How Smart Companies Manage BYODBy Samuel Greengard | Posted 03-29-2013
How Smart Companies Manage BYOD
By Samuel Greengard
Only a few years ago, overseeing a workforce armed with mobile technology was a fairly straightforward proposition. The enterprise purchased a separate phone for business use, it controlled what applications and content went on the phone, and decided when the employee would upgrade to a new device. The biggest question on the minds of CIOs was whether to equip employees with a basic cell phone or a BlackBerry.
That was then and this is now. Thanks to an influx of smartphones and tablets—iPhones, iPads, Android devices, Windows phones and more—the balance of power has shifted to employees. Bring Your Own Device (BYOD) is no longer an option for most organizations; it's the standard for business in the digital era. What's more, along with the decision about which devices and operating systems to support, there are thorny questions about how to navigate the technology and which services and features to provide.
"Businesses require a clear BYOD strategy. It's important to have an understanding of what's supported and what isn't supported across the enterprise," states Jim Guinn, a managing director at PwC. In fact, without well-defined policies and controls—plus a heavy focus on security—BYOD can become an unmanageable mess. Breaches, breakdowns and the loss of intellectual property can lead to economic losses, as well as other problems. But for enterprises that get things right, BYOD and the consumerization of IT create new and rich opportunities to run a business more efficiently… and profitably.
It's no secret that many younger workers are glued to their mobile devices—and many won't work at a company that limits access to them. They've grown up with mobile phones in their pocket and, in many instances, they view these devices as the primary way to connect and interact with others. Combine this with an emerging post-PC world—a PwC report predicts that personal devices will comprise 35 percent of all enterprise technology by mid-2013—and it's clear that a mobile-centric workplace is here to stay. "It's becoming almost impossible to avoid BYOD," Guinn says.
Accenture chief technology strategist and managing director Gary Curtis says that CIOs shouldn't view BYOD as a problem but rather as an opportunity. The ability to extend the enterprise through communication, collaboration, social media and real-time data is nothing less than transformative. The ability to deploy leading-edge technologies and sophisticated apps and services can be revolutionary. Because about 90 percent of firms have already adopted BYOD in one form or another, "the task is to make it work for everyone in the best way possible," Curtis says.
One company that has embraced the challenge is Intel. The semiconductor giant has more than 39,000 devices registered on its network and about 70 percent of them are personal devices, notes Dave Buchholz, director of consumerization. The company took notice of BYOD and a growing consumerization trend in 2009. At the time, the company's CIO, Diane Bryant, indicated that she didn't want to wind up beholden to a single vendor or device. "So, we began to investigate how we could transform our infrastructure and adopt a global services model," says Buchholz.
How Smart Companies Manage BYOD
Intel approached the challenge from a perspective of finding ways to make the initiative happen rather than looking for ways to defeat it. Within six months—with input from numerous departments and business units—it had hammered out a strategy. The company spent another nine months addressing legal and human resources issues. "There were issues that entered a legal gray zone,” explains Buchholz. “We wanted the program to be an enabler of productivity, but at the same time we wanted to make sure we built in the necessary safeguards and protections."
This meant addressing an array of complex issues and creating an end-user service-level agreement that made it clear users were voluntarily using BYOD rather than Intel demanding it (the company continues to supply equipment to some employees). "We had to determine what constitutes proper and fair usage with company tools," Buchholz says. Among other things, Intel was forced to examine how to manage hourly employees who might check their e-mail at home, identify when an employee is representing the company and when a device wipe is warranted, as well as the employee's responsibility when a wipe occurs.
Yet the challenges didn't stop there. "Because Intel is a multinational company, there are implications surrounding intellectual property or a particular country’s privacy protections when a device potentially comes into contact with other devices," Buchholz says. Some of the issues revolve around where data is stored and whether it is encrypted. In addition, the company had to break practices and procedures down by the type of device—smartphone, tablet or laptop—and create different rules, policies, access limits and controls for each. "It really gets down to the usage model and the device—and the specific requirements for that individual," he explains.
Today, Intel's BYOD program supports about 30,000 employees and offers 40 proprietary apps. These apps range from travel tools that can help schedule a shuttle or flight to conference room finders. The company uses a variety of software and security tools in place—including an internal app store, mobile device management (MDM) software and mobile app management (MAM) software—and has multiple levels of controls in place. In addition, it maintains a list of approved devices and ensures that they meet certain requirements. Other devices are blocked from the network.
"The goal isn't to save money through BYOD," Buchholz says. "The idea is to make Intel a great place to work. Employees are happier because they can pop out their phone—the device of their choice—and use their own apps along with specialized Intel apps." But the program also benefits Intel. On average, workers report saving 57 minutes a day due to BYOD. This totals 5 million hours annually, according to Intel surveys. "It enables the usage models they are familiar with on a day-to-day basis. This initiative is leading to new services and approaches, including how we collaborate inside the company, how we use social media and how we access data," Buchholz says.
A New Model Emerges
BYOD is more than the sum of smartphones and tablets within an enterprise. Organizations that adopt BYOD on a widespread basis typically find that a consumer IT model sweeps through the organization and changes the fundamental way people work and interact. Like Intel, they discover far more efficient ways to manage business processes and workflows. BYOD can also simplify—if not eliminate—the task of continually procuring and upgrading gear—all while making it easier for workers to use leading-edge tools and applications in their daily lives.
How Smart Companies Manage BYOD
But the environment also presents formidable challenges for CIOs and IT departments. For one thing, there's a need to break down silos and work with other departments to create policies, procedures and data classification schemes that fit a BYOD environment. For another, BYOD requires different knowledge and skill sets—particularly as organizations build app stores and transition to a more agile and consumer-focused software development and distribution model. In many cases, it's necessary to hire or retrain developers and other specialists so that they are focused on a consumer-centric IT model.
Finally, there's the nettlesome issue of security and data protection. It's critical to ensure that MDM, MAM and other solutions are in place to authenticate users. It's essential to lock down devices, data and apps, standardize device settings, distribute acceptable use policies, provision and de-provision devices, and provide wipe capabilities in the event that a breach occurs or a device is lost or stolen. But CIOs must also adopt a data-centric view that focuses on tracking usage and protecting intellectual property. This means using desktop virtualization, application virtualization, HTML5 and more robust endpoint controls to construct a platform that more fully supports mobile device security.
Curtis emphasizes the importance of adapting policies to BYOD but also educating employees about risks and responsibilities. "It is essential to have a code of responsibility that is understandable and manageable," he says. In many circumstances, this means formulating different polices and rules for different constituencies and groups within the organization. There's also a strong need to educate employees about how to manage devices and data and avoid lapses that can put data at risk. In some cases, it's as basic as requiring pass locks on devices and pasting data into e-mails or text messages.
In the end, Guinn says it's paramount to think through all the aspects of BYOD and use it as an opportunity to drive change. "BYOD represents a fundamentally different business and IT paradigm," he states. It can trim costs, reduce administrative and tech support, enhance collaboration and connectedness, create real-time customer interactions, alleviate corporate responsibility for device lifecycle management, and help consolidate infrastructure and tools across IT and business disciplines. However, success is far from guaranteed. As Guinn puts it, "BYOD requires a far more agile and flexible way of thinking and an entirely different IT model in order to succeed."