Four big pressures are top-of-mind among CIOs and IT departments around the world today: the cloud, big data, mobile, and social.
BYOD blends those last two, prompting those of us who live and breathe IT to look within our organisations and ask, "How do we prevent huge risks for the enterprise while adapting to and adopting the new technologies and devices employees want to use?"
If we take a hard-line stance and cling to a centralised, company-issued, company-managed, firewalled-off type of approach, we'll be ignored outright. Our employees will do their jobs outside of IT's purview.
If we take a soft-line stance and become permissive parents with a let-them-do-what-they-want philosophy, we'll be ignoring our responsibility. Our employees will put the enterprise at risk.
New technologies will help us answer these questions relatively soon, but we can explore the ideas informing the predicament now.
First, let's consider BYOD's most important letter: D.
Devices are incorporating virtualisation, thanks to the cloud -- the epitome of the virtualisation trend that's been going on for the past few years -- and this points to a startling reality: IT doesn't need to try to control the hardware layer anymore. IT does need to control the virtualised extension of the secure enterprise; that is, enterprise server images that can run next to, but apart from, the consumer server images also running on an employee's device.
And it's the ubiquity of that new reality that's startling. As far back as a decade ago, businesses with large Citrix deployments were already enabling employees to connect from home by running an enterprise server image on their PCs and connecting via remote desktop protocol. It was successful for many but it certainly wasn't ubiquitous. It didn't work for everyone because it depended on a network -- something that wasn't always up and running. Data rates and remote-access technology proved to be issues, too, as both weren't robust enough for certain types of jobs.
Those limitations are gone now. BYOD is happening in a world where all networks are typically up and running. Mobile devices can use virtualisation and remote access technology to access the enterprise server image. A personal smartphone is also a work smartphone, accessing a Yahoo! email account one minute and the enterprise server image the next; a Twitter app at 11:59 and a shared, enterprise-server-image-hosted calendar at noon.
A personal smartphone -- thanks to the infinite capacity of technical innovation to consolidate into one slim device all the bulky gadgetry that used to physically burden the individual -- is now an extension of the individual, it seems. Just as an employee brings her physical body to work and interacts with company property, so does her self-provisioned device interact with company data.
How are our IT departments supposed to handle employees having such committed relationships with their devices, applications, and server images both within and outside the enterprise?
Let's consider the use case next, because it accounts for the changing ways employees use their mobile devices, and highlights the importance of IT's ability to track its users in the corporate infrastructure's applications suite.
To date, the enterprise collaborative technology stack has focused mainly on one thing: email. But that era is fading: Email, a tool never meant for collaboration but used to asynchronously collaborate anyway, is being replaced with genuinely collaborative tools (e.g., Google Docs), as well as new communications tools whose popularity is due in no small part to their insusceptibility to spam (e.g., texting and social networking). Employees love these tools, so if we don't focus on broadening the collaborative application suite overall (in addition to establishing device management), we won't really be addressing or solving the key questions under discussion here.
The best course of action is clear: We're going to have to reinvent the corporate IT department to fit the new ways our employees want to work (and in fact are already working). This means elevating the IT department's role as a protector of the business and its data, despite a threat landscape that is constantly in flux. Devices and applications will change rapidly from now on, and to adapt we are going to have to abandon the model of large-scale, long-term investments in corporate infrastructure (e.g., an email server) and move instead to a policy-based approach that accounts for risk, information disclosure, and a wide range of security issues. As our employees voice new technological preferences in support of their productivity, we need to have a framework in place for making rapid decisions about how to respond to and manage those preferences and the resulting data flows regardless of the technology in question. And this means having device-agnostic data leak protection solutions, data classification services, and/or service-oriented, API-driven approaches to accessing data.
Let's indulge the emergent culture of BYOD and let our employees have the tools and methods they want to use, maintain the confidence of our stakeholders by governing all of it, and become enthusiastic participants in a culture that is driving the reinvention of IT.