The 'bring your own device' proposition is about more than just who owns the computing tool you do your work on: followed through to its fullest extent, BYOD could cause changes to enterprise communications provisioning models that have been around for decades.
"ICT professionals are wary of it, end-users are embracing it, vendors are trying to market it," says Jonathan Hunt, business development director at desktop and virtualisation firm Point to Point. "It's a subject that's dividing opinion, with the security implications alone causing ICT managers to wake up in a cold sweat." That subject is 'bring your own device' (BYOD), an ideology that could be transitioning from wishful thinking to market orthodoxy.
There's not much doubting the challenges that BYOD presents for enterprise ICT managers - one survey ranks it as highly as more technology-specific trends such as cyber-security and cloud migration. Although BYOD does not itself constitute a generic technology, it is being driven by a multiple of technological trends - as much in the world of communications as in endpoint device innovation.
Generally-speaking, BYOD is a business policy of allowing/encouraging employees bringing personally- owned mobile devices such as laptops and smartphones to their place of work, and use them to access company resources including email, intranet, and company applications, alongside their personal data and applications. That the BYOD ethos can also have a 'disruptive' impact on enterprise digital communications should not be overlooked.
So, why embrace an arrangement that at first sight looks certain to introduce a load of extra hassle for the ICT function? As with most predicative technological models, the pro-arguments sound somewhat persuasive, but are also somewhat unproven.
For instance, some say that employers who allow staff to use their own computer devices at work are more attractive to top quality recruits (notably persnickety Generation Y entrants to the job market who expect to have a decisive say over their computer productivity options), and enjoy better general workplace morale.
A survey last May of 300 SMEs by cloud services provider Nasstar claims that almost 75 per cent of company bosses said that allowing staff to use their own kit for work purposes would position their firm as a "flexible and attractive employer" attractive to the best job candidates. Sixty per cent of Nasstar's respondents also reckoned that they had "saved some money on IT training and hardware by letting staff use their own devices".
Yet BYOD might also uncover pointers toward changes in the way people need to use information technology in mobile-connected working environments. The lowering price-tag of sophisticated mobile devices, plus the growing ubiquity of free, reliable public Wi-Fi connectivity, are also highly influential factors in encouraging the phenomenon. People no longer have to rely on their employer to meet the cost of a baseline-specification system that costs thousands. Corporate equipment refresh cycle lags sometimes meant that office workers 'had more sophisticated PCs at home than they did at work; but even so, some predict that BYOD will cause a bunch of operational issues that many boardrooms will find discomforting.
Research findings published last June by data governance software firm Varonis found that 67 per cent of respondent organisations reported that their senior management "either don't know where all company data resides or are not sure". In addition, 74 per cent of organisations reported that they do not have a process for tracking which files have been placed on third party cloud digital collaboration and storage services.
At a time when data management as a whole is proving a major challenge for organisations of all sizes, such indicators could represent inhibitors. "With BYOD and file synch services booming, companies are open to a wave of potential devastation," Varonis warns. "Files kept on third party cloud services can be lost, misplaced, accessed by unauthorised persons, or leave the company with the employee, causing data privacy and compliance issues."
Such concerns will have to be allayed if pro-BYOD sloganising about capital expenditure reductions and staff training budget savings, as well as how staff are more likely to take care of devices containing sensitive data if the device is a personal possession rather than belonging to an employer, is to be taken seriously.
More productive staff might mean higher salary bills, and budget saved on buying new PCs over standard product refresh cycles is likely to be offset by a requirement to invest in new BYOD management tools - a growing market sector.
Another variable is the extents to which some vertical sectors will be pushed/pulled into BYOD adoption by the particular dynamics of their given market. Asset management solutions provider Kaseya polled 100 UK senior IT decision makers on the way in which they manage their IT estate and the impact this has on the business. Among current and future issues facing IT teams - including impact of security breaches, cloud computing, and Windows 8 migration - the research highlighted each sector's 'specific pain points'.
Some 44 per cent of retail industry respondents rated BYOD as "the most pressing challenge" due the numbers of mobile devices being brought into use on shop floors and in warehouses: "IT teams within the retail sector cannot waste any time in addressing BYOD issues, as it is clear that the challenge of managing an influx of devices is already upon them".
Resolving these concerns will be essential if BYOD is not to expose enterprise ICT to additional vulnerabilities and efficiency lapses. Although BYOD is partly about decentralisation and the freeing-up of choice, it still has to be managed under a policy-based regime. This presents fresh challenges for ICT policy makers.
BYOD advocates could yet find that newfound flexibility comes with quite stringent obligations and even a renewed requirement to stick to agreed guidelines, such as acceptable usage policies - employers will be concerned about corporate data sharing a hard disk with potentially inappropriate personal content, say. There is also the possibility that career penalties will apply even when individuals are careless with hardware that belongs to them, and they are liable for replacements should it get lost during work hours.
"Mobile devices are not usually under the full physical control of the enterprise. However, they still should be managed, controlled and secured by enterprise-wide policies, standards and procedures," advises Rams's Gallego of ICT governance body ISACA. "Creating a mobile device strategy will help ensure that risks are accounted for and managed appropriately."
In general terms, BYOD adoption might create as many challenges for the enterprise ICT function as it claims to solve. One lies in managing the expectation that BYOD implies use-your-own software - granting users to operate using their preferred operating system, Web browser, or anti-virus package.
Preference starts to get really acute with respect to personal communications devices. RIM's BlackBerry platform has a reputation as the 'corporate' smartphone of choice because of the controls it provides for corporate IT managers; yet even conservative business users may opt for Apple iPhone or Android devices for their non-work-related communications, despite the perceived security issues attendant to those mobile operating systems.
"BYOD and mobile device management need to go hand in hand," says Point to Point's Jonathan Hunt. "With mobile devices such as smart phones a prevalent issue is not one of functionality, but of support. Any sane IT professional should have some serious reservations about a company even considering BYOD without some type of mobile management security tool." When it comes to Android, however, Hunt believes that BYOD users are "pretty much on their own" in respect to support.
The growth of BYOD initiatives "has created a situation where IT security managers [now face] a deluge of untrusted, unmanaged devices and applications on the corporate network", says Steve Daheb, chief marketing officer at Blue Coat Systems. "Mobile application controls give administrators ability to determine which applications are allowed on the network, [and] also [the extent to which] mobile device users are able to interact with those applications." Blue Coat Systems is among a coterie of vendors pursuing opportunities <'that BYOD control may provide to solutions vendors. Other initiatives include Red Bend Software's vLogix Mobile for Mobile Virtualisation (enables multiple operating systems with different priority levels to run concurrently on a single device), the latest version of the Sophos Mobile Control 2.5 mobile device management (MDM) solution, and Avaya's Identity Engines 8.0 suite.
But the BYOD ethos is pervasive enough to cause IT strategists to consider if it might usefully inform new thinking about future developments in enterprise IT'planning. For instance, if fewer enterprise staff are working from hardwired computers, are 'traditional' local-area network infrastructure still needed as much? We will always need a network inside the building, avers Point to Point's Jonathan Hunt, but we may not be using it for linking PCs together.
One scenario along these lines is in smart buildings where more of the available Ethernet communications capacity might be deemed by premises technology managers as better used by other applications as there is less fixed-device information systems data running over it, and more of what remains can be transferred onto internal Wi-Fi connections, where procedures allow.
Voice vectors, Wi-Fi
BYOD could also prompt changes in conventional enterprise voice communications. Email and text messaging are increasingly the primary media for business communications, making the necessity to pick-up first time less necessary. Voice messaging is probably not regarded as efficient a business tool as it used to be; indeed, rambling messages (that convey less useful information than a 10-word text message) are somewhat of a legacy bugbear these days.
Fixed desktop telephony handsets, even VoIP models connected to the IP infrastructure, will be phased out as voice communications move more into the mobile networks. The shift to mobile-first for voice (and increasingly, data) is bound to increase if 4G services start to appear in the UK communications market in 2013.
Concerns about the security of using public networks for business communications are being alleviated, according to some commentators, not necessarily because the hotspots themselves are any less insecure, but because systems for providing secure VPN access with built-in encryption are becoming standard issue in most organisations to standard facilitate remote access. The last year has seen solutions that tweak this technology to support the BYOD ethos.
A related factor at play here is the fact that VPNs allied to cloud-based software as a service (SaaS) and data as a service (DaaS) options - possibly bundled as virtual private clouds (VPCs) - should mean that less, if any, sensitive employer data will actually be stored on any portable devices (well, that's the theory, anyway).
It is also important to bear in mind that the BYOD phenomenon can been seen to some extent as part of a general trend toward 'thin client' style endpoint devices - both fixed and mobile - where very little actual enterprise data actually held on the device itself.
Another factor on the security side is the fact that BYOD-minded organisations are realising the necessity of new approaches to overall risk-assessment that include classifying their data and applying an IT-scale value to it, so that each user data access privileges are better aligned. This seems another factor in support of BYOD, but one that could entail cost implications in a business environment where enterprises are generating data at such rates that the monitoring and classification is a full-time tasks which would require additional IS staff, tools, and the support of third-party services.