Bring Your Own Device

Q&A on BYOD: Answers for IT departments

TechRepublic editor in chief Jason Hiner and ZDNet editor in chief Larry Dignan respond to questions about the impact of BYOD on IT.

In the latest episode of The IT Factor on Thursday, ZDNet editor in chief Larry Dignan and I discussed "BYOD: The New Mobile Reality." When we got to the end of the webcast we weren't able to answer all of the audience questions on air so we decided to follow up by posting the questions and answers in a blog post. So, here goes:

1. How does the enterprise ensure adequate security over personal devices?

Jason: "This is the big issue that still needs to be solved. Too much company data is currently being stored on mobile devices and personal laptops.This includes company emails and documents. Eventually, this information is going to have to remain on servers and simply be accessed seamlessly from mobile devices. The solutions still need to mature a bit to make this happen."

2. With BYOD how would you handle hardware upgrades when it pertains to a piece of software that has specific requirements?

Larry: "Hardware upgrades could be an issue depending on the requirements, but I only see that being an issue for security and compliance. In my experience, the gear you have at home is often better than what the company hands out in terms of hardware specs."

3. Who's responsible for service/support/maintenance if a large enterprise is using a broad range of technologies and applications (that may not be 'enterprise standard')?

Jason: "IT can't be expected to support hardware or software that they haven't deployed or vetted. This is where IT takes on more of an advisory role by helping point people in the right direction when they run into problems. IT, of course, retains responsibility for making sure the company's internal apps work like clockwork on the most popular devices."

4. Is the data in the device more important than the device itself especially with BYOD? Should a company / institution / agency be more concerned with what data the employee is moving to their personal device vs. the device itself?

Larry: "Ultimately I think data protection is everything for the enterprise and that means gating it and delivering it virtually so it can't be put on a device. The concept is that the employee can access the data through a tunnel, but can't walk away with it."

5. What is the best mobile management software to use to manage these devices that will insure security and control what apps are installed? What do you know about Maas360 for managing mobile devices?

Jason: "For device management, the most trusted solutions are BlackBerry BES (which now supports other devices beyond BlackBerries), Good Technology, and Microsoft Exchange ActiveSync. We haven't heard much about Maas360, but that doesn't mean it's not a viable solution."

6. Does it really make sense to give people $700 a year for new gear with no real guidelines?

Larry: "I think there would be some sort of guidelines, but as I noted before. The hardware (and often software) you have at home is more powerful and easier to use than the work systems. A generic outline for a guideline would be amount of memory, ability to run virtualization software easily and items like that. "

7. What is a "virtual desktop"?

Jason: "This is where your Windows desktop at work is run from a server. You can log into it from any computer by connecting to that server and then a full image of your work desktop is presented on your screen and it looks as if you're working on that computer even though the actually computer is miles away in the data center. All you're seeing is images of that computer being constantly refreshed. This lets you work on your work computer from anywhere with a good Internet connection while keeping all of the company's data secured in the server room."

8. If things get virtualized. Instead of providing allowances would there not be a market for providing thin clients and trying to allow cloud solutions on the go?

Jason: Yes, this is the end game for desktop virtualization. You can access your company workspace from any computer or even a mobile device, in many cases. And when you sit down at a desk at a company office then you simply access it with a thin client and a traditional monitor, mouse, and keyboard.

9. "Smartphones should be personal, it's not about cost, it's only about protecting the data" - is that true? What about usage costs & licensing implications? Surely this cannot be ignored by any business? Are there any solutions?

Larry: "These things can't be ignored---especially licensing. But part of the ROI on the BYOD argument is that you wouldn't pay for usage costs. A lot of the voice and data plans are being offloaded to the worker/consumer who uses up his minutes. Perhaps if there's some extreme case the company picks up the tab. But if you work from home it's not like the company pays for your broadband. Licensing costs may be trickier, but if that's delivered through a thin client or virtualized environment the access is centralized."

10. If data is the kicker then is MAM ore important than MDM? Or, are they still inter-related?

Jason: "Yes, Mobile Application Management (MAM) will ultimately be just as important as Mobile Data Management (MDM) because the apps are where a lot of people are going to be interfacing with corporate data and they will need to implement best practices for security and compliance while also making the process seamless (and virtually invisible) for users."

11. But is it smart from a business standpoint to enable overwork? People need time to get away from work too. Do you pay overtime for all of the "work" done away from the office?

Larry: "Work life balance is important. However, most execs toting around devices and working keep doing it. It goes with the territory. Overtime would be nice, but frankly that's for a limited subset of people. Things are blurring together so much I'm not sure you could even track the difference between work and life. Sad in some cases, but true. "

12. How about AbsoluteSafe for data security and management? Not sure I follow how VDI plays into BYOD?

Jason: "I don't know AbsoluteSafe very well, but it is a Mobile Data Management (MDM) solution for iOS and it is well-rated by users. VDI, or Virtual Desktop Infrastructure, plays into BYOD because it allows you to run your company workspace from any device, but especially your personal laptop, without storing any of the company's data on your personal machine. Your virtual desktop -- a Windows workspace with all your company apps and data -- remains in the server room while it looks and feels like it's running on your local machine."

13. How would an IT support role change in a BYOD office? They would need to support multiple devices multiple platforms etc. Would an ROI be almost next to null since there would be more training and specialization in all areas?

Jason: "IT will support far fewer devices -- only the ones owned and absolutely needed by the company. This will likely be a lot of thin clients and a few specific computers and mobile devices that the company deploys. IT will focus on supporting the company applications and serving in an advisory role to help point people in the right direction if they're having problems with their own equipment. In cases were personal devices fail and need to be repaired, many IT departments will have short-term loaners on hand so that people can keep working."

14. How would the ROI look in an environment such as educational institutions that don't need to worry much about data security?

Larry: "Generally speaking I think the ROI for an educational institution would look the same as a corporation. I'd also dispute the data security comment. Social Security numbers get hijacked from universities too. I'm not familiar with .EDU settings, but it seems like a no-brainer for BYOD. After all, those students all bring their own gear---mostly Apple from what I've seen. "

15. The ROI on BYOD is found in interface familiarity and speed to implementation. Many BYOD early adopters are bailing in favor of corp owned due to boundary issues.

Larry: "Every implementation is different. And I could see an early adopter bailing. For instance, if my laptop blows I'm not sure what I'd do. Couldn't call corporate help really. If the access to data is difficult to reach from a personal device, you may be one of those folks touting a work device and a personal one. I'd argue that there will be some hybrid approach to BYOD."

16. What are you're thoughts on support with regards to BYOD? The business is likely to still want support, so increasing support costs. If IT do not to support them, then the business is wasting time trying to get them fixed. Is that cost effective?

See questions #3 and #13.

17. I'm not sure of the ROI equation, but the BYOD seems it would eliminate the "bottom rung" of IT workers from the payroll. How many more higher skilled folks do you need to bring on to enable the virtualization of data centers and desktops?

Larry: "I think the argument for virtualized desktops goes beyond BYOD. I think virtualized desktops will apply to every worker in some form. Why? Companies hate PC upgrade cycles---it's one more thing to worry about. Then you have different OSes running around. You also have patching policies etc. Centralize all of that and a lot of headaches go away. I think thin (err cloud) clients apply to all workers in many respects. VMware and Citrix as well as others sure are hot on the idea and the revenue is actually showing up in the financial results now. "

18. For example, what if you are company XYZ and employee says, here is my Mac... Support it and make it run on your network. Ummm... OK.

Jason: "The idea of BYOD is not that IT supports hardware that it doesn't own. IT simply provides guidance to employees who prefer to use their own hardware and support themselves. This involves helping them figure out how to connect their devices to the company VPN, company resources, and company apps. The main task is creating documentation and help sheets and keeping those documents updated."

19. Can your guests [Larry and Jason] address some of the tools/techniques of securing the data that matters?

Larry: "Techniques would be to keep data centralized so it can be viewed and altered but not carried away on a device. There are also systems where data is stopped at the border. Say a word like confidential goes through the network and is stopped. The general theme is that data is controlled and secured by the enterprise, which shouldn't waste its time managing a fleet of devices. Specific tools would be mobile device management suites. RIM has entered that market, but there are literally dozens of players. I suspect RIM may have a nice entry into MDM simply because it's already embedded in enterprises."

About

Jason Hiner is the Global Editor in Chief of TechRepublic and Global Long Form Editor of ZDNet. He is an award-winning journalist who writes about the people, products, and ideas that are revolutionizing the ways we live and work in the 21st century.

14 comments
Charles Bundy
Charles Bundy

I wonder how users would feel if command central told their personal device to wipe itself. Or that there was even the possibility that said device could be wiped thus losing their [b]personal[/b] data along with the [b]work[/b] related information. With BYOD both sides lose control of where the line is drawn between personal and professional usage.

MyopicOne
MyopicOne

The data is ALWAYS more important than the device...

ceso_softdev
ceso_softdev

I just dont see how a user wil say something along the lines of... "Don't worry, I will fix my own device since I'm the one who broke it in the first place..." If they are using it for work, they will demand tech support from the company, simple as that. To think that you can draw the line simply because its personal its in my a crack induced fantasy. If you try to pull that off, it will only make your tech support group "look" in the eyes of users like the biggest jerks in the world.

jjustice
jjustice

There are good leverage points for BYOD but it is not an end sum game. What you really are seeing is the convergence of BYOD, IT consumerization and Virtualization technologies that give a skilled technologist the ability to deliver a more dynamic "desktop" experience at same or better cost alignment. I guess what I am saying is you cannot just tell employees to buy a device.... of their choice... to use and then take away the IT support services they have grow accustiomed to. Two comments: One, on the point that "staff have better equipment at home". Many staff have very aged euipment or simple do not know what they have. (smartphones being more ot the exception here). Two, call it "advising" or "guidance", it is still support.

SKDTech
SKDTech

Of people who expect remote workers to use their own mobile data plans and minutes or home internet connections without compensation from their employer. Especially with the high cost of those same services. Or those who think that it is alright for people to work outside of their paid hours without additional compensation for doing so. We already have problems with companies that try to avoid paying overtime by placing personnel on salary.

guy.rowson
guy.rowson

A few of comments: - VDI is not necessarily synonymous with Server VDI - Data does not necessisarily need to reside on server Why is their no mention of solutions like MokaFive? BYOD will do little to lower real IT support costs to the organisation. Either IT will need to provide support or the users will spend their work time trying to provide their own support which will eat into their own productivity or a hybrid of the two. This will regardless come at a cost to productivity. Perhaps the increase in output due to flexible working via BYOD will outweigh any loss in productivity from resources due to self help and the possible inefficiencies of the same. what about the risk/issue of distraction on the BYOd device from personal email, messaging, or whatever else the user accesses on their device? What impact will that have on the real ROI from a BYOD initiative and how will that be managed? Guy

Color me Gone
Color me Gone

This is exactly what AT&T was using Internally back in the day. 200 users that had a terminal and a keyboard would login to a server and go about their business. I have never understood why companies spend ( waste ) so much money and time on pc's and IT support needed for them. Maintenance cost for users was practically zero. Maybe replace a terminal or kb a few times a year. Can somebody please explain the logic of pc's?

tom.marsh
tom.marsh

"Eventually, this information is going to have to remain on servers and simply be accessed seamlessly from mobile devices. The solutions still need to mature a bit to make this happen.??? "Techniques would be to keep data centralized so it can be viewed and altered but not carried away on a device." This is... fantasy. There is no amount of "maturity" that will prevent a determined attacker from exploiting mobile devices just because the user is "viewing" the information rather than "storing" it. Because in reality, if you can "view" the documents on a mobile device, that document IS stored on the device for some period of time (whether it is on "disk," in memory, or on the screen, or all three,) and because of that an attacker can compromise them by compromising the device. It doesn't even matter if the document management system is sending an "image" of the document for you to read, if it shows up on your device, it can be compromised. No amount of wishful thinking will change that--short of human beings being genetically modified to include DRM in our eyeballs so that "unauthorized" data can't be read by human beings, within the boundaries of contemporary computer science, this is essentially an unsolvable problem. It doesn't matter if they're "stored" in the traditional sense (i.e. "the permanent copy") "on the server," and you only get a "view" of it on your device--if you can see it on a device, a determined attacker can steal it. Even if I'm looking at an "image" of a document (i.e. not a downloaded, local copy) it doesn't matter--OCR exists, and all an attacker would have to do to compromise this data "viewing" scheme would be to send a screen capture somewhere and analyze said caps with OCR at the attacker's convenience. And any scheme you can invent remains vulnerable to this attack, regardless of how it works. If, at some point, it is on the screen, it is vulnerable. Even if that info isn't "stored locally" on a disk, if its in RAM it is vulnerable. When you factor in that these devices are "unmanaged" in most environments it makes it almost certain that some percentage of these devices will be compromised.

CharlieSpencer
CharlieSpencer

I just wonder how many of those loaners will be adopted by the employees using them on a semi-permanent basis.

Charles Bundy
Charles Bundy

The thing to remember is whether this is mandated or optional. If you want to work from home, or use your own device there ain't no arrogance in expecting you to put skin in the game.

CharlieSpencer
CharlieSpencer

In most cases, the employees are asking for access to work data from their personal or home devices. If an employee doesn't want to come to the office, why should the employer foot the bill for his connection?

CharlieSpencer
CharlieSpencer

Because the up-front costs to set up VDI (including training for the IT staff, HVAC upgrades) is often more expensive than the short-term costs of desktop client upgrades, especially if those upgrades are staggered as needed instead of being performed across the fleet all at the same time. The long-term ROI may not be there for VDI, especially if the company has only a small percentage of mobile users.

HAL 9000
HAL 9000

Quite simply it is cost. Way back in the days of Mainframes companies spent a lot of money and that was measured in the 10 of Millions on the Mainframe and thousands of $ on the Terminals. Compare that to a PC say a 286 which cost the company 10K about the same as an older Terminal and could do it on the Desktop not on a 2.5 Acre Server Farm which had the power of a Commodore Vic 20 of 15 or so years previously. Back in the Bad Old Days of 1969 the Mainframe which took man to the moon had about as much processing power as a VIC 20. The difference in cost was fantastic and the possibilities of moving powerful PC's onto the Desktop and doing all your processing there was too good to be true. Then came Microsoft which was not the best platform to do this with but because IBM supplied Microsoft DOS which was a Throw Together to get a OS which previously Microsoft never had or even planned on having. The IBM PC started the PC Revolution for better or worse but today we are slowly seeing the return to Powerful Servers which we now call Blades and the new version of Dumb Terminals which we call Thin Clients. There are disadvantages just like there where back in the Bad Old Days but with Gigabite Networks and High Speed Broadband they are easier to overcome than they where previously, though cost is still an issue. Recently I looked at a Real Estate Office here with a HP Blade a very small 10 CPU Unit with 35 Thin Clients in the entire office and it was marginal as to which was cheaper the Blade Setup or PC's on the Desk with a Terminal Server in the closet. What sold that place on the Blade was the cost of maintenance but that was all [b]Fuzzy and Warm[/b] to the Owner with Estimates on the savings which have as yet not been realized. The Initial Upfront costs where far less as they Hire the Blade and everything in the place now but the Monthly Running Costs and Hire Fees are far more than the PC's that this replaced. Over a 5 year period the costs will work out about the same with the advantage/disadvantage of not actually owning any hardware which needs to be disposed of safely. Depends on which side of the fence you sit on with that one if it is an Advantage or Disadvantage. Though as the Hire Company owns the setup I'm not sure what actually happens to the HDD's in the Blade as they need to be returned with a working OS Installed so I'm guessing that the Hire Company will end up with all of the data as well as the hardware. Not something that was originally discussed at the time of the Original Hire Contract being sold and here it all depends on how Ethical the Hire Company actually is I suppose. Col

Pete6677
Pete6677

Umm, that's always been true for any computing device. Regardless of who owns it. And don't think that running the latest version of Symantec SystemHog is going to save you either. If someone wants your data that badly they'll get it. In fact there are far easier ways to do it, such as creatively asking an employee for their password.

Editor's Picks