Gartner ITxpo – Bring Your Own Device and mobile security
Monday, October 24th, 2011 Chris Witeck, Director Product MarketingHad a chance to attend the Gartner ITxpo conference last week. This was a good conference that allows an opportunity to hear Gartner’s opinion on Enterprise IT trends, as well as talk to people responsible for IT decisions within the Enterprise.
It should come to no surprise that one of the trends covered was the impact of ‘Bring Your Own Device’ (BYOD) and some of the innovation on the horizon in mobile devices and also cloud applications (and the relationship between the two).
One term we heard a few times at the conference was ‘Creative Destruction’ which talks about embracing these trends for the betterment of your business even if it fundamentally changes how you support your business and employees.
One of the interesting topics that really resonated with me had to do with how to support BYOD. It was mentioned several times that you should not look at BYOD just as a cost savings mechanism- and remember that it doesn’t eliminate costs but instead it just spreads them around. While it may be by design to spread the cost to the employee, you need to understand the impact of that. More on that later.
BYOD should look at enabling expression and productivity within an organization, as part of a ‘user-centric design’ that Gartner believes extends to the Enterprise, not just in the products you build, but how you support your users. That doesn’t mean that IT-supported devices goes away. Nor does it mean that the user bears all the cost of personally-liable devices. This is an ongoing topic that I discuss with customers frequently.
There essentially is a matrix that looks at the mobile stack device type (e.g. laptop, tablet, smartphone) and user role (e.g. C-Level, Director, Manager, Sales, etc.). Within that matrix is a call out on who owns the devices and who pays for access. Some users will get their device from IT, because their role demands it – whether it has to do with security or seniority. Some may buy their own device, but part or all of the voice/data cost is paid for by the organization. And then some will pay for everything but still be entitled to access data.
One good point I heard is the following question: what if you require users to pay for their device and you then roll out a video application that consumes all of the data in their data plan? Users may stop using that device for work-related purposes costing the organization the productivity benefit that may come along with that application. That may be a scenario where you consider paying for all or a portion of the user’s access in order to make that user more productive on their personal device.
And lastly, don’t forget about security. One thing I heard mentioned – that I’ve witnessed firsthand – is that often there is little continuity in security policies between laptops and tablets/smartphones, personal devices and corporate devices. There should be. It doesn’t mean the approach in securing a laptop is the same as securing a smartphone or tablet. The point is that the policy should focus on securing corporate information vs. securing the device, and that information security policy will have different levels similar to the matrix I described above. Access may be more limited for a more junior member of your organization on a personal device than a more senior member of the organization. The key is to set that policy, consult different business units in your organization and ensure it is well communicated.
For more information on the impact of BYOD on today’s enterprise, feel free to download our Mobile Enterprise Report.
