Director of Technical Services
BYOD: Is It Time to Take a Fresh Look?
BYOD is an acronym that will make any senior IT Manager cringe. Bring Your Own Device—or BYOD—was a huge buzzword in the industry at the start of the decade. Not surprisingly, the first instances of BYOD can be traced back to April 3, 2010—the day the Apple iPad was launched. Within weeks, IT departments all over the world were struggling to deal with how to secure and manage these personal consumer devices purchased by C-level executives who insisted on using them instead of their laptops, which seemed like large bricks by comparison.
Shortly thereafter, every analyst including Gartner, Forrester, and minor web commentators were predicting huge adoption rates and touting the value for everyone from enterprise to small business. Promised returns included cost savings, productivity benefits, and user satisfaction. In fact, a 2013 report from Cisco stated that value of a properly implemented program could generate an average annual value of $3,150 per user.
Despite this, we rarely hear about BYOD anymore. It’s not because people no longer bring their devices to work. In fact, you would be hard- pressed to find a corporate user that didn’t carry a personal device with them at work. Beyond the initial hype, the returns promised by BYOD proponents were seldom realized. Even for those organizations that were successful in rolling out a BYOD program, many have since abandoned the practice due to high management overhead and/or minimal user adoption.
Today, most organizations fall into one of three categories:
- Personal devices are allowed only when enrolled within a restrictive Mobile Device Management (MDM) solution.
- No personal devices are allowed by policy. The most forward-looking of these organizations have adopted what is called a Choose Your Own Device (CYOD) policy, where they include an enterprise-grade “executive level” mobile device as part of their standard device offerings for those that prefer consumer level form factors. These devices are typically managed within a restrictive MDM solution.
- No restrictions are in place and any devices can connect to any corporate data (particularly data located in cloud services).
Why None of These BYOD Scenarios are Optimal
The first scenario was the norm for most of the early BYOD implementations. Businesses required employees to enroll their personal devices in MDM solutions as a way to regain some control over their environments.
While these solutions gave employees access to their work files and data, the downside was that it granted a level of control and visibility to the employer that the employee was not comfortable with, including the ability to see things such as which apps were installed. Should the employee leave the organization, they were also able to completely wipe the device, along with any personal data on it. Or, in the worst case scenario, because someone in IT clicked the wrong button.
A California court case in 2014 [Cochran v. Schwan’s Home Services] required employers to reimburse employees for use of their personal devices when used for mandated work purposes. This meant that organizations needed clear policies around both use and reimbursement, adding complexity and minimizing potential cost savings. For this reason, most initial BYOD implementations either had limited adoption or just never realized the promised ROI.
The second scenario is where most organizations have landed. Businesses provide employees with corporately-owned consumer devices such as an iPad or an Android mobile phone, securing it with corporate controls and policies enforced through the use of an MDM. Employees are enabled to use the devices they want; however, the management overhead required to support and secure them is not insignificant, both from a licensing and an operational perspective. Additionally, employees often treat these devices like they are their own. The longer they have the device, the more likely it is that it contains non-business contacts, photos, games, and downloads. This can lead to data confusion and potential privacy concerns, meaning companies often resort to enforcing a draconian level of control on the devices, which reduces any of the employee satisfaction or productivity benefits associated with BYOD.
In the very worst case, businesses simply have an outdated paper policy stating personal devices are not to be used to access corporate data, and blindly trust that employees are in compliance with limited or no means to control access—particularly when it comes to new cloud based services.
Beyond BYOD: Focus On What’s Important
Enter sandboxing technology. Traditionally, the focus for IT has been securing the device and as a result, protecting the data that lives on it. If instead, we simply are able to focus on securing the data or the applications that hold the data by “sandboxing” it in a secure container that doesn’t interact with anything outside of that container, then the device which is used to access the data or the app shouldn’t matter.
Sandboxing technology is not new with variants from Good Technology, Blackberry, and numerous modern MDM solutions all available for purchase. The downside to these technologies, however, is that they either require you to fully enroll your device (see first scenario above), or they require you to use vendor-specific apps which tend to be clunky and lack common features.
A new technology from Microsoft called Mobile Application Management (MAM) removes these limitations and is a great reason to revisit BYOD. By building enhanced sandboxing technology right into their mobile apps that are already included as part of a Microsoft 365 subscription (Outlook, Word, Excel, etc.), Microsoft is making it easy for organizations to maintain secure control without the heavy management overhead. Employees are enabled to use either their personal or work owned devices to stay productive, and employers maintain peace of mind knowing their data is safe without having to enforce severe control policies or ever having to “enroll” the mobile device.
With MAM, we are able to enable secure access to company data for employees, using the applications they want without requiring any level of control over their personal device. Features like the inability to copy and paste from corporate apps to personal apps, or even take screenshots of corporate data are easily enabled. What is personal stays personal, and what is corporate stays corporate. As long as employees use the Microsoft apps to access their corporate data protection, we no longer care what device they are using to access it.
Mobile Application Management (MAM), part of Microsoft 365 and their EMS suite of licenses, is included in Bulletproof’s new Bulletproof 365 package, in addition to Bulletproof security and 24×7 IT Helpdesk Support.
Unlock Unmatched Security & Productivity: Get the Bulletproof 365 Brochure
It’s possible to achieve your security, compliance, and collaboration goals without the headache. Discover how to protect your business and help it reach its full potential with a turnkey IT solution that combines cutting-edge Microsoft technology and access to 17+ years of IT security and consulting expertise—get your copy of the Bulletproof 365 Brochure now.