Here at Compare the Cloud, we’ve already taken a look at the factors to consider before implementing a BYOD scheme: cost, productivity, employee morale, acceptable use, security, and availability, according to fellow commentator Rick Delgado. How best then to address these? Carrot, stick or lockdown?
I’ve discussed elsewhere how, when implemented and managed well so they remain relevant for business users, Enterprise App Stores (EAS) can be a positive way of encouraging the use of ‘acceptable’ applications. Our carrot, then, if you will.
Wiser minds than mine, however, have suggested that EASs cannot yet be considered carrots; in fact, they are more like unicorns. More thought about than seen.
Where to turn then, to manage our BYOD scheme? If an EAS is the carrot, Mobile Device Management (MDM) is the stick. MDM might work well in a corporate environment where employees are using corporate-owned devices. But in a BYOD setting, there is a conflict between the needs of IT to control the device and the fact that the device is user-owned. Can IT really expect user acceptance of its ability to wipe the device and/or restrict the use of apps on it?
There is a conflict between the needs of IT to control the device and the fact that the device is user-owned.
In its role as stick, the traditional MDM model doesn’t fit the BYOD environment. It simply isn’t acceptable or desirable for IT to have this level of control over personal devices. It’s a problem that the MDM vendors are struggling to grapple with: in mid-2013, Gartner’s John Girard warned “MDM is in chaos right now and I think this market is going to die.”
At the heart of the problem is, of course, the issue that MDM does not help you deliver core business applications and data.
Girard identifies the leaders in the MDM space as AirWatch, MobileIron, Citrix, SAP, Good Technology and Fiberlink, and says they are all partnering with other vendors to provide Mobile Application Management capabilities or developing ways to wrap a security policy container around apps.
In mid-2013, Gartner’s John Girard warned “MDM is in chaos right now and I think this market is going to die.”
‘App wrapping’ is a user/device-centric access control method for executing applications. This approach does present familiar concerns about app compatibility, application support and cross-platform operability.
Some tools exist to run a segregated, encrypted version of the OS on a device which can then conform to corporate security policies whilst insulating the user’s personal device from those policies. However, the device will inevitably take a performance hit using this kind of approach.
VDI delivers the business tools and data the user needs, whilst also allowing IT to protect corporate data and applications.
The ‘odd man out’ of Girard’s list, perhaps, is Citrix which offers an existing server/ client solution that delivers something MDM cannot.
Citrix’s XenDesktop solution – and other VDIs like it – solve a lot of the problems of BYOD. Providing the user with a discrete desktop instance running in the data centre (whether that data centre resides in the cloud or not) delivers the business tools and data the user needs, whilst also allowing IT to protect corporate data and applications. By putting rules in place to restrict the transfer of data between the virtual desktop and the device, and the opening of corporate files outside of the VDI, security risks can be addressed. Meanwhile, the user is free to run whatever personal applications they wish to on the client device.
So a VDI offers the best possibility of lockdown, especially when combined with MDM.
In tandem with this, it is sensible for organisations to adopt new approach to network management: creating a two-tiered approach. One open network which allows access for the myriad of devices taken into the organisation and a second highly secure network on which corporate applications and data reside.
In the past VDI has suffered with user acceptance and the issue of application portability but the market is developing apace. One large installation I was discussing recently had gravitated to a Citrix desktop (because of the legacy in-house Citrix knowledge base and skills) sitting on a VMWare virtualisation platform. The solution owner, a dyed-in-the-wool Citrix aficionado, was seriously considering a move to VMware Horizon View because of the way the latest version addresses this issue of cross-platform inter-operability whilst continuing to integrate with existing Citrix investment.
The best approach?
The best approach will depend on the degree of mobility required. The employee base of the organisation will also play a part; both in terms of the risk it represents and the benefits that are demanded. Where there is a high churn of low-skilled staff, a myriad of different apps probably won’t be demanded or advisable. But where there is a high skill base, there may be a greater tendency to stray outside the approved App Store.
Ultimately, the best approach to take will be determined by each organisation’s individual security policies and requirements.