Jonathan Foulkes Issue: Europe I 2014
Article no.: 11
Topic: Ending the battle for BYOD control
Author: Jonathan Foulkes
Title: VP of mobile product management
Organisation: Kaseya
PDF size: 193KB

About author

Jonathan Foulkes is the vice president of mobile product management at Kaseya, and previously the CEO and co-founder of Rover Apps, a mobile solutions provider acquired by Kaseya in July of 2013. Jonathan has 25 plus years in technical leadership and executive roles at companies such as Reed Business Information, Clinical Solutions, DoubleClick (Google) and DCA / Attachmate, with a track record of success in delivering leading solutions in highly competitive markets. Recognised for his innovation through the years, Jonathan leads organisations to deliver revolutionary solutions.

 

Article abstract

Studies show that BYOD adoption is ramping up fast, despite serious concerns about the management issues it raises. BYOD encourages significant productivity uplifts and a considerable increase in employee satisfaction, as well as saving costs of devices. However, stolen or lost devices put enterprise data at risk. Remote wipe of devices is now available, but handling of the data is wrapped up with privacy and rights issues. Containerisation of separate personal data from enterprise data is a good solution that strikes the balance between maintaining security and allowing freedom to enjoy personal activity.

 

Full Article

Increasingly, employees within Europe, the Middle East and Africa (EMEA) expect that in their professional lives, they can work using the same tools and technologies they’ve become accustomed to in their personal lives, and more and more they are bringing these devices to work. The Bring Your Own Device (BYOD) phenomenon has continued to grow exponentially over the last few years. Corporate networks are now seeing vast numbers of consumer devices, from a range of manufacturers, hitting their networks and creating security concerns.
A recent study by EMEA analyst firm Ovum found that almost 70 percent of employees already use their personal smartphones or tablets to access corporate data, and this is likely to increase further in the coming years. While BYOD clearly benefits both organisations and employees from a productivity perspective, businesses also need to strike the right balance between ensuring the security of corporate information on the mobile devices, and allowing employees to use their personal devices as they wish without heavy-handed corporate control over the device or personal content.
The balancing act of BYOD
The use of mobile devices on corporate networks of EMEA organisations is by no means a new phenomenon – for many years now smartphones have been used to access email, documents and other business information on the move. Traditionally, these devices were purchased by the organisation and loaned to employees, allowing business to incorporate mobile device usage and management policies into contracts. In these circumstances, employees are rarely given a choice as to the device they will be using and are commonly restricted in what they can do – from application downloads and authentication processes, to the use of removable media access and personal email accounts. While this heavy-handed approach grants organisations peace of mind that their data is not going to be misused, this is not a feasible approach in a BYOD world.
Many EMEA organisations see BYOD policies as attractive for several reasons. BYOD can offer significant cost savings, as equipping each employee with a mobile phone or tablet for work use can be incredibly expensive for an organisation; not only are they required to pay for the device itself, but also the monthly contract, upgrades, maintenance and repairs, and so on. Indeed, a recent survey by Samsung found that European businesses saved, on average, 17 percent by allowing BYOD. Through BYOD, the responsibility for the financial burden, or part of it – dependent on the organisation’s policy – falls with the owner, removing a significant expense for businesses. BYOD is also a significant employee satisfaction driver. Employees that can work how they want, on the devices they want are happier and more engaged employees. One third of respondents to the same European Samsung survey cited an increase in productivity following the implementation of a BYOD programme
However, many organisations are grappling with real challenges in how to successfully implement a BYOD program. Many are fearful of the lack of control they are afforded over personal devices in a BYOD scenario. Employees will not agree to their employer controlling how they use their personal device for personal matters, nor will they be willing to give the corporation any oversight over, or view into, their personal data.
It is an unfortunate fact of life that mobile devices are often lost or stolen, and this adds further complexity to managing BYOD. In fact, a YouGov study in the UK discovered that 14 percent of UK adults have damaged a phone, while eight percent have lost their device and 5 percent have had it stolen. For those who had their device lost, stolen or damaged, 15 percent said they had work contacts on it, eight percent had used their device to store work documents and eight percent used it for confidential emails. If a corporate-owned device goes missing, IT usually has the ability to remotely wipe the data it contains to ensure it is not compromised. In these circumstances, it is usually possible for IT to restore some of the data that was held on the device – but often this does not include photos, music and other such personal, potentially purchased, data. Employees are relatively powerless in this situation as, even if the device contains personal information, they are not the rightful owner. On the other hand, if the device is owned by the employee and corporate and personal data is not segregated on the handset, it raises questions over whether or not the organisation has the right to clear the device of all the data contained within, without the ability to restore everything.
If managed correctly, BYOD has the ability to have an extremely positive impact on the way that organisations operate. However new approaches are needed to solve the challenges that BYOD poses.
MDM – managing the device
When seeking to manage and protect devices being used for professional purposes, Mobile Device Management (MDM) solutions help organisations effectively manage and secure corporate devices. These solutions allow businesses to apply policies to devices in the same way as they would any other piece of equipment accessing company data, from PCs to printers, and these devices are wholly owned and managed by the organisation. In the MDM scenario, access permissions need to be set up for each device, with the appropriate security policies enforced. This approach is often used by organisations that issue corporate mobile devices, but in a BYOD context a different solution is needed.
BYOD – managing the data
Rather than seeking to control the entire device, as with traditional MDM solutions, BYOD can offer an alternative by giving organisations the option to control just the corporate data on employees’ personal devices. This setup can facilitate easier management for the organisation and can balance corporations’ needs for manageability and security with employees’ demands for choice and freedom.
Technologies for containerisation on mobile devices can provide the solution. Consumer use of applications on mobile devices is now almost second nature and this is a fact that organisations should be able to take advantage of. With installable apps that create a corporate ‘container’ on an employee’s personal device, organisations can provide a completely secure environment by which BYOD users can access corporate email, documents, intranets, cloud services and so on. Through this approach, it is the corporate data that is managed, not the device, as all enterprise data is stored in complete isolation to personal data. The organisation therefore does not need to impose limits on what the employee can and cannot do.
Using this containerisation method gives IT full control over policies and the ability to decide which users – rather than devices – are allowed to connect to which applications. Each app provides seamless access to systems within a container that offers organisations full control to manage and secure the environment as needed, while the rest of the device remains under the control of the employee.
The convenience of an installable app also means that getting each user setup is as simple as an app download on the user’s device, rather than having to go through the painful process of configuring mail, VPN settings, special authentication and more for access to corporate systems from a mobile device – saving time for both the employee and the IT department.
Embracing BYOD
BYOD is a phenomenon that is highly unlikely to go away anytime soon. It provides EMEA organisations with the ability to give employees the right tools to maximise productivity and increases employee satisfaction. BYOD management, when done correctly, does not force heavy-handed corporate control onto employees and their personal devices, but rather enables ease of use and ease of access to data, while also meeting corporate standards for security and manageability.
Containerisation is the key to striking this balance, and forward-thinking organisations are embracing this approach in order to meet both corporate and employee needs – turning the tug-of-war into a win-win situation where the requirements of all parties are met.