Security

BYOD must be restrictive

Read time 3min 20sec

Bring your own device (BYOD) strategies need to be balanced with a pragmatic and slightly rigid approach.

So says Paulo Ferreira, head of enterprise mobility at Samsung SA, who adds: "BYOD in itself is not a bad thing. There are many merits to it - from enhanced productivity to cost-saving benefits. But the fact is, if BYOD is not carefully managed, it can result in a major headache for the CIO and the IT department."

The biggest issues, he says, are security and the management of a proliferation of devices and operating systems. "In the PC world, you need to support only a couple of operating systems. In the mobile world, there are numerous operating systems, and a vast array of devices. There are over 20 mobile manufacturers using the Android operating system alone - and each OEM customises it - causing fragmentation of the Android market - and produces a wide variety of handsets."

In addition, cheaper smartphones are taking enterprise mobility to a far greater market, who also want access to enterprise applications on their personal devices, and who might be more productive if organisations' appropriate mobile apps are provisioned on their devices.

Securing, managing and making enterprise applications available to the ever-growing variety of devices and operating systems is virtually impossible, he says.

Ferreira advises companies to embrace BYOD on their own terms. "They need to be slightly restrictive," he says.

"The IT manager has to make a decision on whether to accept all the platforms and devices, or consider being a little restrictive and accommodate only some."

Ferreira advises simplifying the security and management of BYOD by limiting the devices and operating systems IT is prepared to support.

"Security and management tools will play a very important role in defining what handsets they can accommodate. There are numerous mobile management solutions available from third-party software vendors - but each of these also have limits to the operating systems and devices they support."

Ferreira notes, too, that many management suites drop support for legacy handsets after a relatively short time. However, he says, this is in line with a tendency for consumers to replace their handsets in under two years.

"Because of stiff competition, upgrade cycles of smartphones are typically less than PC refresh cycles," he says.

"PC refresh cycles are typically around three to five years. In the mobile world, the refresh may be every 21 to 24 months, in line with mobile contract cycles, or even shorter as consumers opt to buy the 'latest and greatest' new devices off contract.

"The benefit for corporate IT is they don't usually have to support legacy handsets with operating systems older than two years."

Ferreira says CIOs and IT departments should assess how manufacturers address corporate IT requirements on their devices.

"Look at who makes enterprise-ready devices. Ask who can address enterprise security needs, protecting data on the device whether it is connected to the corporate network or not."

He says IT could also segment its workforce in the same way they are segmented for PC use.

"Define devices for the power user, information worker and taskforce user, and create segmentations determining what user segments require which device categories and what apps you will provide for each segment and its devices."

Paulo Ferreira will speak at the upcoming ITWeb Mobility Summit, to be held at the Forum in Bryanston on 22 May. For more information on this event, click here.

Have your say
Facebook icon
Youtube play icon