Bring your own device, or BYOD, is one of the hottest – and most important – trends of the year. However, the word ‘trend’ doesn’t really begin to describe what’s really happening here.
In almost every organization everywhere, staff, guests, and anyone else remotely connected with the operation of the firm will be using computing and communications devices purchased for personal use on that organization’s network, and almost always via wireless LAN. The opportunities and risks here are both great, and IT is going to have to deal with both, and soon, regardless. I suspect BYOD is already at work in most organizations whether IT management knows it or not. And, of course, knowing is better.
I should begin here by saying that I was dead set against BYOD until about three years ago, when mobile device management (MDM), application management (MAM), and expense management (MEM) technologies began to arrive in usable form. Note that BYOD is not the same as MDM; MDM will play a role in most BYOD solutions, to be sure, but BYOD is fundamentally about two key elements: access and policy.
But with recent and rapid progress in both of these dimensions, I today recommend BYOD as the default except in high-security government (and similar) activities where the risks are simply too great to otherwise manage or where policy simply needs to be highly restrictive.
The key benefit of BYOD to the enterprise is economic – organizations can save a lot of money on handsets and related equipment, including, by the way tablets and PCs. Capital expense in theory goes to zero and operating expense can be shared. But improved user satisfaction also comes in the bargain; only one handset need be carried, and that handset can be selected, in most cases, based on personal requirements and preferences at least partially unrelated to organizational needs.
Assuming IT retains at least veto authority over handsets that truly can’t be integrated into whatever MDM or other local operational systems, policies, and procedures might be in place, users should have an excellent selection from which to choose. Besides, doesn’t everyone these days want an iPhone or Android handset anyway? Support, already in place in larger organizations, also should not be an issue in most cases.
That being said, however, there are a good number of considerations if you want BYOD to really work, grouped into the following general categories:
- Ease of Use – Simple, self-service, transparent “onboarding” of new users and devices is important, as is single-console ease-of-use for operations staff. Complexity will just motivate users to work around the system – and unless such activity is part of your information assurance efforts, making BYOD easy really pays off.
- Unified Networking – BYOD isn’t just about wireless. Rather, it’s about access control for your entire network – all users, all devices, and all applications. I’ve been calling BYOD (somewhat facetiously) “Guest Access 2.0″, but it’s not just about guests or staff. It’s about everyone, and everything.
- Management Visibility and Control – Also critical is management being able to see who is doing what, both for functional verification and advance warning of impending bottlenecks in performance. It’s not unusual for an individual user to have two or three devices active simultaneously on the corporate WLAN. Capacity crunches are going to become common without comprehensive operational management systems.
- Policy Integration – Now’s a good time to make sure your security, acceptable-use and related policies are up to date. You’ll also need agreements with users detailing with the enterprise (and user) can and can’t do with and on a personal device. Reviewing regulatory requirements with users is also essential.
- Security – And, of course, concerns about information security are the Number One reason why BYOD is viewed less than favorably in some circles. But BYOD isn’t necessarily a compromise in security waiting to happen; it’s really just another consideration in a comprehensive security plan. Proper planning, tools, and end-user consciousness-raising can go a long way to dealing with security, which will remain an ongoing challenge whether BYOD is implemented or not.
A large number of BYOD offerings from major vendors are now becoming available, with interesting and broad feature sets. No matter what, though, BYOD is here – it’s going to dominate in most organizations, and being ready is rapidly reaching front-burner status in most IT shops today.