BYOD and the creeping consumerisation of Enterprise IT
The days of closing one corporate eye to the under the radar adoption of bring your own devices (BYOD) in the enterprise are almost over or, at the very least, heading towards a climactic high noon showdown. For some, this show down may be over already as according to a recent article on the Guardian Media Network “the proliferation of BYOD in the workplace is yesterday’s problem child.”. We are not talking personal MP3 players or scientific calculators anymore, and not even the Mac obsessed employee who wants to fly in the face of the standard Windows environment. Instead, we are talking about wholesale adoption, holistic if you like, of alternative computing platforms from the consumer arena, by the consumer, and these platforms encompass not only the device itself but everything from the very infrastructure fabric itself to the hardware, applications, data and governance. This is the consumerisation of IT in the enterprise.
Consumerisation of IT in the enterprise did not just sweep into dodge one hot and sunny afternoon, the idea has been percolating for some time, and the concept is now becoming very real largely driven by mass uptake of consumer mobile devices (particularly tablet devices), and a sweet shop of downloadable applications (of varying degrees of quality), enabled through an ever improving air based public internet connection. Often, personal internet bandwidth surpasses that on offer in a corporate environment and better yet, for the employee at least, this bandwidth is considerably less restricted than that available from the tightly budgeted enterprise itself. Working in a virtual environment from within the restrictive confines of a physical environment can be liberating: the ability to Skype a colleague or share a spreadsheet using Dropbox can be not only tempting but somewhat alluring and this fever spreads and it does so very quickly. An interesting statistic picked up at Infosecurity 2012 this week, from a study by Absolute Software (based on feedback from 300 IT professionals), is that one of the largest areas of downloaded apps at work are business productivity apps, people are not justing bringing in their mobile devices to play Angry Birds during their lunch break.
According to Trend Micro, during a seminar at Infosecurity 2012, there are three primary risks involved in the acceptance of bring your own devices in the enterprise: loss of visibility, de-standardisation, and unpredictability. One of these risks can largely be addressed through effective auditing and management software (loss of visibility), an area seeing some considerable growth, whilst the second relies heavily on governance and reinforced policy (de-standardisation). Chris Boyd, Senior Threat Researcher at GFI, suggests three areas of governance for dealing with de-standardisation and BYOD: the adoption of a social networking policy, re-inforcement of acceptable use policy, and also brand monitoring. However it is the third risk, that of unpredictability, which is the most difficult to handle and which poses potentially the greatest risk of all.
The unpredictability of bring your own devices in the enterprise mostly impacts data and application risks including exposing the doors-locked enterprise to “through the window” malware and data stealing but it does not stop there. Along with a device usually comes complementary devices such as memory cards, docking stations, personal area network devices, and network based expanded storage devices which may fall completely under the corporate, not the mention the IT, radar but it is this very creep of uncontrolled, often low cost, peripherals that adds to the complexity facing enterprise today. The problem is somewhat like looking through the saloon window to check out the challenger outside only to find he’s brought along the magnificent seven for company.
It is not all doom and gloom however as there are considerable, and tangible, benefits to the concept of bring your own devices. The most obvious benefit is that it keeps the employee happy and the old cliche of “a happy employee is a productive employee” sounds more fitting than ever but more tangibly the concept potentially creates a more agile environment for the enterprise particularly in an environment where virtual work styles are becoming more socially acceptable. Add to this the business image of being seen to actively embrace new ways of thinking which could lead to an improvement in the attraction and retention of talent and the advantages begin to add up.
Of course the solution is not clear as the problem is not entirely clear primarily because businesses are not the same. For some businesses, particularly in the SME sector, the idea of information technology being a bring your own device environment may already be the norm. In this environment employees desks and surrounding space become the silo of personal technology with these silos connected loosely by a shared wireless connection; probably connected to a DSL. In this environment there is no shared workspace, files are emailed over public networks and if Bob wants to print his document in colour he may send it over to Mary as she owns the colour printer. This environment works and it is not a problem to those involved, in fact it is every day working life.
But could this approach work in the enterprise space? It is unlikely. In enterprise the information itself is as important a business asset as the products themselves, and is locked safely away behind bricks and mortar, whilst public networks harbouring the hungry wolves knocking on the door outside must be kept at a safe distance. One thing is for sure enterprise needs to open both eyes and face the issue of bring your own devices, head on, before mobile devices and the sweetshop of downloadable applications fling open the saloon doors, the clock is ticking and the showdown is at noon.