IT departments are reluctantly embracing BYOD, in part because employees are demanding it. And with the smartphones come tablets and ultrabooks. Many companies have business-issued phones for some employees, but the trend toward allowing employees to supply their own devices is growing. Managing a mixed mobile portfolio like this can be difficult.
BYOD, however, doesn’t mean that IT gives up all control, letting just any device access the network and any app access corporate email and data.
A growing number of businesses are developing custom apps in-house that need to be deployed to personal and/or corporate devices and a variety of security issues also need to be addressed for BYOD to be both successful and secure. And yet, the devices in question are often owned by individual employees. So, how do you manage app distribution, control device access to sensitive data, keep devices secure if they’re lost or stolen, and prevent unapproved apps from accessing network resources, all while acknowledging that these devices aren’t yours to just wipe out whenever necessary?
There are three answers to that question:
- Mobile Device Management (MDM)
- Mobile Application Management (MAM)
The first may actually be the most difficult, but it’s a necessary step before the second and third items can be implemented successfully. Clear policies around the use of personal mobile devices in the enterprise should define:
- Acceptable forms of data access
- Any operating system restrictions and the rationale behind them
- Expected levels of management of personal devices to which users must consent (e.g., remote wipe, app installations, app uninstallations, app monitoring, malware scanning, etc.)
- Activities in which IT will not engage (e.g., keylogging, website monitoring, etc.)
- Password requirements
Overall, the policies should make it clear to employees that by using personal devices for business purposes, users consent to a degree of management necessary to ensure the safety and security of corporate data and networks.
Mobile device management can take many forms, especially in mixed, BYOD environments. However, it usually involves at least basic registration or authentication on networks, installation of client software to facilitate management, and the capability to remotely lock or wipe lost or stolen devices. Lock screen password enforcement can also fall under MDM. All of these forms of management can happen fairly unintrusively and through both third parties and native Apple tools for iOS and Google Apps for Android devices.
Mobile Application Management is quite a bit more sophisticated but is becoming available through a growing number of vendors. Like MDM, there is no standard for what MAM utilities will include, but most give enterprises the ability to scan devices for malware, look for potential data leaks through existing applications, and push applications to devices. The latter may happen through a custom “app store” for distributing custom or proprietary apps that users may need on their devices.
Clearly, BYOD is not without its challenges and removing expenses for company-issued mobile devices doesn’t mean that IT won’t incur other expenses for managing mixed portfolios of user-supplied phones and tablets. However, the right tools can make BYOD as safe and manageable as corporate deployments and can significantly reduce support and wireless costs in the long run while achieving the employee satisfaction and productivity gains that BYOD promises.
Chris Dawson is a writer, speaker, and analyst with particular interests in educational technology, healthcare IT, and the intersection of the two with the cloud and BI. He is a contributing editor at ZDNet, Ziff Davis, and UBM Channel, and a senior editor at Edukwest. You can follow him on Twitter (@mrdatahs) and Google+ (+Christopher Dawson).