Bring Your Own Device (BYOD)

white_paper_2

Integrators face unique challenges when implementing enterprise mobility solutions, affected by a furiously dynamic pace found in few other IT service areas. In many cases, the effectiveness of response to customer needs is the differentiator between an integrator’s success and failure.  Within the mobile context, survival and indeed success, depend upon the integrator’s ability to effectively transform customer demands for new features into tangible features and services. This document will detail some of the narratives around such integration activities within a Bring Your Own Device (BYOD) space. These activities include: securing and managing personal devices, change control in the mobile space, and mobile application design.

Ensuring data security and managing data such that information flows are understood has become one of the key objectives within Mobility. Executive sponsorship for personal mobile device access to enterprise resources and data depends upon a reliable demonstration of data integrity and data security compliance. The secure container is one such tool to maintain the customer’s preferred standard. With the secure container, encrypted using a validated FIPS 140-2 algorithm, the customer can be assured that business data remains separate from personal data. Further, the secure container offers the ability to manage business data without negatively impacting personal data. Among the most favored features of the secure container is the capability to “log out” and resume personal work without delay. This capability ensures that personal use does not impact business data and that a user can utilize a personal device, seamlessly transitioning between business work and personal activity.  This offering, among others, showcases how the secure container is an effective way to manage business data needs, while maintaining access to and use of personal data.

Personal devices occupy a middle ground in the need for supervision and the varying options will affect the opt-in rates of users, as well as user comfort with the program.  Personal devices are not managed as corporate-owned devices have been; they also require additional granular integration policies. For example, devices enrolled in a BYOD program should not have personal data or usage affected by business data access, use or the approved BYOD container.  As such, the program has the incentive to standardize, reduce the myriad of commercially available variations, and provide an enterprise based standard experience for configuration, use, and opting out. Ultimately, as with most policies and control systems, the integrator will identify that the appropriate level of capability management for the device and associated user accounts rests with the customer’s comfort level with evolving mobile technologies, as well as their overall risk profile.  Some customers choose security over usability; others may prioritize speed of configuration over verification steps. As the mobile space matures, these tradeoffs will likely converge so that maximum benefit may be obtained without sacrifices to functionality or security. Until then, the integrator collaboratively identifies on what tradeoffs are available that best suit the needs of the customer’s business.  Organizations should be prepared to decisively direct the level of control desired for BYOD program management, and integrators should be prepared to advise and facilitate the outcome.

Along with pinpointing the levels of device management, integrators need to provide their customer with the impact of managed change control in the mobile space. Several mobile solutions have components that are delivered in a “zero-day”, “software-as-a-service” method. The core impact to enterprise change management is that the change process must adapt to this new method of deployment. Previous change management programs would require a submission of a change request, review of the submitted request, the test plans and scans, supporting documentation, and then approve the change for introduction into the environment. Today, the vendor updates mobile applications (apps) at a pace that is unparalleled. This agile method ensures that updated versions of commercially available mobile operating systems are immediately compatible with the new app version, security updates are incorporated immediately, and that new mobile hardware platforms are supported on day one. Imagine if users are asked to upgrade their mobile OS, and when they do, their app breaks? On the fly updates by the vendor solve this potential shortfall.  On the other hand, an organization that is accustomed to providing prior authorization for version updates before they are implemented in the environment may consider pre-authorizing minor app version updates. Another approach that may assist is developing a clear understanding of the differences between minor versus major app releases. Integrators may have some room to reassure customers that the benefit of an agile approach to app management outweighs the potential drawbacks. Ultimately, integrators will need to be prepared to advise the customer on understanding that change control needs to proactively adapt to the new direction within the mobile space.

Integrators will also have an opportunity to discover the customer’s preferences for usability. For a BYOD program, adoption rates are crucial to demonstrate value. Usability of the app and service experience are both key factors in determining how many of their users enroll in BYOD, how many will actively utilize the capability, and how many people remain enrolled. One way to maximize app usability is to evaluate those apps that include a “native” design; that is, the app looks and feels like the hosted mobile operating system. Native mobile apps provide the user a feeling that is more comfortable, and reduce, or even eliminate, the need for training users on usage of the mobile app. In some cases, native design may even allow an organization to transfer support for the app to a different organization. Native design may require more effort and costs may be greater, but the long-term effects of quick adoption, user sentiment, and familiarity with the app are likely to be well worth the investment. Integrators also need to prepare to advise customers that some variations of the app in the environment can be a good thing. People are accustomed to using their mobile operating system on their personal device – and it makes sense for the app to look and feel like their mobile operating system. This may require the organization to endure, and even encourage, the presence of multiple looks of the business app in the environment. And while this may challenge the old idea of what the monolithic, standard enterprise has looked like in the past, integrators are well-positioned to advise on the benefits of maintaining various operating systems, each with a unique “look and feel” and all with a business app that delivers daily value to employees with mobile needs.

Integrators can expect various challenges when advising customers about mobile BYOD implementations. The dynamic and mixed nature of the BYOD program lends itself to several degrees of control and insight, where the historical enterprise standard does not look the same across industries or across organizations. Even across working groups within organizations, BYOD programs with app deployment may allow a different specialized experience for certain roles in the organization. It is within this highly dynamic environment that integrators must help customers prioritize the key goals of a BYOD program. Are the goals personal convenience, improved access to the business environment, and a reduction of costs or cost sharing, or what combination of each element is needed? When the program objectives have been identified and prioritized, the integrator will have the opportunity to recommend the new manner in which mobility has affected how we work, the way we think of enterprise standard and device management, in addition to the understanding and authorization of changes in the Enterprise, with the approach of BYOD program design to maximize both security and usability. As with all integration responsibilities, understanding the customer and defining their business requirements and needs will ultimately lead to the necessities of a successful and rapidly accepted BYOD program that will be implemented to best suit the needs of the business.