Setting the stage for BYOD [Analysis]

This is part 1 in a series, “The Evolving Workforce,” which explores the blend of IT trends, customer expectations and consequences that professionals face in trying to enable their employees to be productive “anytime, anywhere, from any device.”

It’s one of the hottest trends in business technology, but for many companies, it can also be one of the most confounding.  ‘Bring your own device,’ or BYOD, is when employees use their own hardware — typically smartphones and tablets — on the job.  Around half of all employees in the United States now use their personal devices for work, and for them, it’s easy to understand the appeal.  Today’s consumer-friendly devices are often quite business capable, and workers want to use the gear they know — and like — best.

Men at glass office building

Credit: Goodshot
“A growing part of the workforce expects to be able to access social media and popular websites on their mobile device, but a lot of companies restrict these sites because they worry — rightly so — about security risks,” Jason Moody, BYOD technology specialist at Dell.

For enterprises, the upside is compelling, too.  Employee productivity can be enhanced when users always have a ready link to work content and contacts.  IT costs can be reduced when employees use equipment they already own.  And workforce morale can get a boost when everyone uses the device they choose, instead of the device chosen for them.

But BYOD also means that IT departments won’t have full control over critical work-related tools.  That raises concerns about security, applications, the network, and how so many devices — containing both work and personal content — can be managed.  Businesses want to reap the rewards BYOD can bring while avoiding the pitfalls.  The question they all want to answer: How exactly is that done?

The key is to put in place the right strategies, policies, and supporting technologies before giving those smartphones and tablets the green light.  The good news is, that’s easier than most businesses think.  What follows are five key issues that companies should think about as they set the stage for BYOD — and how they can approach each in a thoughtful, balanced, and successful way.

Preparing the network

A common misconception with BYOD is that once devices are allowed to be used for work, they’re allowed on the company’s main network.  In fact, they don’t have to be, and an alternative — a separate network dedicated exclusively to BYOD — may be a better approach for many businesses.

“There are a lot of advantages to setting up a BYOD network,” says Jason Moody, BYOD technology specialist at Dell.  “For one thing, it’s a great way to balance expectations and security.  A growing part of the workforce expects to be able to access social media and popular Web sites on their mobile device, but a lot of companies restrict these sites because they worry — rightly so — about security risks.  About half the time a computer gets infected, it’s because of a fake Java update.  A BYOD network lets employees access this content without compromising the main network.”

Nor does a BYOD network need to tax the budget.  “Some companies may find they can support their BYOD users with less expensive access modes, such as DSL or cable,” says Moody.  “And this can usually be upgraded easily, so if you need more bandwidth you can quickly get it.”

Managing Network Access

Once BYOD users are allowed on an office network, it is critical to manage that access.  That means being able to identify and authenticate every device — and person — attempting to connect.  Network management tools are essential here, and can eliminate a lot of the risks and grief.  But businesses should look for flexible solutions that allow for granularity.  Not every user, after all, has the same needs.  A marketing team will rely on different applications and content than the human resources department.  Sales representatives use resources that the accounting staff will never require.  “Tools that let you set permissions by team or even by individual user are particularly important when you are letting BYOD devices on your main work network,” says Moody.  “You want to give users the resources they need to do their job while not opening the floodgates.”

 Keeping work and personal content separate

By its very nature, BYOD means that work-related applications and data will reside on the same device as personal content.  That can raise some thorny issues.  How, for instance, can sensitive information be secured without limiting the personal use of the device?  What happens when a device is lost, or the employee takes it to a new job?  Can work data be erased without taking years of family photos with it?

New technologies can greatly ease concerns, helping to keep work and play separate.  One concept that has been gaining traction is the notion of having a separate enterprise workspace or profile.  The idea is to keep work-related applications and data within a segregated, encrypted area — or container — on the device.  This allows companies to create security policies that only apply to enterprise content.  Access to work files, for example, might require a passcode even if the device itself doesn’t use one.  It also lets companies perform so-called ‘selective’ wipes if a device is lost, stolen, or taken to new employment.  Only the content in the container is erased, leaving the user’s personal apps and files intact.

A growing number of mobile device management platforms support and facilitate the use of separate work environments for consumer or personal devices.  They’re well worth a look.  But pay close attention to the implementation.  Employees want simple and intuitive solutions — that’s why they like these devices, after all.  Clunky, confusing approaches aren’t going to cut it.

Setting and enforcing security policies

In practice, security requirements will vary from company to company.  The more regulated an industry is, for instance, the tougher the standards it will have to meet.  But there are some basic steps every business should take.  Passcodes should be mandatory, at least to access work content.  Any information related to work should be encrypted on the device, as well.  And when employees are accessing work networks while off-site, companies should consider encrypting data as it travels back and forth.  Here technologies like SSL VPNs (Secure Sockets Layer Virtual Private Network) can help.

Of course, setting a security policy is just the first step.  Companies have to enforce it, as well.  That’s where, once again, mobile device management platforms come in.  These can be configured so that devices are not allowed onto the network unless they follow the proper protocols — such as using passwords of a certain length and strength.

Whatever policies a business puts in place — regarding everything from network access to remote wiping — it’s important to communicate the plan to users.  “Doing so doesn’t just set expectations,” says Moody,  “it also spurs users to take proactive steps that can prevent trouble.  If they know a device can be wiped, they’re more likely to back up their data, or keep a closer eye on their gear when they travel.  That works to everyone’s benefit.”

 Making applications mobile-ready

While simply enabling access to email, contacts, and calendars may be sufficient for many organizations, others — particularly those with highly mobile workforces — will want to bring core enterprise applications and intranet to whatever type of device people use to be productive.  There are different ways to do this, each with benefits and a caveat or two.

Virtualization enables employees to use their device as a front end to applications running on hardware back at the office.  The beauty of this approach is that it keeps the actual data on the company’s equipment.  The user’s smartphone, tablet or notebook simply acts as a display and an input device so they can interact with the application.  Another approach is to use Web-based applications that have been specially formatted for mobile devices, so content is readable — and usable — on smaller displays.  Keep in mind, however, that both of these methods require a reliable Internet connection, something that isn’t always available, or inexpensive, on the road.

A third option is to develop or purchase applications that run on the BYOD hardware itself (ideally, in a secure, encrypted workspace).  Workers can use these apps offline and then upload data to enterprise systems when a connection becomes available.  This approach can increase mobile productivity even as it lowers costs (users can get by without tapping into cellular networks).  Watch out for compatibility, though: Not every application will support every mobile device.

With a bit of foresight, the potential of BYOD can become the reality of BYOD.  Businesses can increase their efficiency but not their risks.  Employees can use — and leverage — the technologies most comfortable for them.  Implemented wisely, BYOD isn’t just about bringing in devices, but bringing in a new — and better — way to collaborate, innovate, and stay ahead of the competition.

Alan Cohen
Alan Cohen is a New York-based writer who covers technology and business.
Alan Cohen
Tags: BYOD,Technology,Virtualization