BYOD Dilemma: Devices vs. Data
Though we’ve started to see a small bit of retrenchment from the most extreme examples, it’s clear the BYOD (Bring Your Own Device) phenomenon in the workplace is here to stay. Younger and older workers alike have become accustomed to using their own devices to do their work, particularly when it comes to smartphones and tablets, and IT departments continue to refine policies and procedures to adjust to this new reality.
But one of the remaining debates within BYOD is determining what, exactly, IT needs to manage. Traditionally, IT focused on the management of the physical device, especially with PCs, doing everything from tracking the actual location and status of corporate-owned PCs, to ensuring all the latest OS, anti-malware and application patches were installed. BYOD adds several new twists to that equation, however, with a significantly wider range of device types and platforms to support, as well as potential differences in ownership. Toss in the increased mobility of many BYOD devices, and the growing usage of all devices for personal applications and you have the recipe for a very messy situation.
Not surprisingly, many IT departments, and vendors serving those communities, initially fell back on the types of solutions they were comfortable with: tight management of the device and everything on it. Large numbers of companies built MDM (mobile device management) solutions to essentially bring the kind of strict management policies commonly associated with PCs to the world of smartphones and tablets.
But several problems popped up fairly quickly. First, people change their smartphones and tablets more often than they do their PCs, making it virtually impossible on any given day for a corporate IT department to really know what types of devices were walking in and out of their doors (let alone what kind of information was getting copied onto those devices). Second, the need for more granular control became readily apparent. The notion of remotely wiping devices of all data on them—particularly those that may have been purchased by the employee—surprisingly (cough, cough) did not sit well with most people. In addition, many employees discovered they could use other types of mobile applications to open, edit and/or use their work-related data, making the range of applications in use tremendously more varied than it had ever been. This situation also created the need for yet another type of management tool: MAM (mobile application management). Topping things off is the fact employees have now become much savvier about how to work around any limitations IT might impose.
The end result is the somewhat chaotic mess we find ourselves in today. In fact, things have gotten so out of control in some environments, there are increasing reports of companies starting to reign in at least some of the BYOD freedoms they previously doled out to their employees. After numerous refinements to existing tools and a multitude of new products and concepts—including the appealing idea of separate work and personal “containers”, each of which can be separately accessed and managed—things do seem to be moving in a better direction.
I would argue however, that the real problem stems from looking at this challenge from the wrong direction—at several different levels. Instead of looking from inside IT out to these devices, the real answer is looking inward from the individual employees and whatever set of devices they happen to be using at a given time, to the corporate data and applications rightfully controlled by IT. The keys to the kingdom, so to speak, are access to the data and applications employees need to get their work done. By essentially assigning different “keys” to different levels of data and access, and then doling out those “keys” to the appropriate people, IT can focus specifically on the assets they really need to manage, while still giving the freedom to employees to use whatever devices they want in order to get their work done.
The keys to the kingdom, so to speak, are access to the data and applications that employees need to get their work done.”
Both vendors and IT have quickly learned that adding friction to a process employees feel they need to be productive is an open invitation for those employees to work around them. So, rather than creating unnecessary and unproductive tension between employees and IT, both solutions vendors and IT departments need to create solutions that keep things clear to everyone — it’s not about the devices, it’s about the data.