By Vishwas Manral, Distinguished Technologist, HP Networking, Advanced Technology Group @vmanral
I knew BYOD had arrived (in Silicon Valley at least) when I noticed that the front page headline of the mainstream newspaper, “Mercury News,” screamed: The BYOD debate.
I had glossed over the consumerization of IT and what it means for networking in my earlier blog posts. HP CTOs discussed this trend in a recent article on 4 IT trends that will help you remain competitive in 2012.
Here, I will focus on the solutions and technologies for supporting BYOD.
Bring Your Own Device, or BYOD, refers to the enterprise workforce using their personal smart phones and tablets to access secure and sensitive enterprise content. IT departments have used Mobile Device Management (MDM) software for managing IT approved mobile devices – mainly for protection, management and configuring policies (basically to take total control of the devices). Having fallen behind the consumer devices in the innovation curve, enterprise-approved devices are now a hindrance rather than an enabler for productivity of the workforce. In fact, with crafty professionals circumventing corporate IT policies, BYOD is now an imperative for IT. This, of course, means big security challenges for IT.
And those security issues are...
As the number of mobile devices proliferates and software updates for the devices become frequent – the current IT models are tested. To provide security for BYOD, data needs to be protected in transit, from malware/spyware as it resides on the device and also in case the mobile device is lost/misplaced. There is no dearth of innovative technologies and solutions from large/small companies trying to help IT tackle the issues. I will evaluate mechanisms that are provided by various vendors, categorizing them into those that will work and those that will not.
BYOD solutions that will not work
A simple solution could be to support a set of devices, OS versions and applications, and then have a “default deny” policy for all others. This solution, however, goes against the very fundamentals of the consumerization of IT, where the users do not want IT policies as a hindrance in choosing the devices. It is for this very same reason that enterprise-only app stores and using blacklist/ whitelist—where IT determines which applications can be downloaded into the device—will not work. Besides having the number of applications proliferating, IT will find a hard time monitoring and approving (blacklisting or whitelisting) every application.
BYOD solutions that may work
Virtualization of a mobile device is a solution for allowing separate partitions for personal and work on the same physical device. Logically, this sounds like an elegant solution for BYOD challenges confronting IT. However, one of the biggest challenges would be to have all the mobile device vendors allow such a support on their devices. (Apple does publish their MDM APIs, though only for privileged access). Besides, it would be interesting to see how easy it would be to navigate between different environments, which resources such a solution would take on the mobile device and how it would affect user experience.
A managed solution where the service provider performs the mobile device management could also work for enterprise IT. However, such a model may work for some companies and may not for others. An open and extended OMA Device Management solution support would go a long way in helping this model.
BYOD solutions that will work
Enhanced capabilities, such as the following, are the essential minimal set that needs to be supported by all solutions:
- Remote lock and wipes
- Over-the-air-firmware downloads
- Policy management
- Remote fine-grained proactive monitoring and auditing
- Ability to handle liability issues
These solutions would also require dissolvable agents to assess posture of the device.
Virtual Desktop Integration (VDI) solutions that separate out the front-end display and the back-end running on servers are probably more easily deployable than a pure virtualization approach. This also makes business sense with the inherent cost advantages, flexibility (running on current devices) and controlled security. Amazon Silk browser uses such a model already.
Because BYOD is such an upcoming trend, a SaaS-based model would make perfect sense too. The inherent advantages of scale-out, usage-based subscriptions, higher availability and not as much legacy software to support make it an ideal candidate.
Do you BYOD?
First, full disclosure: I still use different devices—a personal phone and another IT approved device for work purposes.
What are your views on BYOD? Is your company ready for BYOD? Let me know your thoughts! Share your comments here. Or on Twitter: @vmanral