In the world of smartphones, Bring Your Own Device (BYOD) has been hailed as the perfect compromise: Everyone gets to use their favorite device, while somehow IT teams are able to firewall and protect corporate networks so an uncontrolled and (mostly) unknown device doesn’t represent a threat. Everyone is more productive and security isn’t compromised.
Or is it?
There are two core theories feeding these common assumptions behind most BYOD deployments: first, some corporate data just doesn’t matter, and second, managing mobile devices is too expensive. Let’s look at those both in detail — because they don’t hold up as well in 2019 as they have in the past.
Collaboration Creates Challenges
The first theory behind BYOD says that users can be given access to corporate data which is valuable to them, yet doesn’t represent a threat to the organization if they lose it or it falls into the wrong hands. In other words, people can be more productive with their smartphone by integrating it into their day-to-day workflows, yet the information they are using is so unimportant that it doesn’t matter if it gets lost or leaked.
For some kinds of access, this first theory is true. For example, if end users want to log onto video or audio conferences from their smartphones when traveling or at home rather than a desktop or laptop, that’s a really good solution. Smartphones are compact, have great cameras and wireless connections, and their screens are well-adapted for a basic videoconference. And, more importantly, video and audio conferences don’t leave much of a footprint on the device, which means that even if something very sensitive was discussed, the information is usually gone as soon as everyone hangs up.
However, one of the most common uses for BYOD is for corporate collaboration: email, address books and calendars. For many workers, it’s incredibly valuable to have their email with them all the time. But there’s really no way to say that this email is not important to the organization. Yes, most attacks on enterprise networks come via poorly secured internet connections, but just because hackers are taking the easy route to data breach doesn’t mean that organizations shouldn’t be paying attention to hundreds or thousands of devices floating around the world, each of which can connect to the corporate email system and address book at any time. People use their email as filing systems and to-do lists, and send around all sorts of sensitive documents. Email and address books do matter — a lot.
Of course, not all corporate data is private or important. But the data that people want to have with them on their smartphones — that information is valuable and sensitive, and no security team can simply say they don’t need to be protected. This means that one of the main arguments behind BYOD doesn’t really hold water.
Leveling the Pricing Field
The second theory behind BYOD is that it’s the only economical option. Smartphones are expensive, and users are picky about what they want and don’t want to be told to buy. The alternative — buying a smartphone for every user — seems like a budget buster. And no one wants to carry around two smartphones, so you need to think of the device as a shared resource between work and home. Without control and a limited set of options, no IT administrator can afford to take on the burden of trying to manage every individual device, operating system and configuration request that an end user might carry to the help desk.
That attitude might have been true five years ago, but the smartphone market has matured significantly and it’s not quite the free-for-all that it once was. No one is going to show up with an Amazon Kindle and expect to use it to read their email. Enterprises can get away with supporting two major operating system platforms and can take options such as BlackBerry and Symbian off the table. Not just because the number of devices running these older operating systems is diminishing, but because the security of those devices and platforms doesn’t match up to what enterprises need.
It’s not too difficult to narrow down the list of options to a very manageable set without being unduly restrictive. With economical Mobile Device Management (MDM) and Enterprise Mobility Management (EMM) tools in place, IT managers have the flexibility to allow huge swaths of the smartphone market to be part of their mobile deployment — without sacrificing security, and with cost-effective and simple management at their fingertips.
The social dynamic has changed as well. A smartphone isn’t seen as a luxury, but a necessary tool to navigate the day. That means end users expect to spend some of their own money, not only on a device, but also on a service plan. IT managers can leverage this changing attitude to improve security and availability of mobile services. In effect, IT groups can shift from BYOD to Choose Your Own Device (CYOD) or even Company-Owned, Personally-Enabled (COPE), all under MDM/EMM configuration control, and without committing to pay 100 percent of device and service costs for every user.
Altering the Environment
So why should IT managers shift from a BYOD environment to CYOD or COPE? Two main reasons: First, with MDM/EMM tools giving control over CYOD/COPE devices, many of the security risks of an uncontrolled BYOD deployment are mitigated. IT managers can deliver access to corporate applications such as email while protecting against devices being lost, infected by viruses or taken over by hostile forces.
Second, IT managers can deliver an enhanced experience to users who are depending on their mobile devices for part of their daily workflow. This isn’t just a question of standard BYOD applications — when a CYOD or COPE deployment is in place and constrains the set of devices, enterprises have much greater freedom to roll out custom mobile apps for their workforces.
Learn more about how to design and roll out a comprehensive CYOD plan in this free white paper.