Facilitating BYOD at your Company

I’m sure you’re inundated with a steady stream of news and information about the Bring Your Own Device (BYOD) component of the Consumerization of IT (CoIT) phenomenon on a weekly basis. Yes, a good percentage of your employees are walking into the office with a wide range of smartphones and tablets every day and they want to be productive.  Let me share just a few ways you can facilitate a positive outcome for your employees via completely ‘invisible’ means.

The first is enabling Exchange Active Sync (EAS) to securely provide your employees with email, contacts, calandar, tasks and ‘light’ mobile device management (MDM).  Virtually every smartphone and tablet on the planet comes with the EAS client bits as a standard component of the mobile operating system.  Whether you’re running Exchange Server in your own data center or in the cloud via Office 365, your employees can quickly and easily become connected with their coworkers.  Oh, and you get mobile policies like password enforcement, device encryption, remote wipe and others for free.

The next thing you can do is use a reverse-proxy server or appliance on the edge of your network to securely publish web services and web sites out to the Internet.  Without having to fumble around configuring and pre-connecting a VPN tunnel, your mobile employees can access the corporate information they need just as easily as they do when connecting to other resources on the web.  Those services and sites will be wrapped in SSL and require appropriate network credentials in order to access them.   If you’re currently publishing Exchange Active Sync out to the Internet today, then you probably already have this capability in place via server technologies like ISA, UAG, and others.

The last thing I want to focus on are those web services and web sites you’ll be securely publishing to the Internet for mobile consumption.  It’s important that they be efficient over slow wireless networks and work with any mobile device or web browser.  You web service wire protocol needs to be REST instead of SOAP and your data must be serialized with JSON instead of XML.  Mobile web users must either be directed to a mobile version of your site or you should employ Responsive Design principles to provide the best experience.  Those web apps must use the HTML5 Application Cache so they can work offline as well as IndexedDB or Web Storage to store data on the device just like a native app.

These are just a few things you can do to deliver ‘quick wins’ for the employees at your company without compromising security.

  • I think the “light” MDM component is a good example of an obstacle in the MS approach to BYOD for some of us. If a user is doing BYOD and putting corporate data on the device then I want full MDM capabilities. For example, I want to wipe the corporate data from the phone using a selective wipe rather than returning their entire device to factory defaults. Maybe EAS can do this now but last time I looked it couldn’t. Those use cases are why people like me are putting full fledged MDM in front of EAS even on O365. Then you’ve got App-V being Windows focused, Direct Connect requiring domain membership, Terminal Services, etc…

    MS can enable a functional BYOD environment but security and user experience still have a ways to go. I’m not dogging MS as we’re a full fledged MS shop but MS isn’t there yet with a holistic integrated solution for mobility and application delivery which may or may not be within the scope of how you define BYOD. Keep up the good work.