The Bring Your Own Device revolution is upon us, and it seems inevitable that the rank and file will be making the decisions about what they will be using to access the corporate network. Depending on whose numbers you take at face value, anywhere upward of 75 per cent of companies are allowing employees to use personal devices to access the corporate store.
Consumerizaton of enterprise IT is a burgeoning trend, arguably fostered by the introduction of Apple Inc.’s iPhone in 2007. It was cool, it was accessible, and despite the fact that it was a security risk waiting to happen, employees and execs alike insisted on having it connected to the corporate web. The iPhone’s security posture has improved since then, with support for Microsoft Corp.’s Exchange platform being a turning point.
Before users forced the iPhone down the throats of the IT department, as smart phone choices went, you had Research in Motion Ltd.’s BlackBerry or … well, that was about it. However many flavours of BlackBerry there might be, they were all bound, corporately, to the BlackBerry Enterprise Server, which gave the IT department a measure of control, the ability to apply policies across devices.
BYOD got even further impetus from the tablet revolution launched by the iPad (thanks again, Mr. Jobs), which made ultra-mobile devices even more credible all-purpose enterprise computers. Now, with the many flavours of mobile accessing the corporate network, IT has to cope with enterprise data exposed to devices running on Apple’s iOS, Windows and Windows Phone, BlackBerry OS, Android and webOS (which is finally getting the marketing support it deserves, two years after Hewlett-Packard Co.’s purchase of Palm Inc.).
This is not the environment IT is accustomed to. It’s difficult to lock down your data under those circumstances, and with a variety of security threats on a variety of platforms, BYOD can pose a management nightmare.
(As an aside, RIM’s PlayBook’s lack of native e-mail and personal productivity features has been panned by critics, but you could argue that it’s a great control for mobile devices; these apps and the associated data are held safe under BES lock and key by being accessible only through a bridged BlackBerry.)
On the other hand, BYOD advocates point to a more customized user experience and greater productivity.
Is the consumerization of enterprise IT inevitable? With executive support, IT could lock down the network, only providing access to corporate approved and corporate-issued devices. This would ease the management pain. But it might also drive BYOD die-hards to take their talents to a more forgiving environment.
IT can’t be steamrolled by the BYOD revolution, and it has the responsibility for care and control of enterprise computing assets. If end users insist on choosing and using their own devices, IT must still be able to apply policy and best security practices across devices: limiting access through virtual private networks, keeping corporate apps and data in a virtualized desktop infrastructure, and applying a strong data loss protection regimen would be a start.