It started with the iPhone and really picked up with the iPad. Silver haired gents in corner offices brought their new precious to IT and asked to “get on the network” or “get their email on this.” In the past, IT was able to mumble something about unsupported devices and how a random user who brought a random device was out of luck. After all, they had tested solutions in place, nice things like Windows Mobile and Blackberry, solutions that worked well with Enterprise infrastructure. These new things might be better at Angry Birds or Plants vs Zombies, but the whole BYOD/Enterprise interaction was an unknown and thus a threat and a risk. Poor IT guys got trumped though, silver haired guys said jump and eventually the answer changed from “not supported” to a more career preserving “how high?”
Once IT got past the denial and anger, gave up on bargaining, overcame depression and got on with acceptance it became clear that BYOD (and the larger device proliferation trend) was going to bring some good things to the table – better user experience, happier users, and importantly not getting fired by the corner office guy.
Of course, this left challenges. Sure, many BYOD devices support ActiveSync, and thus an IT group running Exchange may be able to remotely lock/wipe the device, enforce password requirements and even require on-device encryption, but there is only so much you can do with the useful but limited device management capabilities that come with Exchange.
Mobile Device Management, in this context sometimes called Enterprise device management, enables things that help make devices enterprise friendly such as password management, inventory management, remote lock/wipe, software distribution etc. These things help, but there are still challenges.
For example, Joe Worker leaves a company. With an Enterprise owned device wiping the device is an easy call, boom, done. However, with an employee liable device, wiping the phone will not only wipe whatever corporate email was on the device, but also wipe personal data and in some cases even render the device unconfigured and unable to connect to the data network until someone goes in and reconfigures APN and other settings.
One way out, an approach that is growing in mindshare and feasibility, is virtualization. Instead of putting corporate data on an employee owned machine, put a corporate virtual machine, already configured and secured, on the employee machine. When the employee leaves the company, the VM leaves the personal device. POOF! Corporate stuff is gone, but personal stuff remains.
Interested in learning more about where BYOD is heading? We are going to have a free webinar 8 November 2011 10:00 AM Pacific with IDC. BYOD security challenges and solutions, including AnyConnect, TrustSec with VDI and identity aware firewalling will be discussed. Should be an interesting show.