When designing a mobile enterprise strategy, should IT encourage employees to bring in mobile devices they already like and use on their own? Or should IT just procure devices fit for use in the enterprise and hand them out to employees? Is there a middle way? What are the considerations? Cost implications?
IDC, a research and consulting firm(1), has analyzed Bring Your Own Device (BYOD) policies and compared them to “corporate-liable” device policies. And here’s what the researchers found:
When BYOD is motivated by expectations that the company will save money from not procuring mobile devices, the company will pay a much higher price in the end. The reason being that new form factors come to market daily on various operating systems, and the versions of these operating systems change frequently. Also, companies providing their employees with native mobile apps would have to create device-specific apps for each device type their employees bring in, and then manage and maintain the life cycles of all these mobile apps in their different operating system versions. Even with just a handful of company apps, this task may quickly become an overwhelming and costly ordeal, potentially outweighing the business benefits of increased employee productivity from mobility.
Depressed yet? But wait, there’s more… With unrestricted device diversity come additional risks: Not all operating systems and devices are equal in terms of compliance. Blackberries may still bear the gold standard in enterprise-grade security, followed probably by iOS devices and Windows Phone, while some Android variants have been proven too vulnerable to attacks (by viruses and worms) to be suitable for enterprise use. And yet, voting with their purses, consumers prefer Androids over Apples, and Apples over Blackberries or Windows Phones. Some device manufacturers had come up with their own, more secure Android OS version to encourage corporate use, notably Samsung with SAFE and KNOX. But then, each OS and each OS version may have their own set of parameters to enable enterprise controls, requiring their respective set of corporate policies.
Lastly, employee reimbursements for business calls from their own mobile devices has recently become a litigious matter(2), and experts like Gil Cattelain(3) expect that employee-purchased data plans, mobile apps, file storage, etc. may soon have to be reimbursed as well, if serving business purposes. So it may not be practical nor cost-effective to support a full, open list of employee-owned equipment (4).
But now let’s take a look at the alternative to pure BYOD:
Enterprises that shun BYOD and procure only one set of mobile devices for all employees may face lower employee satisfaction. Their IT managers may be happy with the “low-ish” cost of this strategy but may have to realize that corporate mobile usage (and the subsequent hoped-for increase in employee productivity) will remain below expectations. For mobile users, ease of use is paramount; security concerns may only be an afterthought and must not impede productivity. Enterprises understand labor productivity increases when their employees leverage mobile devices for work. The more use cases which become mobile enabled, the broader the gains of enterprise mobility. The more suppliers, temp workers, business partners, and consumers can simply use convenient mobile-enabled (web) apps to interact with the enterprise (instead of using more expensive channels of interaction), the lower the interaction costs.
Considerations to determine sound BYOD policies
So is there a better way?
The short answer: yes. A middle ground that seems to work reasonably well in practice for employees as well as for IT is a combination of corporate-liable devices and a well-managed BYOD policy. Let me explain:
IT can procure specific devices for employees and guarantee their support with specific sets of apps as well as with back office services. These “corporate liable” devices and their apps can then be managed with mobile device and app management, like SAP Afaria. That way companies can be free to allow personal use of these devices by employees as a perk.
Taking it a step further, IT could also allow the option for employees to bring in that same type of devices as employee-owned, under the provision that employees allow their own devices to be managed under the same policies which apply to the corporate liable ones. In this scenario, employees would get reimbursed for work use of their devices.
Offering even more flexibility, IT could allow employees to bring in even more mobile devices from a wider list of phones and tablets provided IT can support with additional security. While these devices may be fit for enrollment with mobile device and app management, additional security measures may have to be put in place if the respective OS doesn’t allow for the appropriate level of enterprise-grade safety (e.g., specific securitization for apps that access resources in the corporate network).
The above scenario is where SAP Mobile App Protection by Mocana comes into play. It provides for app-specific security wrapping for iOS and Android apps and a set of configurable policies like per-app VPN, certificate enablement, smart firewall, passcodes, EULA enforcement, timed app expiration with app wipe, app locking, jailbreak and rooting detection, and then some. In most cases, Mobile App Protection will make up on the app level what the OS prevents a mobile device management (MDM) solution to achieve.
So in the end, to BYOD or not to BYOD may not be the right question. It doesn’t have to be a binary choice. Afaria and Mobile App Protection make the decision much more of a spectrum with the flexibility for IT to determine just the right BYOD fit.
SAP is ready to help you with engineered services to help you discover and plan enterprise mobility strategically. Ask your SAP Account Executive about the Discovery Workshop for Enterprise Mobility and for Planning Services for Mobility, or talk to your qualified SAP partner about equivalent offerings.
For details on implementing and configuring Afaria and Mobile App Protection for your corporate-issued devices and BYOD policies, check out and download the SAP Mobile Secure rapid-deployment solution at service.sap.com/rds-mobilesecure.
- Bringing a Cohesive Approach to a Complex Market, by Stacy K. Crook and Suzanne Hopkins, IDC Research, March 2013
- David Lavenda, The Next 3 Stages of the Mobile Enterprise, in Mobile Enterprise, September 2014: The Next 3 Stages of the Mobile Enterprise | Tech Spotlight | Mobile Enterprise(ME)
Engraving of William Shakespeare by Martin Droeshout (about 1623) linked from Droeshout portrait – Wikipedia, the free encyclopedia
Check out my other blogs on Mobile Security: Go mobile and keep your enterprise apps, devices, and content safe and “Security, Security, Security”, Great Mobile User Experience, And Fast Adoption