iPad? What if the employee purchases a new device and passes the old one on to a family member or friend?
Change of employment status. What happens when an employee is fired, laid off or quits? In the past, employees would simply surrender their company-owned devices when they left the company. Now matters are not nearly as straightforward. Without a solid BYOD strategy in place, former employees could still use their own devices to access the network in order to take confidential documents or wreak havoc on the company’s information systems.
Liability. If BYOD gear is damaged or lost on the job, who is responsible for repair or replacement?
Who pays? Do employees get financial considerations for using their own devices? Who pays for Internet and phone service? Are the costs shared?
Administrative infrastructure. Employees and systems must be put into place to support, update and service these personal devices.
Permissions and policies. What information can an employee access? When? On what device(s)? From where?
Is your wireless network up to snuff? Employees want to use their personal devices as full network nodes within a workspace. Your wireless network must be able to handle all of this traffic while providing quality of service and reliability commensurate with that of your hard-wired network.
As you can see, BYOD is a daunting task for any organization. Fortunately, bundles of products and services are emerging to help decision makers implement effective BYOD systems.
Cisco calls its BYOD Smart Solution, a mix of products and professional services, they describe it as “a comprehensive approach to effectively design, manage, and control the access of a BYOD network.” Cisco’s Spain stresses that a BYOD strategy should be defined by users and not devices. He says decision makers should consider each employee or class of employee when it comes to what can and can’t be done via BYOD. “What’s my SLA [service level agreement] with you? What is your expectation of what you’re able to do, what is the level of service on network, how responsive will you be if you have a problem?”
Cisco’s unified access solution BYOD, he says, should build upon a unified access solution — “one management, one policy, one network” — that is consistent with ICE (Identity Service Management). “Identify the user and the device; provision that device; apply policy for each user based on context and apply that whether they connect wirelessly or wired,” says Spain.
Another company, Citrix, offers a wealth of relevant BYOD products: XenApp and XenDesktop for application and desktop virtualization; SSL VPN, a cloud gateway that includes a self-service enterprise app store; ShareFile for “follow-me” data; the Podio collaborative work platform; and of course the popular GoToMeeting for online meetings with videoconferencing.
“Don’t fight BYOD; feature it,” says Michael McKiernan, vice president, Business Technology with Citrix. “Keep it simple. Embrace self-service. Secure your data and the service, and leverage your infrastructure broadly.”
McKiernan lays out three BYOD pain points — and (good news) “pain relievers” — for decision makers. The first is “addressing the concerns of all the naysayers to accommodate all hypotheticals.” McKiernan says you must secure buy-in from your organization’s executives, along with a willingness to “acknowledge and manage non-zero risk.” Secondly, he says decision makers must “make the ROI case” by quantifying total cost of ownership, choosing when to use a stipend and how much, and being realistic that while the savings may be small in the grand scheme of things, they are “merited by the less measurable soft benefits,” such as employee happiness and productivity and risk reduction. Third is securing corporate data within a “rapidly evolving device ecosystem”; McKiernan says it is imperative to “implement a data loss prevention strategy while designing a good user experience” — the familiar balance of security versus performance.