 "Mritunjay Kapur")
BYOD (bring your own device) has been touted as the near-perfect solution for employees with work-life balance issues, and employers wanting to achieve greater staff productivity through minimal costs. But a recent CompTIA survey reveals that one out of two companies is actively dissuading people from bringing their own devices to work. What is going wrong with the BYOD movement?
Companies are taking a more conservative approach to BYOD: Mritunjay Kapur
In the early 2000s, mobile device management mainly covered a few devices and largely a single operating system which was easily manageable. Today, there are innumerable variations in devices as well as operating systems (such as Symbian, iOS, BlackBerry Enterprise Solutions, Windows and Android). Combined with this, the impact of data privacy and security regulations have led to significant complexities and costs in enforcing a sustainable BYOD policy. Some of the challenges of a BYOD programme are as follows:
Data security: Malware may come in the form of legitimate apps contaminated with malicious code or through local file sharing, Bluetooth and NFC. Accordingly, companies tend to take more time to test, continuously monitor and allow devices as part of the BYOD policy. Considering the number of devices available in the market and the fact that these devices are also going to be used to access, download and store non-business related information potentially from unreliable sites increases both the risk and cost of securing business critical information. Further, if the company comes under the purview of regulations such as PCI DSS (Payment Card Industry Data Security Standard), HIPPA (Health Insurance Portability and Accountability Act) or GLBA (Gramm Leach Bliley Act), it must ensure that the mandated requirements are also met at the mobile device level.
Mobile enterprise apps: Traditionally, mobiles devices were used to access mails and calendars; today most enterprise management systems have mobile apps which provide ease of use and real-time information to the employees. Companies need to invest in systems that will encrypt, authenticate and analyse traffic coming into their servers.
Privacy and compliance: Users are now more sensitive towards their personal information being accessed or analysed. Under most BYOD policies, companies manage the devices. However, the device is still the employee's asset and contains personal information. While the company can remotely control the employee's device, the level of access and control should strictly be related to company-related information and the ownership of data should be defined. When the employee exits, it is the company's responsibility to delete official information without deleting the employee's personal data.
Mobile device management: Employees want to have freedom in selecting the device of their choice. In order to have the maximum number of popular mobile devices and platforms within the company's approved list, the company's IT departments have to continuously keep testing newer devices and developing customised approaches for device management to align with the company policies. This happens to be a costly, complex and time consuming task for IT departments. Sometimes a company takes as much as three to six months to test and approve the device. Companies often tend to take the middle route and try to have a fixed number of popular approved devices and OSrather than trying to add all possible devices on the approved list.
Companies are taking a conservative approach to BYOD considering the complexities involved and at times it is more cost effective to discontinue the BYOD policy or to restrict it to a few approved devices and operating systems.
Mritunjay Kapur
partner & head, risk consulting & strategy, KPMG India
partner & head, risk consulting & strategy, KPMG India
Choose your own device or CYOD has more benefits than BYOD: Ketan Patel
'Choose' rather than 'bring' your own device has given a new definition to enterprise mobility. There are several reasons behind enterprises opting for choose your own device or CYOD as a strategy since it enables better security and mobilisation of applications. CYOD still gives employees the freedom to use a device they know and understand, but it narrows the options to a pre-approved list. Effectively, it adds the much-needed variety to a fleet of standard computers. After a period of adaptation for companies and employees, the fact that CYOD is growing says everything about its effective blend of the old and new ways. When compared to BYOD, the benefits of CYOD are great, as each system can be pre-installed with the appropriate security software and set up with the appropriate administrator, firewall and network settings.
With only a few different specifications to support, it is much easier to keep track of equipment, and to ensure employees are complying with data requirements. In the end, the decision of BYOD or CYOD comes down to the nature of the organisation since both the concepts are just diverse methods of addressing consumerisation in the mobile space.
Ketan Patel
Director, computing category, PPS, HP India
Director, computing category, PPS, HP India
IT heads are worried about corporate data on personal device: Sanjay Gupta
These concerns around security, integration and scalability are understandable but they should by no means stop enterprises from capitalising on the opportunity to innovate and improve employee productivity at work place. When addressing security concerns, many businesses believe they need to buy new mobiles for every employee to protect their data. In reality, the simple and elegant technologies available today make it possible for workers to access sensitive business data on any device (even their personal mobiles) in a way that is completely secure. For example, 'containerisation' allows businesses to set up little principalities of work-related applications on an employee's mobile and wall them off from all of his or her personal data and apps; a simple solution that allows businesses to support enterprise mobility without shelling out huge sums for new phones, while at the same time addressing their security concerns.
When it comes to integration, ideally the mobile platform should be an extension of the service oriented architecture that is already in place in an enterprise. This will help bring down cost and provide greater agility to business application. Besides, the cloud offers businesses an excellent back-end platform to support their mobility solutions in a simple and cost effective manner. Cloud computing allows IT managers to easily define policies and manage mobile performance and security across the business. It also facilitates the creation and monitoring of apps for developers while giving users access to a world class user-interface and to the data they need to perform at their best at all times.
To address the challenge of support for multiple devices enterprises should invest in platform that supports "build once and deploy everywhere" capability. Rather than continuing to develop applications first for the desktop and then making tactical mobile development choices, IT leaders should look for a consistent architecture, a true multichannel development platform that helps create and deliver engaging user experiences on one secure platform, for any application, for any device, and around any data.
Enterprise mobility will continue to gain momentum- the question now is whether organisations choose to benefit from this revolution or keep trying to stop the inevitable. The decision is, of course, theirs to make, but I would advise businesses today to stop fighting a losing battle and instead embrace enterprise mobility on their own terms so they can make it work to their advantage.
Sanjay Gupta
VP, fusion middleware business, Oracle India
VP, fusion middleware business, Oracle India
