Risk and Reward: How BYOD Has Evolved
We often hear about how technology is transforming our lives as both consumers and employees. We’ve experienced perpetual change driven by mobility and social technology creating the expectation to have instant access to any person, information or product. As consumers, mobility has transformed the way we interact with one another, how we meet people and how we buy and sell products and services. As employees, Bring Your Own Device (BYOD) programs have been in place for years, but the new computing power of smartphones and tablets have changed the way companies should think about their investments in this category. Mobile has created both, a significant opportunity and risk, for companies looking to leverage the latest mobile trends and technology through BYOD.
Consider that less than five years ago when we were still waiting for high speed brodadband networks to become a reality (some carrier customers would argue they’re still waiting). We’ve covered a lot of ground in a short amount of time to deliver the kinds of wireless connection speed we enjoy as mobile users. As we have matured with connectivity, device manufacturers have kept pace with phones and tablets that can harness that high speed connection and translate it into fantastic rendered views and a great user experience. Processing power, memory and broadband connection speeds are now common and standard for most smart phone users.
“If a company is going to be serious about embracing the new opportunities that exist in mobility and BYOD, it must be prepared with a security strategy”
In BYOD, this is where the opportunity exists for companies. Before these advancements, enterprise mobility used to be clunky devices with slow ugly software. Just good enough was the standard which is why most mobility strategies focused on simple, Business to Employee (B2E) apps that had the strongest business case and rate of return. Examples like field service and sales, asset management and inventory tracking were often the main investments. All of these early use cases were important and were the foundation for mobility today. However, there are far more use cases now for mobile around social engagement, productivity and collaboration that are lacking in most corporate app stores.
By most analyst counts, the new smart phone user base is set to exceed two billion by 2016. Companies have an enabled workforce with powerful mobile technology that they did not pay for. By instituting a more aggressive BYOD program regarding device types and operating systems, they can start investing in more meaningful mobile apps. Thankfully, while the industry was building better devices, software architectures and tools also matured. Mobile app design and development is no longer reserved for a small, niche community of developers. Thanks to Mobile Application Development Platforms (MADP) like Kony, Mobilefirst and Appcelerator, app dev is the main stream so that we can build any app, on any device, anytime. These tools also solve a critical point of failure for B2E apps: the user experience. MADPs have the ability to deliver the same great consumer experience on any device, regardless of the operating system. This is paramount since consumers and employees have the same expectation for app design and experience for any app, not just something designed for personal or consumer use. The same time and resources need to be applied to building great employee apps. This will give them the freedom to spend more time performing the valuable parts of their job and less time stuck in administration and desk driven software.
Unfortunately, the evolution of mobility has also opened up new hurdles for corporate adoption in the form of security. As smartphones become the standard, in a BYOD environment it becomes harder to create security policies that don’t constrict the power of these devices. It also needs to protect corporate data while not intruding employee’s personal and sensitive information. First generation tactics with Mobile Device Management (MDM) focused on locking down the entire device in order to protect local and network data. The more modern approach features a secure app strategy with Mobile Application Management (MAM) and containerization, but neither MDM nor MAM were designed to combat the constant changing threat landscape that exists today.
For most companies managing BYOD, IT security is the highest priority since mobile presents a massive risk. Threats now come in all types, whether they are application, physical, web or network attacks. An advanced set of tools are needed to combat these threats and protect employees. Most BYOD programs carry a more generalist approach to policy meant to maintain order and consistent benchmarking. However, hackers are now infiltrating devices through different channels and specific techniques to avoid most of the historic app level protection tools.
It was assumed that wrapping apps and containerizing them was a sufficient. Unfortunately, while most mainstream MDM and MAM tools hold the line on protection, they do not secure apps outside the container or user actions like clicking links, using vulnerable apps or joining hostile public Wi-Fi networks.Moreover, hackers are exploiting browsers as a more popular way to penetrate systems and attacking through PDF readers, social posts and links.
If a company is going to be serious about embracing the new opportunities that exist in mobility and BYOD, it must be prepared with a security strategy. Fortunately, like mobile software development, the mobile security marketplace has also seen accelerated growth. Companies like Zimperium, offering mobile edge security solutions that aggressively combat the new threat types, have become an important addition to traditional MDM and MAM tools.
Mobility and BYOD have both influenced the corporate environment and thanks to new technology and widespread adoption, more opportunities exist for companies to make their employees more valuable and productive. Securing the edge from devices all the way back to the corporate back office is critical to not only protect employees and data, but most importantly to allow an accelerated path to a true mobile enterprise.