BYOD in the Enterprise and CIO Concerns

In a recent article in Information Management Bruce Guptill of Saugatuck Technology summarizes some of the main concerns he hears from CIO and IT clients regarding enterprise mobility and the rise in Bring Your Own Device (BYOD) programs within their organizations. He points out that BYOD, or BYOT as Bruce refers to it, presents challenges for CIOs because of the increasing scale and diversity of device numbers, device types and software ecosystems.

In looking at these challenges one can start to conclude the most common concerns that Saugatuck Technology hears from their CIO clients. He is a quick summary the article presents about those common challenges:

• Hardware: Device differences, manufacturer viability, device reliability, device/manufacturer technology strategy(ies), device capabilities (e.g., cameras in secure areas)
• Software: OS differences, UI differences, app quality, app provider viability, apps store support/security/viability, built-in cloud services (e.g., iCloud, Google Apps, Kindle Store)
• Services: Provider adaptability, provider technology(ies), provider ecosystem relationships and viability; provider data management, integration, protection, and compliance
• Users: Identity management, device/app/Cloud services management & usage (e.g., potential tech/operating incompatibilities, security)
• Security and risk management overall: Everything. When it comes to mobility, CIOs and other enterprise leaders simply do not yet know what “security” should include, who has responsibility for it, what the best practices are, and so on. It’s very similar to the growth of web site usage in the early to mid-1990s. The technology is very widely used, but its real effects, exposures, limitations, and capabilities are only just being explored. In addition, a great deal of the security risk lies outside of enterprise controls, with the network and its providers.

Well, it seams that CIO’s are concerned about EVERY aspect of BYOD. If that is the case then why undertake and initiative that concerns you across the board. The simple answer here is that CIOs are not the ones calling for BYOD programs. Directives are coming from executives and even the employees themselves. Executives are calling for it as they look at the perceived benefits of BYOD from cost savings on hardware to employee productivity based on working longer hours out of the office. For the employee the consumerization of IT has put a device in nearly all of their hands, and the not only expect to be able to use that technology for all aspects of life including work but to have the same seamless experience on the device they have in the personal lives at home.

With CIOs not necessarily wanting BYOD but without the ability to deny it the only thing they are left with is to manage it. Guptill’s advice is along the lines of slow and steady wins the race. He suggests starting BYOD programs off on a small scale, only allow a few approved device types on to the network. He writes that, “This will enable you to focus your efforts on delivering the best value to the top platforms and reduce overall effort. Additionally, maintaining an initially tight focus on device versions and types will give you a better ability to ensure that the device software itself is up to date and secure.” Also, looking at Mobile Device Management solutions that include more subtle capabilities allowing IT to monitor and secure devices on the application level. This solution approach allows IT to deal with the sensitive issues BYOD presents of how much control a corporation should have over personally owned devices.

Click here to read the full piece from Guptill and for more on the mobility concerns Saugatuck Technology is hearing.