In a world full of iPads, iPhones and Android devices, it’s no wonder employees want to mix business with pleasure. The question is, does a BYOD policy cause more problems that it seeks to solve? Employees are going to bring their own technology to work regardless of the guidelines of their employer. It’s better to work with your staff to manage the policies and enjoy a happier team, than banning personal devices altogether. CIO NZ online seems to represent similar views. CIO notes that having the ability to wipe data from a stolen personal device makes creating a sound BYOD policy all the more important.
A panel of five IT executives gathered on the main stage of the Consumerization of IT in the Enterprise Conference and Expo, or CITE, in San Francisco this week to discuss ways to empower a fast-emerging class of workers.
Called the bring-your-own-device workforce, these employees want to marry corporate computing with their personal tech gadgets, such as iPhones, iPads and Android devices. They rely on these devices to manage their personal lives and get work done. It’s the latter part that has CIOs scrambling for ways to support them.
“BYOD is a good story: It has excitement, love, drama, and possibly murders in the making,” says Seng Ing, senior network engineer at KLA-Tencor and a CITE speaker. “In reality, BYOD is hard to implement and support.”
The BYOD Challenge
BYOD is a new computing paradigm that seemingly creates more questions than answers. It’s important to note that BYOD is often used synonymously with consumerization of IT and even mobility. But BYOD differs from the others because of its “personal use” nature. That is, employees own the devices and thus feel empowered to download and visit whatever apps and Websites they choose.
Meanwhile, IT leaders must ensure corporate data either at rest or in motion on these devices are secure and can be wiped in case the devices are lost or the employee leaves the company. Also, IT must make sure that corporate data cannot leave its purview to, say, a cloud storage provider.
The five CITE panelists included: Brian Katz, director of mobility and global infrastructure services at Sanofi; Tony Lalli, infrastructure architect at Bank of New York Mellon; Dave Malcom, CISO at Hyatt Hotels; Jason Ruger, CSO at Motorola Mobility; and Philippe Winthrop, managing director at the Enterprise Mobility Foundation.
The panelists joined attendees and broke out into workgroups to grapple with various BYOD concerns. The top concerns were: social networking on devices; requests to support new devices: the “Dropbox” consumer cloud storage problem; enterprise app stores; white-black listing apps; and dealing with lost devices.
Work, Meet Life
Truth is, BYOD blurs the lines between work life and personal life. Context changes throughout the day and sometimes during a single session on Facebook, says CEO Jeff Haynie at Appcelerator. For instance, a salesperson might fire up her Facebook app and update her status when a friend starts a Facebook chat to discuss a business opportunity.
The iPhone 4S — a popular BYOD gadget — has a high-resolution camera, which often leads to direct posting of social pictures on Facebook. Yet a CITE attendee who works at a winery related that the company policy warned that any employee posting pictures on social media of underage drinking would be fired.
The CEO Wants an iPad
Winthrop’s group, the Enterprise Mobility Foundation, also pondered the sticky-yet-common scenario when a CEO comes to the CIO with an order to support his shiny new device.
If the CIO chooses not to support the BYOD device, he risks alienating the CEO. If the CIO chooses to support the device, he risks opening up the floodgates to chaos: VPs, GMs, directors and others will want to use the same device for personal use and work, too.
One response is to isolate the CEO and his device into a “test group” in order to buy time to create a BYOD strategy and policy. Winthrop recommends sitting down with the CEO to go over the impact and corporate risks associated with allowing a new device on the network.
The Dropbox Problem and Private App Stores
BYOD also invites the use of cloud-based storage through apps such as Dropbox. The trick for the CIO is to make sure corporate data doesn’t find their way onto these mostly free consumer services. Some cloud storage service providers offer an enterprise service. The key is to make it easy and seamless for end-users who are familiar with simple-to-use Dropbox.
“You could try to push people to Sharepoint but that’s probably not going to work,” says Hyatt Hotels’ Malcom.
Building a corporate app store for BYOD can also be quite a feat. That’s when you’ll need to tap social networks whereby employees can discuss which apps are good on the job, and which ones should be avoided, says Lalli of Bank of New York Mellon. Blacklisting apps without this discovery period can lead to trouble; employees won’t stop using apps on BYOD devices because of an IT mandate.
An app store can also play in your favor, too. By creating app stores for various devices, employees in a BYOD program can choose the device that has the apps and Web services available to it. “Give users a sliding scale,” says Ruger of Motorola Mobility.
Lost Devices: To Wipe or Not to Wipe
Perhaps the biggest concern with BYOD is lost devices — and lost corporate data. Most companies with a BYOD policy will reserve the right to wipe the lost device. There’s just one problem: An employee has to report the device as lost. This could take weeks before the employee relents, reports the device lost, and loses all the data on it.
One of the recommendations by the panel is to take a tiered approach, as a way to give employees the incentive to report a lost BYOD device. That is, lock it down first before wiping it.
Clearly, BYOD opens up a host of concerns for CIOs. But CIOs should work through these issues sooner rather than later.
“Don’t lie to yourself, people are going to use these devices,” Malcom says.