Breaking down what most (honest) corporate users want to do when they are at work in it's most simplest form, is to perform the tasks it takes to do their job. To do this, they need the tools to do so. In a modern day office workplace, the tools are required are software applications which are relevant to your business.
Now read that first paragraph back to yourself. Note that I didn't mention Operating Systems, I didn't mention a specific type of computational device, nor did I mention whether the workplace provided this device or not. Truely, most 'non geeky' people out there have a job to do which requires these essential applications, these days shortened to the socially acceptable 'Apps'. Look at how recently the Apple device ecosystem has changed the face of consumer devices forever with the introduction of the Apple App Store. Now every major software manufacturer out there either have an App Store of their own for their particular platform, or they've simply been bowled over at the massive takeup of the simple, single point of delivery that is the Apple App Store and joined the bandwagon.
BYOD (an acronym for Bring Your Own Device) is the name that most organisations are using today to cover off a large gamut of ICT policies, software, client devices and server technology combined to ensure that the end-user can use their own devices within the workplace. It's currently estimated that 90% of all workplaces have some kind of personal device proliferation already in place, often without the knowledge or consent of the company, think smartphones and tablets here especially, but this could easily be non-mobile devices as well. Why do so many users use their own devices in the workplace? There are many reasons, be it morale, productivity or just because they 'feel at home' with their own device. Whatever the reasons, ICT departments need to take stock that these unvetted devices are on their network and a method needs to be adopted which allows the end user to continue to use their own devices (and essentially embraces it's use) before businesses get caught short and left behind all over the world. Whilst there are many ways of managing a device, locking it down and enforcing an inflexible policy, this article asks whether this is the right approach, and whether we look at 'Apps' and securing the way they operate, rather than the entire device.
At the face of it, it would seem that (at least in the office) the next wave of users, will base their computational experience on Apps, not platforms that run apps. Whether the apps are delivered to users within a web browser, or more directly via an enterprise 'App Store' like app delivery system such as Citrix's Receiver (and soon VMWare's AppBlast) remains to be fully realised. So for at least just now, a hybrid of the two delivery mechanisms will be available and are likely to remain for quite some time, especially if the same Apps can be delivered through a web browser in the same way that they can be delivered by an App Store. Everyone has a web browser, no matter what device they use these days, so this opens up the argument of platform dependency: who cares what device we use. Some tenents will arrive over the next few years - it is likely that HTML5 and further evolutions of the XHTML standards will allow yet further, richer experiences within a browser. At this point, an enterprise 'App Store' is an easy, familiar way forward for many, and the companies such as Citrix and VMWare are taking the correct approach in ensuring that their 'App Store' type solutions are available for as many platforms as possible.
[caption id="" align="aligncenter" width="460"] A Typical Enterprise App Store: Citrix Receiver on an iPad[/caption]
The need for a consumer friendly computing device in the differing form factors has already driven change, and ICT is on the back foot. A short look at the business passengers on trains, families on the beach on holiday or mothers in the kitchen looking up recipies shows the desire for absolute mobility, charged with the ability to work in a way that is suitable to the individual.
The technology is essentially there today to deliver this, so how do we adopt this for the corporate workspace and what are the pros and cons?
Benefits of BYOD
Firstly, let's have a look at the plus points for any business:
Fears Surrounding BYOD and how to counter them
- Productivity gain: If a member of staff is able to use a device that they like to use (eg a device that they chose and purchased), they will be more inclined to use it all the time for their own productivity uses. The benefit? They are more likely to use their devices in an ad-hoc nature for working in environments that they would not normally work in such as home. This brings an odd shift towards working which works in many ways: You may find for office workers, at least, that they don't need to be in the office as much as they had before, this can bring less requirement for fixed office space if you are looking to downsize your rent costs- teleworking is a very realistic opportunity- best of all, teleworkers are often willing to use their own home internet connection for ad-hoc working without any recompence. This is a strange way to increase productivity, but from what has been studied it actually works as long as the work/life balance still works out. For example, if a staff member starts work at perhaps a relaxed time of 10am, leaves the office at 3 or 4 and gets back home for an early dinner or work out at the gym, then by 6pm brings the laptop, tablet or hybrid device out to work with, and completes a days work by around 8pm. Many staff that have had firstly Blackberrys or laterally iPhones have exempified this quite clearly: it's not such a hassle to run off a few emails and do a few simple work tasks. This works especially well when there is less technical barriers in the way: the lack of clunky VPN software or unfriendly fat client applications that don't have interfaces that are conducive to touch or mobile displays really helps.
- The other less visible but still realistic benefit is reduced ICT suport costs as well as reduced OPEX (where the business uses leasing) or reduced CAPEX (for outright purchases). The principal savings are gained in lesser requirements upon device and application support (support staff & time). This is because the applications will work on any device, provided they are connected to your corporate wireless network and the device has the relevant 'App Store' platform set up or accessible. For the likes of Citrix, this requires either a web browser which supports HTML4 (5 is preferred) and the user knows the app delivery URL. Otherwise, software like Citrix Receiver can be installed from the web freely which gives a nice 'App Store' feel to application delivery. Immediately the requirement for heavy imaging work, desktop systems support will see a paragdim shift: If your laptop is broken, the end user bought it - they take it back to the shop they bought it from and get support there. The business may wish to encourage the end user to purchase comprehensive support to resolve any conflict here. The desktop support side of the ICT department would end up simply supporting the infrastructure and ensuring that the packaging of the applications upon the servers is done well and routinely. This creates a paragdimn shift in the ICT workplace to that which supports far more innovation, rather than an environment where the typical 80% break/fix, 20% innovate environment exists. After implementation, this results in happier staff, and more innovative proactive solutions ready for customers. Many customers complain to ICT departments currently that they wish a project to be created that creates X outcome, only to find that it gets buried amongst all of the other noise of break/fix and either never sees the light of day, or comes out as a half-baked delivery. Wouldn't it be great to ask your ICT staff, "Hey, do you know how to develop a solution that did X" and get an answer straight away "I think I might just do. I played with a technology that does pretty much what you require and it can be implemented in six weeks exactly". Underestimation and Underdelivery are often tacked a to lack of opportunity to discover products and an underestimation often comes because time management in ICT is traditionally poor - a realisation that BAU takes up 80% of time either needs to happen at a higher level, otherwise, change the way you work - the BYOD environment can begin to ensure that this change becomes a reality.
The pricepoint for BYOD infrastructure should become affordable by the time most corporate infrastructure refreshes start to come around, so what's stopping most corporates from implementing BYOD right now? Fear, mainly.
Lets disseminate the fear points faced by most businessesses. The larger the business, typically the larger the danger to the organisation:
- Security - how do you ensure that the applications you run on devices that you can't control are secure? The answer should lie in simplicity: Instead of dealing with Mobile Device Management (MDM) that still clings on to the dying embers of a centrally controlled corporate network environment, consider embracing MAM (Mobile Application Management) or similar solutions. The premise behind mobile application management (which is extolled in various different ways, ranging from cheap do-it-yourself policy based solutions to highly sophisticated, yet currently slightly immature enterprise grade equivalents) allows you to sandbox the applications delivered to your BYOD users so that the applications do not use the same memory, storage or networking path as the other applications on the device. Citrix with AppSense is one of the few to do this fairly well at present with solutions such as the Citrix Receiver - a sandbox application (Receiver) allows 'published' applications to be visible to the end-user. This allows much easier (and potentially granular) licensing control. For example if you have an Active Directory which has split staff into groups which are specific to the job roles that they undertake then you can ensure that the appliactions that are 'published' to them are only for that specific role. A real life example is a University where students have classes in Media (their subscribed applications will include things such as video editing software), yet the English classes could get software such as Word and Language software, but not include the video editing software. Naturally this means that each app that's advertised is just an instance - a single packaged application, not an image that has multiple iterations for each class. Future environments are looking at hardening mobile devices further with virtualisation: Providing two physical sandbox environments on your mobile devices - consider having a mobile device with two modes: Consumer mode and Corporate mode, where (in the case of a smartphone) you can make/receive calls in both modes and shift simple, safe information between the two modes. Other than that, the phone would have corporate applications that are sandboxed within a virtual machine. The applications would be advertised by the business and the end-user can subscribe to them. Organisations like Symantec and VMWare are already looking at this model. The main point to understand though is that the lines between the internal and the external network are marred now moreso than ever. You should treat all devices as if they were a threat (this includes your own businesses assets). Put strong security solutions in place that inspects data on an end-to-end, application (layer 7) basis. If your organisation isn't happy with allowing a specific application, block it at the security device. Many organisations which are concerned with data leakage for example, will choose to block applications such as Dropbox, which as most of the cloud based apps of today are, exist on port 80 (web/http). By blocking such applications at the security level, you will understand exactly what traffic traverses your network and control whom is allowed to use which applications, if any. The fact of the matter, the more your block applications or lock down your devices, the more people will find alternate ways around those blocks. A word to the wise, some find the matter of packet inspection a broach on personal privacy, so make sure that it is spelt out in any policy you make. You will also need to consider how you inspect wireless encrypted traffic. Many wireless solutions these days allow you to 'break-out' SSL at the security endpoint, before it connects to the Internet, so you can make policy based decisions on the traffic before it enters or leaves your network.
- End User Acceptance - whether you know it or not, BYOD is already happening in your organisation. I guarantee you that your customers have found countermeasures around your device management systems and are allready using smartphones, tablets and personal laptops in the workplace to satisfy their own comforts. It is a common misconception that BYOD will not prevail once communicated to a workplace. You will undoubtedly have initial kickback, even perhaps from a majority, however after the deployment has been made, you will find few staff want to use a company-provided 'grey box' when they can have their own shiny MacBook or HP laptops which are moulded to their own way of working. Consider it like the modern-day desk. You like to have your flowers and posters, paper files, etc all laid out in a way which says 'This is where I work' - your own devices are no different. Your own apps, your own environment, just the way each person likes it.
- Policy - The hardest part of any BYOD deployment is how you communicate it's use with your end users and how your environment enforces the policies. This needs to be a collaborative effort with your users from the get go for it to succeed. Publicise your intentions and seek honest debate about the pros and cons to start you on the right foot first. Understand that if a policy is 'too hard' for people and you haven't given easy ways to acommodate for those misgivings, then people will not adhere to policy. A good example of user bypass is data ownership: Who owns the data on a device that is owned by the end user, the easy answer is that if the data is corporate, then the data belongs to the corporate at all times. Enforcing this is harder: You should consider putting in place easy to use file shares such as DMS (Document Management Systems) like Sharepoint or WFS (Web-based File Management Systems): 'Dropbox-like' file stores to make it a no-brainer for data to be stored in a private-cloud repository which is owned by the business. Explain the benefits of using this system within your policy- state that the data will be automatically backed up, secured and filed in an indexable, easy to find manner, rather than a mish-mash of files that nobody can find!
- Infrastructure & Pricing - Make sure that you plan your next infrastructure refresh wisely and do it all before you even begin deploying your BYOD strategy. You may wish to consider upgrading the bandwidth of your core, distribution and edge network to allow for 1:1 delivery of 1gbps throughput to every single port on your edge. This way, mobile users on cutting edge WiFi APs can potentially achieve speeds of upto 400mbps per client (WiFi in 802.11 a/c or 1:1 802.11n), meaning rich multimedia experiences on wireless devices as well as wired. It is very important to put emphasis towards a wireless and not wired network as most of your workers will make this move soon. Invest in access points which don't have bottlenecks such as clunky controller based architectures. Many of the classic vendors (such as Cisco and Aruba) are still using controllers for wireless - the big problem, a single bottleneck for all of your wireless data, converges on one propriatery, closed 'black box'. Manipulating security and quality of service in this way can often lead to problems. Consider newer meshing hardware such as that demonstrated by Aerohive and to a lesser extent, Motorola. Larger corporate networks may consider going to a 40GBPs or even higher core network, to allow for 10GBps campus distribution and 1Gbps edge port. In the server room, because Microsoft Windows still lurks in the bowels of all of your Windows based apps, and swap files and profiles still play part in all of that, the way you choose your disk performance mechanism is paramount to ensuring scalable performance for your BYOD environment. There are more than one way to skin a cat here, but consider looking into apportioning SSD drives due to their very high iops throughput into each blade. The slower accessed data such as shared DLLs can exist on 15K SAS in the SAN. In summary, the more you can afford in good infrastructure, the better, however make sure you make wise investments, you can still have the best infrastructure and make a poorly deployed, unscalable BYOD environment. Consider highly scalable SAN products which take a multitude of media types including Tier 1 (SSD), Tier 2 (SAS) and Tier 3 (NLS) disks. Consider using blade architecture to maximise server efficiency, but understand the pitfalls of blade too and choose the right fit for your datacentres - cooling, weight and power all need to be taken into consideration. Finally, your network has to be solid, you can't afford to make any half measures, but make sure you shop around to get the best price. Consider going out of your comfort zone to achieve this, especially if you are a Cisco only shop.
- Productivity Loss: Yes, as much as the potential to gain productivity from your end users may exist, there will always be exceptions. Remember that one size does not fit all, if your workforce are earning lower wages or are intentionally micro managed, you will find a resistance to BYOD. More importantly though, you'll also find that because your users are unsupervised, there is a good chance that they may do less work, not more. Each organisation will differ based on culture, technology acceptance and attitudes. It may be worthwhile evaluting if all parts of your work force, or simply select parts of your workforce would benefit from BYOD before adopting it wholesale.
- Transition issues: The inevitable day of switchover will happen! That day when the ICT department takes away the environment they are used to and changes it. There are many arguments in BYOD to provide a simple VDI (Virtual Desktop Infrastructure) replacement for your desktop users so that there is little to no difference to the end users experience at transition. The customer being blissfully unaware that their desktop is no longer processing the work, but the data centre is. This above option may suit many, however, in the end, Apps still matter more than the desktop environment, therefore it is recommended that whilst you have this transition, you choose to go 'whole hog' and move them over to a thin device which has a bare minimum operating system and all Apps are delivered by the web browser or App Store such as Citrix Receiver. It might mean a very little pain up front, but your ICT staff and end users will thank you in the long term for removing the dependence on presenting a whole desktop image that you will have to modify and customise to each customer-class you have. Finally, don't misunderestimate the matter of device acceptance: some people find it too hard to simply be thrusted a new device- instead, don't necessitate a new device for a member of staff. If a member of staff likes the aesthetics of that clunky old beige box on their desktop - leave it there! Wipe the system clean, install the default O/S (or install a light O/S like Linux if the original O/S isn't easily available) and allow the user to continue using that hardware. Remember that cost savings will naturally creep in here too.
The challenges for an organisation to adopt BYOD are ever-present, and whilst BYOD remains in it's infancy, choosing the right path in a road full of forks will be difficult, however the rewards are substantial, especially how it will transform your end users (and your ICT department's) culture into becoming a pro-active, more productive and possibly a little bit of a happier place!