Beyond BYOD: The Inevitability of Business Mobility
By Bask Iyer, CIO, VMware
Two news stories from the last year come to mind whenever I think of the ever-rising tide of business mobility.
In the first one, an emergency physician at Beth Israel Deaconess Medical Center in Boston, faced a critical situation: a patient suffering from a brain hemorrhage was brought in during his shift, and administering the wrong medication would make it worse. Fortunately, the doctor was wearing Google Glass loaded with a custom medical app. Using his face-mounted mobile device, he able to pull up this patient’s records and administer the right drug to help stop the bleeding.
A happy ending for all! Except poor Google Glass—sales of the first prototype edition were suspended in January.
The second story is more of a tragedy.
Hackers got control of an MDM system at Aviva, a UK-based insurance company. Before taking down the MDM server, they wiped more than 1,000 iPhones associated with the system. Even though the insurance giant claimed there was no monetary loss, nor was any customer data exposed, BYOD tales like that don’t put a CIO’s mind at ease.
BYOD = Bring Brought Your Own Device
These anecdotes reveal two aspects of business mobility: rewards and risks. Both are high. Yet BYOD, as the most common form of business mobility, has now become table stakes, a baseline policy in an increasingly mobile world. At VMware, BYOD has been broadly supported for all employees for more than three years. Our initial focus was about enabling email and calendaring. Basic stuff.
If you’re still wondering what businesses stand to gain from the practice, a Survey Analysis by Gartner (May 2014) has a fairly compelling answer: a BYOD program can add 32 work hours per employee per month as downtime reclaimed by work on a personal mobile device. That’s incredibly valuable to employers—and to the employees who enjoy the freedom and flexibility of not always being tied down to a desk.
What’s more, BYOD policies and business mobility in general are already forcing enterprises to rethink the way they conduct business across the board. In many enterprises, core lines of business are finding themselves confronted by a need to engage in business process innovation with a mobile-first focus—or risk being outpaced by competitors eager to succeed in the new mobile landscape, by offering “mobile-first moments.” Because many of these organizational processes are directly tied to employee productivity or revenue generation, there’s an urgent need to “upgrade” employee behaviors and business platforms without compromising regular business operations or IT security.
Securing the Future of Business Mobility
Business mobility might offer a plethora of benefits for employees, employers, and their customers, but it continues to bring IT leaders face-to-face with outdated architectures, security threats, and application incompatibilities between desktop and mobile. I think a few things can help slay these dragons:
- CIOs and CTOs must educate employees before implementing any BYOD policy. Your company’s entire staff must know the best practices related to security, such as not sharing their device and not visiting inappropriate websites (potentially infected with malware) when on the company’s network. You should also alert employees to the fact that you might wipe all of the data on a device if they lose it or leave the company.
- A new IT architecture inspired by mobility is required. Although the buzz centers around mobile devices, the desktop (and laptop) form factor will remain central to most business-mobility workflows. Due to years of legacy stagnation, however, even desktop application support and security typically falls short across critical areas in most work environments and needs to be revamped for a mobile- and cloud-centric era.
- With a growing variety of mobile devices, it’s impossible to secure every employee-owned device. So focus on securing the data and controlling app deployment and access remotely, using tools such as the AirWatch® by VMware product suite. Microsegmentation can play a role in business mobility, too. For example, you can restrict different devices to access only certain types of data, limiting permissions based on specific network connections, controlling access through AirWatch’s identity management features, and so forth.
While business mobility is undoubtedly here to stay, BYOD itself—despite all its rewards—may not be the best approach. We have to go beyond it.
Most employees would probably be happy to carry a decent, modern device in addition to their personal device if a company determined that was the best way to walk the razor’s edge between both security and privacy. In this approach, employees are offered their choice of mobile devices that work within the company’s IT ecosystem, for which the company has approved security and reliability. This is called CYOD (Choose Your Own Device), a potent alternative to BYOD.
If the cost of furnishing employees with a new smartphone seems too high, remember that many devices are freely or cheaply provided with mobile contracts—and how many companies are already subsidizing personal cell phone plans. CYOD could both save money and bolster security.
Yet another alternative, which resembles the traditional method of desktop workstation supply, is COPE (Company-Issued, Personally Enabled): a company lends its employees a mobile device which can also be used for certain personal activities permitted by the company, such as the Boston doctor, mentioned above, perhaps using his hospital-issued Google Glass to check the Red Sox score on his way home from a long day in the ER.
The best tactic, of course, depends on any given organization’s specific needs. But whatever approach you choose, you’d be wise to get on board and harness the potential of business mobility before your competitors do. I’ll talk more about business process innovations and enabling those “mobile-first moments” in a future post.
On Twitter: @baskiyer