Your employees are heading back to work from their holiday hiatus in the next few days. Based on the amount of smartphone and tablet advertising blared out between reruns of holiday movies, I’m going to make my own unscientific estimate that a lot of them are going to walk in with new mobile devices. (NPD certified that the Google Chromebook accounted for 20% of notebook sales, according to PC Magazine.)
This was not necessarily a holiday phenomenon. Tom Kaneshige noted just before Christmas in CIO that BYOD had become “the new normal” in 2013. So if you’re the CIO, perhaps you’d better hope that Santa left you something under the tree to tackle the ongoing BYOD craze – maybe something along the lines of mobile device management. David Strom reviewed six such products earlier this month in NetworkWorld, but this is by no means an exhaustive list.
But there’s an even bigger problem to contend with: there’s no consensus on the best strategy for dealing with mobile devices.
Carl Weinschenk noted on IT Business Edge last week that the whole idea of mobile device management is evolving. I’ve heard this refrain from vendors, exhorting IT to think about something grander, namely enterprise mobility management. In addition to securing the device, EMM encompasses mobile application management and security.
But over at TechRepublic earlier this month, IT consultant Patrick Gray argued that it was ridiculous to apply a “$1,500 solution to a $300 problem” and referred to MDM as a “Band-Aid.” He suggests focusing on the issue of application management: “Rather than frantically trying to gain control of [endpoints], assume endpoints are an unknown and untrusted commodity.” Thinking this way, he says, “your company’s applications will be ready for any type of endpoint, be it a tablet or a partner interface, and you’ll save yourself the headache of trying to apply 1980’s device management to increasingly prolific, mobile, and personal end-user devices.”
Still a third perspective came from security administrator Ken Hess, who opined last week on ZDNet that such MAM and MDM tools would only be one piece of the puzzle. Declaring that mobile security would be “the buzz term of 2014,” he noted that security requires a multi-layer approach, and that IT could expect more in the way of security from the device vendors themselves. Hess feels like this approach solves multiple problems:
“The problem with enforcing security from external sources, such as MDM suites, is that users feel that their devices have been taken over by their employers. And … it makes for unhappy users and unsuccessful BYOD programs. Enforcing security by the manufacturer, at the device level, is far more comfortable for businesses and for users alike,” he writes insightfully.
That pounding you feel in your head is not an anticipation of a New Years’ hangover – it’s the confusion that comes from the fact that there is no one single way of solving the issue of BYOD, devices, and their security. The answer comes back down to the same response techies gave when people asked which PC they should buy, a lifetime ago in the 20th century: “what are you going to use it for?” If the device is going to access high-level corporate intellectual property, you have to think about beefing up security from multiple angles; if it’s going to be used solely for corporate e-mail, that’s a different issue. Just as with mobile devices, there is no one-size-fits-all answer.
Email CIO Next Community Manager Howard Baldwin if you’re a CIO who’s figured out how to knock the BYOD problem.