BYOD might have been heralded as the savior of CIOs’ mobile management problems – device cost and user uptake being the obvious two – but the truth is BYOD is not a silver bullet.
The fundamental problem that comes with BYOD is inherent in the concept itself – the fact that it permits and even encourages a merging of personal and professional lives. Of course this overlap is hardly new. Consumerization has been a noticeable and powerful trend in enterprise technology for many years now. Employees want the tools on which their work lives depend to be as easy-to-use, integrated and intelligent as the technology they use at home.
The corporate extension of this is the much-heralded Digital Workplace – a Gartner-led concept that promotes the inter-linked themes of digital communications, collaboration and the sharing of data, agile working, the prudent use of business applications and, of course, mobility.
But regardless of its merits and the way mobility underpins the necessary direction of travel for the modern enterprise, a single problem persists: its security, especially in a BYOD environment.
Through BYOD, any smart device could become part of the enterprise’s network. But what happens in the likely event of a device being stolen, lost or hacked? In a study conducted jointly by Ponemon Institute and Lookout, two-thirds of respondents reported a data breach as a result of using their own mobile devices to access company resources.
Confront a CIO with these concerns and many will retort with the claim that smartphone manufacturers are aware of the value of the enterprise market and that OS security features are being improved all the time in an effort to stem data breaches and establish widespread confidence in their corporate use. But these improvements are only strong enough for 60-70 percent of corporate users. Companies in highly-regulated industries such as financial services and healthcare, and indeed many larger enterprises, will require stronger security than that which comes ‘as standard’ to mitigate growing regulatory, privacy and operational risks.
They may then claim that they have put in place a device management solution – at its most fundamental level, a secure container in which all the company’s data and applications sit, encrypted and insulated from any compromise of the personal side of the device. This means that when a device is under threat, the IT team can simply deploy policies and even remotely disable apps and wipe the container should they need to.
But ironically, despite the need they are designed to solve, containers and similar technology typically bring with them productivity problems. Some can cause compatibility issues and obstruct day-to-day functionality, such as preventing access to a device’s contact list. Others may only be capable of containing content and apps that IT has specifically installed, potentially undermining productivity in the name of security, compliance and visibility.
Frustratingly, many containers do not permit the integration of business-critical apps within the container. Here, they have simply adopted a “utility” approach where the availability of the app is deemed sufficient, ignoring the need for apps to be integrated with other apps to truly enhance productivity. This will often be in direct contrast to the employee’s desktop situation where, for example, Salesforce will be integrated with the email client to simplify the management of calendars and appointments. Clearly, this contradicts the Digital Workplace ambition – one of its central tenets is to make the employee mobile without any loss of the capability they have when in the office.
But these aren’t the only ways in which typical containers compromise productivity. The principal way is through their security procedures. The necessary balance of usability and security on which mobility depends is disrupted by overbearing security processes that impact ease of use.
As hype and concern around security increases, the usual technology response is to strengthen the authentication process, usually involving the addition of requirements. Entry to a device via a name and a single password has evolved to also needing yet more pieces of information or even a biometric – with each addition increasing complexity or the likelihood of forgetfulness restricting access. But typical multi-factor authentication is cumbersome, prone to over-complication and undermines usability, and, by extension, also productivity and even mobility uptake.
The alternative, rather than simply adding more and more “factors”, is to rely simply on “sufficient factor authentication” (determined by the compliance requirements of the enterprise itself) and then increase the strength of each one using analytics. Contextual analytics can detect the proximity of devices to another – such as tablets and phones – and therefore prompt alerts about potential loss or theft, while collecting data on usage patterns can lead to the detection of unfamiliar and therefore suspicious use. Alternatively, the addition of extra factors can be replaced with the integration of secure third parties such as employees’ social media profiles – especially as these are often more readily remembered.
In these ways, the container’s ease of use is improved by simplifying the day-to-day access requirements, but without surrendering the security of the enterprise’s data – the perfect balance.
The modern enterprise requires high-performance mobility practices and tools in order to maintain a competitive edge. But these rely on usability, else they simply won’t be adopted – and security, another of the enterprise’s core requirements, is usability’s most potent barrier. But by using data more intelligently and through prudent integrations, the two can actually co-exist, with neither compromised. By doing so, BYOD transforms its perception from being a threat to security to instead being its own route to heightened security and productivity.
Dave Schuette is EVP and President of Enterprise Business at Synchronoss, a provider of cloud solutions and software-based activation.