With so many execs with tablet devices on their Christmas list this year, CTOs will be under increased pressure in the New Year to formulate a strategy that allows employees to use their new toys at work.
In this post, Chris Swan explains the different approaches for companies as they embrace enterprise mobility and balance the groundswell behind bring-your-own-device (BYOD) with company security. This piece follows up on a presentation by Swan at Making it Mobile last month. Until recently Swan was the CTO for client experience at Swiss banking giant UBS, prior to that he was CTO for security. He is currently looking for new opportunities. This post is also available on Swan’s personal blog.
I’ve spent a good part of the last year working on mobile strategy, so I get asked a lot about Bring Your Own Device (BYOD). This post encapsulates my responses.
Last week, a friend sent me a link to this article 2013 Prediction: BYOD on the Decline?. My reply was this:
News at 11, an unheard of research firm gets some press for taking a contrarian position. They ruined it for themselves by trying to align BYO with cost savings. Same schoolboy error as cloud pundits who think that trend is about cost savings.
Cloud isn’t about cost. It’s about agility.
BYOD also isn’t about cost. It’s about giving people what they want (which approximately equals agility).
In fact, cloud and BYOD are just two different aspects of a more general trend: the commoditization of IT; cloud deals with the data center aspects, and BYOD with the end user devices that connect to services in the data center.
When I was growing up, the military had the best computers, which is a big part of why I joined the Navy. Computers got cheaper, and became an essential tool for business. For a time the enterprise had the best computers, which is why I left the Navy and found work fixing enterprise IT problems. Now consumers have the best computers in their pockets – so it’s time for another career change.
There are a number of companies out there trying to sell their device/platform based on it’s ‘enterprise security’ features. This is a route to market isn’t working - just take a look at the sales of the RIM Playbook – because the Enterprise doesn’t choose devices any more.
Even when the Enterprise is buying devices – where the trade-off between liability and control is worth it – they usually buy the same devices that employees would choose for themselves.
For a consumer device to be useful in a work setting it needs access to corporate data, and in most cases there is a need/desire to place controls around how that corporate data is used. There are essentially two approaches to doing this:
There is a 3rd way called virtual-machine-based segregation, but that approach is mostly limited to Android devices at the moment, and anything that ignores the iOS elephant in the room isn’t inclusive (and thus can’t be that strategic).
MAM isn’t without its issues, as it is essentially a castle in the air – an island of trust in a sea of untrustworthiness. This will eventually be sorted out by hardware trust anchors; but for the time being there must be some reliance on ecosystem purity (i.e. the ability of device/OS vendors such as Apple to control the spread of malware) and detection of tampering (i.e. jailbreaking) with device integrity.
• See the slide on user profiles, below, for more information.
The containment of corporate data is one issue, but regardless of whether that’s done at the app level with MAM or the device level with MDM, enterprises need to figure out how to get that data into an application. There are essentially three approaches:
It’s also possible to hybridize approaches 2 and 3, though this will involve trade-offs on performance and flexibility that need to be carefully considered. Hybrid should not be a default choice just because it looks like it covers all the bases (just look at Facebook backing out of their hybrid approach).
• See the slides on Frameworks and containers and Framework characteristics for more information.
BYOD may presently look like a trend, but it isn’t some temporary fad. It’s an artefact of consumer technology transforming the role of IT in the enterprise. That transformation places demands on IT that broadly fall into two areas: containment (of sensitive data) and frameworks (to develop apps that use/present that data). MAM is the most appropriate approach to containment for BYOD, and frameworks should be evaluated against specific selection criteria to determine the right approach on a case by case basis.
 It’s remarkable how quickly the conversation moved on from Bring Your Own Computer (BYOC) to Bring Your Own Device (BYOD) – normally meaning a tablet, but usually expanded to include smartphones that support similar environments to tablets.
 At some stage in the (not that distant) future, the cloud will invert, and be materially present at the edge, on the devices that we presently consider to be mere access points.
 For the time being things are much easier in the iOS ecosystem, due to the monopolistic nature of the App Store. But expect things to get far more problematic when all of those shiny new Android tablets that people get for Christmas show up at work in the New Year.
© mobiThinking. Feel free to reference, quote or paraphrase parts of mobiThinking articles, clearly stating and linking to mobiThinking as the source, but reprinting or republishing the whole or substantial parts of the piece without permission will not be tolerated. Please see mobiThinking’s legal statement.