Most of the business world by now has heard of the consumerization of IT and BYOD (Bring Your own Device) trends. These trends are here to stay, which means that IT organizations are dealing with the resulting issues now or will be soon.
Just allowing BYOD does not mean “anything goes” simply because the executive suite asked for it. For those looking for safe ways to allow BYOD programs in their organizations, there are a number of options to consider.
MDM – Mobile Device Management
Today MDM is one of the common solutions to mobile device security, providing remote wipe, app deployment with white/black listing, device integrity, asset management, etc.
However, when it comes to personal devices, the issues are more complex. Some of the MDM solutions do support BYOD, yet in practice that also means installing agents on a device by IT or within a corporate network.
These agent apps often provide access to all of the contents of the device, both company and personal. So it may be that corporate apps and data can be selectively controlled, but because anything on the device is visible, this opens up potential privacy issues and objections from users.
Many organizations insist on employees signing a waiver allowing IT to wipe a device or content if they leave the company.
MAM – Mobile App Management
A more recent solution, MAM, focuses on the apps and data and typically includes an Enterprise App Store allowing employees to self-select apps made available to them via the IT organization.
MAM solutions may also include app “wrapping” of native apps within an SSL security bubble, which enables IT to remotely disable access to the app or contained data if an employee leaves a company.
Both native mobile apps and web-based apps are typically supported, but this solution does need specific support for each mobile platform. In the case of Apple iOS, it has some unique conditions that limit some features.
Converting apps to web apps and/or enabling mobile versions of existing web apps is another common option that companies are pursuing. HTML5 is providing additional capability to make the apps feel more native. Although, many report there is a steep learning curve to take advantage of this method.
Web apps are more secure in general. However, there can be real data downloaded to a device or otherwise exposed so additional precautions are required. Sometimes a VPN is also required, which can be a security risk from a personal device. Some of the MAM solutions provide a secure browser, which can alleviate these limitations.
Virtual Desktop Virtualization
Virtual Desktops are gaining popularity as a secure solution for tablets, including the iPad. Citrix and VMware provide solutions that keep all the data and apps in the data center on virtual machine images and present only the user interface to a receiver on the tablet.
This also works for smartphones, although the form factor is not ideal for existing Windows apps. Citrix has recently released an SDK that enables Windows apps to be built or modified to look and feel as mobile apps, and even use native features like cameras and GPS. There is also an email and document app that runs completely on data center servers enabling safe BYOD from any device that has a receiver.
The limitation of this solution is it will not work offline and it does require server infrastructure.
Using a mobile hypervisor to completely isolate a company virtual machine and personal virtual machine is another recent approach to solving the BYOD security issue. This approach can provide a high level of security, while also allowing off-line usage if the device comes preloaded with a mobile hypervisor.
The limitation of this solution is the device must be preloaded. It is not likely Apple will ship a mobile hypervisor for iOS anytime soon. This would result in the inability to support iOS, which has been one of the main drivers of BYOD initiatives.
As described, there are multiple options for providing safe BYOD programs, but there is no single silver bullet. This space is also changing rapidly due to the dramatic increase in mobile usage and the variety of devices and platforms.
The right answer may be a combination of solutions, in addition to maintaining existing implementations of RIM BES for corporate owned BlackBerrys. As part of supporting BYOD programs, it is also a good idea to review the corporate guidelines for company data.
Most existing policies – including annual compliance training videos – prohibit corporate data on non-company-owned devices. These policies will need to be updated or companies will need to stay with a solution that conforms to this requirement.
Certainly IT organizations are not alone in looking for answers. It is a great idea to get out listen and learn what IT colleagues are doing about BYOD programs, and the impact of consumerization on IT service delivery.