As someone who spends a lot of time talking to CIOs about the Consumerization of IT (CoIT) and mobile, I get asked a lot about BYOD strategies. I also recognize that you’re likely to get a different strategy from every person you ask. To quickly recap how we got here over the last several years, the rise of BYOD is a result of more compelling devices in the marketplace combined with the move from Corporate-Liable (CL) to Individual-Liable (IL) device ownership policies. Typically, I like to take baby steps on this one because you don’t have to boil the ocean in order to respond to this mega-trend all at once:
Baby Step 1: Oh, it’s too late. This step was already taken while you weren’t looking. Your employees are already bringing their own smartphones and tablets into the enterprise. In an Individual-Liable scenario, they’re using their own data plans to surf the mobile web and use apps. Don’t freak out because you haven’t given them access to anything yet. At worst, you might have employees that are distracted and not giving you their best work since they’re playing Angry Birds. On the other hand, they may already be more productive because they’re using public information on the mobile web to solve corporate problems.
Baby Step 2: Your employees want to get their email on their smartphones and tablets. No surprise here. Since I’m a person that believes CIOs and IT Directors should get more value for their dollar, I won’t ever recommend one-off, point-solutions to satisfy the need of each different mobile platform, because that’s wasteful. During the middle of the last decade, I watched in horror as Microsoft began to license the Exchange ActiveSync (EAS) protocol to all its competitors. At the time, I was worried we were giving away one of Windows Mobile’s competitive advantages. Fast forward to our consumer-driven world of today, EAS is the one thing that every smartphone and tablet has in common.
While not every organization uses Exchange Server, most do. Some are even sidestepping the management of additional servers buy running this in the cloud via Office 365. What this means is that you can instantly give push email, calendar, contacts, and tasks to your employee’s iPads, Android devices, Windows Phones, Symbian smartphones, and iPhones via a single technology that you probably already have. If you’ve ever used Outlook Web Access (OWA), then your organization is already setup to securely deliver this value to most every device over SSL. Okay, at a basic level, your employees can now get elements of their ‘information work’ done anywhere at any time which makes them more productive. They should also be more responsive to your customers as well.
Baby Step 3: Uh oh, someone told you that security could be an issue. You’re now thinking that there’s no free lunch in mobile. While you may not be able to beat the security you get on your heavily-managed Windows laptops and tablets with BitLocker, there is some light-management that you get for free and you probably don’t even know it. Remember the EAS protocol from Baby Step 2? Well, it gives you some light device management in the form of policy enforcement in addition to the email stuff. While there are a lot of great device management packages out there that can give you complete control, when dealing with devices owned by your empowered employees, heavy device management may not be appropriate. The notion of installing a device management agent on each employee-owned device is a huge undertaking. So how does Exchange ActiveSync sidestep this? Well, it’s already installed on their smartphones and tablets and it does things like enforce complex PINs, password expiration, and allows you to remotely wipe a device if it gets lost or stolen. You get this for free and it works the same way across many popular smartphones and tablet. Whew, you now have a basic line of defense in play.
Baby Step 4: Supported device matrix. While EAS provides email, calendar, contacts, tasks, PIN enforcement, and remote wipe to the majority of smartphones and tablets your employees might own, some devices might fall through the cracks.
That’s why it’s important to let your employees know which devices and mobile operating systems meet the minimum EAS standards to create your BYOD baseline. It’s a list that looks similar like this:
- Windows Phone 7 and higher
- iOS 5.0 and higher
- Android 2.3 and higher
- Windows Mobile 6 and higher
- Symbian S60
As you can see, this covers the majority of devices that consumers are buying today with the exception of the Blackberry, which has its own device management system.
Baby Step 5: Your employees are now asking for enterprise apps so they can perform other elements of their job remotely from their devices. It’s too soon. I know your IT department has been developing desktop apps for decades, but your BYOD baseline isn’t ready for this yet. The heterogeneous mobile diversity created by BYOD makes cross-platform native development inefficient and costly. There are too many programming languages, IDEs, MEAP vendors, app security, and deployment issues for you to think about during this early Baby Step phase. Don’t worry, you’ll get there later. For now, I want you to keep it simple, and follow my theme of using the same technology over and over for every smartphone and tablet to realize training and cost efficiencies while shortening time to market. The Mobile Web is your key to cross-platform success. Today’s devices all have web browsers that support many of the features that comprise HTML5.
Bonus Baby Step: Speaking of Wi-Fi, the tidal wave of folks bringing in their consumer-focused, individual-liable devices are facing new caps on their previously-unlimited data plans and they’d like you to help. While I remain firm that you haven’t done enough in your BYOD baseline to trust devices on CorpNet, you can throw your employees a lifeline by giving their devices access to a ‘Guest’ Wi-Fi network that only allows them to go out to the Internet. Many companies have a segmented ‘Guest’ Wi-Fi network for visitors. If you already have something like this in place, consider allowing your BYOD legions to ride on this network using Wi-Fi Protected Access (WPA2) for security. Think of this as a ‘Give-Get’ since you’re publishing corporate HTML5 apps out to the public Internet without accommodating the data usage fees for employees to use them. Now employees can use your mobile web apps from the office without eating into their mobile operator’s monthly data allotment.
Is this everything you need to know? No. But it quickly gets you out of the paralysis of not knowing what to do about this tidal wave of devices flowing into your enterprise. Once you have this BYOD baseline in place, you begin to thoughtfully look at topics like encryption, containerization, wireless security, enforcing a larger list of policies, software distribution, inventory, corporate network access, enterprise apps, data, MEAP, and many more.
Right now, I want you to feel a sense of accomplishment by taking the first Baby Steps towards creating a mobile strategy for your organization.