Bring your own device (BYOD) has become an industry buzz phrase of late and is set to revolutionise the way people work.
BYOD emerged as smartphone and tablet computing technology evolved from single-function accessories to multi-function, core computing and communications platforms. Coupled with the explosion in social media applications, mobile computing and communications has transformed the way we manage our personal time, and employees now want to enjoy the same functionality and flexibility in their work lives. This is creating a management problem for IT departments that are being pressured into supporting these employee-owned devices, but what can they do?
Organisations are more attractive to employees when they support BYOD. There are two groups pressuring companies to let them bring their own devices to work: senior executives and new “Generation Y” starters, that portion of the workforce born from 1980 onwards who are technically savvy and have grown up with mobile communications and social media.
Initially, senior executives could afford the first generation devices such as the iPad and had the power to demand support from IT. Now that price points have fallen, a wider demographic is using the technology.
Generation Y are our organisations' future talent and those companies that can attract this talent will gain competitive advantage over those that can't. If companies want that emerging talent, they have to let this generation bring its ‘toys' to work.
IT departments face two major challenges with employee devices, and the more they solve one of them, the greater the other becomes. The first challenge is controlling the underlying security on an employee's device to protect its infrastructure and data. The other is that the more it locks down the personal device, the less a corporation can use it for innovative mobile applications.
A recent survey of 112 IT managers conducted by Integralis found that 57 per cent were dealing with policy enforcement issues for mobile devices in the organisation, while half of them were grappling with security issues including remote wiping of lost devices.
There are several ways for IT managers to mitigate the risk of corporate exposure. One of them is sandboxing, in which a separate, encrypted and protected space is created on the device specifically for corporate applications and data. Corporate policy can be applied to the sandbox whilst allowing the employee unrestricted use outside of it.
However sandboxing has several limitations. Applications running inside the sandbox typically must be written by the sandbox provider and this limits flexibility, adds complexity and creates vendor lock-in.
Access to features such as location services, camera etc., may be restricted using a sandbox solution and functionality is typically limited to basic features such as email, calendar, contacts and web browsing. This limitation is necessary on employee-owned units, an employee won't want an employer knowing where their personal device is at any time, or having its bespoke app able to access the camera remotely and this raises significant privacy concerns.
Where the device is owned by the IT department, it is easier to justify full policy control over it and potential legal issues are minimised. The true power of mobile computing lies in the ability to run bespoke corporate applications that make use of the advanced features of the mobile platform. If BYOD places limitations on this, there is a danger that this new opportunity will not be fully exploited.
So, the corporate approach to BYOD must evolve beyond mere sandboxing. What route will it take? Mobile device management (MDM) is an alternative solution for controlling mobile devices. This approach works best for corporate owned devices but it can provide a level of demarcation between personal and corporate environments by, for example, selectively encrypting data and only wiping corporate data from lost or stolen devices.
However, MDM isn't an ideal solution to BYOD and the challenges of providing a secure corporate environment, while also allowing the employee the freedom to use his or her device as they choose, remains.
Virtualisation may turn out to be the perfect solution. Virtualisation of the mobile device could deliver the security required by the IT department with the flexibility demanded by the employee, virtual machines (VM) could be configured for corporate or personal use and either environment would have access to the underlying operating system and therefore have access to any application written for that platform.
Separate security policies could be configured for each environment and all features and functionality of the device would be available independently to each virtual machine. Application usage in the corporate environment would be controlled using a corporate app store containing only those apps sanctioned by IT – a capability that exists today with first generation MDM solutions.
The employee would be free to use the device as they chose within the personal VM and, with the corporate VM removed, all evidence of corporate use would disappear with it. This approach would also create additional opportunities for flexible working with the potential for VMs and workloads to migrate between desktop and mobile devices.
Virtualisation could be the thing that saves BYOD from long-term obscurity as corporate use of mobile computing evolves and we know that a lot of senior employers and promising young Generation Y recruits would be very happy to hear that.
Alastair Broom is solutions director at Integralis