Australia has reached a critical tipping point for BYOD adoption. About half of Australian businesses now allow people to use personal devices for work and the rate of uptake is growing according to Telsyte senior analyst Rodney Gedda.
Many companies have embraced the trend. Others, though, are trying to resist BYOD, which smacks of self-delusion; the reality is that employees will use their smartphones and tablets for work, irrespective of policy. IT already has an image problem in many organisations; any attempt to hold back the tide will only cement that view.
People have been using personal devices for work for many years says Gedda, but only recently has the industry picked up on the “trend” – largely thanks to smarter, more capable handhelds such as the iPhone.
But despite the intense focus on BYOD, impediments remain, such as the inability to manage work applications and data on personal devices, not to mention the perceived security risks.
Company culture plays a part as well, says Gedda. “If a company has always provided computers and mobile devices for staff it may deem the change management shift of BYOD too large to contemplate.”
Other impediments may be more practical, such as strict non-mobile device areas like hospitals, factories and data centres.
Remaining barriers aside, BYOD has truly become mainstream, according to Leslie Fiering. As Gartner’s vice president in the Mobile and Client Computing Team, Fiering was part of the original Gartner team that came up with the predictions about BYOD in 2006.
She says the response and the resistance from CIOs at the time was incredible “Their bodies would go rigid, their arms would get crossed and their attitude was basically, ‘Over my dead body.’”
Now, she says, everybody at some level is trying to understand, contain or accommodate the trend.
It was smartphones, not notebooks, that heralded the onset of BYOD. The trend was a natural consequence of users who wanted to be mobile even if their companies wouldn’t provide them a phone. Then in 2010, Apple introduced the iPad. “Tablets originally came in with C-suite executives... [who] forced it on a lot of companies, “ says Fiering.
“[Tablets] came in as mostly employee-owned, but now we are seeing that the tide is turning as companies are learning how to deploy them as primary devices to some users.”
That said, Gartner research suggests that tablets are still the least-utilised device in BYOD. And notebooks aren’t much higher, at least as much as companies are willing to admit.
“They acknowledge that sanctioned employee-owned notebooks are about 2 percent, but our experience with our clients suggests that number is higher. Look at all the Macs that come in under the radar. If you go into a techie environment, such as software development, it’s going to be higher again since the techies know how to circumvent the policies.”
Fiering adds: “Its real, it’s here and it’s not going away. What we are seeing is that the adoption for smartphones is much higher because managing them is much simpler. You don’t have to worry about imaging a whole operating system; there’s not as much data on them. People are happier with much lower levels of access. The capital cost to the users is lower. Organisations are learning that as they have allowed these in, nobody’s head is catching on fire.
“You can bring them in fairly simply if all people want is email and calendaring by using something like Exchange Active Sync, which has the group policy options on it,” she adds.
From the helicopter view, the outcome seems inevitable. But at the coalface, many practitioners remain sceptical.
Syd Borg, chief executive of reseller PCSA, told CRN: “In my opinion, users still have no idea about the longer-term ramifications of a BYOD policy. While the concept is based around the organisation not having to foot the cost of fitting out staff, the controls, reliability and compatibility are still unknown and untested.”
He says there are opportunities for resellers with regard to policy of use, security software and cloud, “but that’s about it. The reseller has, in my view, lost control of the hardware and at best can recommend that the client nominate their preferred choice. But it does not always work.
“BYOD is still a problem for resellers and manufacturers in general as we have no long-term business building around hardware at the user level,” added Borg.
While most industry leaders CRN spoke to accept that BYOD has truly arrived, there is little evidence of any ROI. At best for instance, Gartner’s Fiering described the benefit as a somewhere between a small net gain and a small net loss. Instead, BYOD looks increasingly like a cost of doing business.
“When people bring in a tablet as a notebook companion not only does it make them happier but it can improve their productivity at little cost to the organisation. However, there are certain things that the organisation has to do,” says Fiering. This includes understanding how to protect the network through network access controls and how to protect data whether they decide to keep it on or off the device.
“They need a way to containerise it or virtualised it because you cannot co-mingle enterprise and user data,” says Fiering.
“[End users] can’t do this without policies that make it very clear what’s allowed and what isn’t, and unless they understand how it can be managed. We talk about managed diversity where organisations say if you want cradle-to-grave support you stay within our standardised environment. ‘If you want a choice we will provide it, but the trade-off is we will provide a lower level of access for it’.”
Companies can either let BYOD happen to them or they can be proactive and take control, says IBM’s workplace strategy and offerings lead, Jim Khamis. He says the most compelling lesson from current BYOD experience is the importance of establishing a mobility strategy first.
“Lots of organisation jump straight to BYOD,” says Khamis. The end result is the worst of both worlds.
“Companies have allowed it, but users have become disgruntled because they have brought in their own device but they can’t connect to the network, for instance, because they are in a location where there is no wireless.”
IT practitioners need to remember some basic lessons. “What are the business problems we are trying to solve? How do we solve it through BYOD?” says Khamis. Customers want to know how best to approach data or applications to ensure users are just as productive or more productive.
Dell’s end user computing solutions director, Jeff Morris, says educating stakeholders is critical to the success of BYOD. “Before im-ple--
menting a BYOD system, the first question that should be asked is what will BYOD do for my organisation? For example, is it to cut the overhead costs of purchasing devices?”
This is where the reseller has a role as a trusted advisor, to help customers navigate the maze. Once the system is in place, the next phase for customers is to define clear HR and business policies around the use of personal devices.
“Communication is key and one of the critical lessons learnt over the past couple of years is the need to collaborate with other departments, such as HR, to set the framework and communicate with end users,” says Morris.
Once the policy is in place and communicated to users, Morris says the next, and possibly the most, important thing for the customer is securing the data, and ultimately the company, from harm. Finally the goal should be to empower employees to become as self-sufficient as possible.
Sven Radavics, general manger APAC, Imation Mobile Security, says many IT departments underestimated the complexity of BYOD. Data losses, the risk of viruses and user malfeasance are all common concerns, he says, but the really big issue is the difficulty companies have managing all these devices.
He says many companies jumped in and drafted an early policy based in the idea they would push the cost of the device to the user, however, that’s not how it has panned out.
They are finding the costs are actually increasing he says due to the overhead required support all these users . “And in many cases where the expectation was that BYOD would enhance user satisfaction, it has actually decreased.”
Toward best practice
Telsyte analyst Rodney Gedda says that BYOD implementations have been driven by employee demand, cost savings and a lack of historical restrictions on what type of device can be used for work.
“What defines best practice really depends on the organisation’s overall IT landscape and how BYOD can impact that. If an organisation’s apps are designed to work with popular mobile devices then staff are most likely to attempt to use a personal device to access it.”
On the other hand, he says if a business app is being run on Symbian or Windows Mobile (the old version) then the options for BYOD are limited. “Security and device management are paramount, and if losing a personal device means losing company data then we haven’t progressed much further than the old printed document-loss days. End users need BYOD strategy assistance from resellers and these relationships can extend to device management services and value-added services.”
Most organisations have found that some level of mobile device management (MDM) really helps, says Gartner’s Fiering.
“You can set more flexible security parameters and these days mobile device management tools are exten-
ding to asset tracking and software deployment and other pieces. So this is extraordinarily useful.”
“There is a learning curve but the MDMs have been out long enough that best practices have emerged And the MDM suppliers are themselves more sophisticated in understanding market needs.”
It’s a view shared by IBM’s Khamis. “The MDM vendors are getting much better in terms of the functionality in the tools. “
Globally, IBM partners with companies like Air Watch, Mobile Iron, BlackBerry and Good Technology. “Those products are getting better at securing applications not only in the device but in transit to and from the device as well,” says Khamis.
He also points to the corporatisation of products such as Dropbox as another positive development.
The MDM vendors are probably the biggest winners from BYOD to date. “Basically, mobile device management tools emerged from nowhere as tiny start-ups. They have experienced tremendous growth and buy-in because there were no alternatives. Iron Watch and Mobile Iron, for instance, were able to understand the market, innovate, grow and keep up with a very volatile market.”
The whole concept of the mobile device manager is evolving, she says. It started as a fairly simplistic set of tools but has now extended into security policy compliance, asset tracking and other services.
For the reseller or outsourced IT provider, security and device management remain the two obvious points of entry into a BYOD environment. Brendan Redpath, chief executive of Melbourne-based IT company Source Central, acknowledges that when BYOD first emerged, IT staff worried endlessly about security; often the response was overkill. But now providers such as Source Central have found solutions. “What we say is, rather than go crazy, you set a bit of security infrastructure around your wireless connectivity.”
Likewise, he has seen MDM move into the mainstream. “We have watched those providers evolve from being acceptable to being of an enterprise standard. These days I can do policies and I can remote wipe devices, but I think they are probably still 18 months to two years away from delivering the control you really want.
“For instance, I want to be able to remote into someone’s iPad and see what they are seeing live on my screen,” says Redpath.
Gartner’s Fiering says there remain several barriers to more widespread adoption of MDM software. “We have mobile device management tools than can create containers or isolate and secure enterprise data. We have them for the desktop but we don’t really have any mainstream ones yet for notebooks.”
She also cautions end users that licensing can get very expensive – something that should not necessarily be seen as a problem for resellers looking for new products and services to replace disappearing hardware sales.
Gerry Tucker, Australia and New Zealand country manager of security vendor Websense, says that many companies are looking to MDM solutions as the answer to BYOD security concerns. But, he cautions, MDM does not go far enough.
“It only secures the device, rather than the actual data on the device. Over the past couple of years, organisations have realised that managing devices is relatively straightforward, but securing the data on or off of the device, as well as data in and out of the network is much, much harder.”
To really address the security risk associated with BYOD, he says organisations must focus on a holistic approach to protecting the business against malware, as well as protecting sensitive data that flows in and out of the organisation.
“Mobile security offerings must also proactively address these concerns and explain how their solutions can prevent exposure to malicious threats,” says Tucker.
His advice for resellers is that customers need assistance in incorporating BYOD into the broader enterprise architecture and security policy. Companies need to focus on how BYOD can be included within operations, while not increasing the threat profile of the business prior to the BYOD implementation.
Two other technologies feeding into BYOD are Windows 8 and desktop virtualisation, says Dell’s Morris. “The introduction of Windows 8 has made it easier and more cost effective for organisations to support the introduction of BYOD programs.
“Consumers are now able to purchase touch-enabled devices that are easily integrated into corporate IT environments. In many institutions, such as schools, were IT budgets are tight, teams will have a list of preferred devices that can be intro-
duced into the network. Windows 8-based devices are often the top of the list as they mirror the majority of operating systems in place.”
On virtualisation, he says that by not storing the data physically on the end user’s device, organisations can maintain greater control over who has access to what information. “Backing up to the cloud or a virtual-
ised desktop minimises the risk of loss of information and protects data that otherwise might only be kept on the end user’s device.”
Lenovo Australia & New Zealand managing director Matt Codrington says enterprise app stores have been gaining momentum within organisations thanks to the consumerisation of IT and the rise of BYOD.
“It provides an easier way to roll out work-related apps onto staff mobile devices while at the same time organisations can retail control of those apps.” He points to Gartner research, which predicts that 25 percent of enterprises will have an enterprise app store in place within the next four years.
“Much like BYOD itself, companies need to make sure they do it right. If you implement an enterprise app store that is poorly designed and actually impede on workers’ ability to self-service work apps, there is no point in doing it at all.”