Enterprises are facing a challenge from employees who want to use personal devices to access corporate data. Perceived benefits around cost and productivity are balanced by concerns around device management and security. Mobile operators are positioning themselves to address these concerns and facilitate the trend.
The starting point with an investigation of a new tech trend these days is often a quick look at its position on Gartner’s famed Hype Cycle for Emerging Technologies. Which stage it is judged to have reached on the Tolkien-style quest through the Trough of Disillusionment, up the Slope of Enlightenment and on to the hallowed Plateau of Productivity is always an interesting indicator.
Bring Your Own Device, the movement that sees enterprise employees wanting to use their personal devices to access corporate functions and data, sits at the very Peak of Inflated Expectations, according to the version of the Cycle that the research house published in July of this year. For Gartner, at least, it has some way to go.
It is indeed early days, with BYOD having generated a fair amount of push back from corporate IT administrators and CIOs when it first gathered enough momentum to have been defined as a trend. This is because BYOD has emerged from the field, not from the careful planning of corporate IT strategies—and not from the minds of service providers looking for diversification in the business. In fact, like so much else in recent years, its growth can be traced back, in part, to the popularity and uptake of the iPhone, and the class of smart devices that has emerged in its wake.
In an interview with MCI, Vivek Badrinath, head of Orange Business Services, points out that while mobile telephony may have had its roots in the enterprise, it really blossomed in the consumer market. It was as consumers that we moved to the next level of attachment to our mobile phones, drawn by the mixture of utility and entertainment afforded by the application-based content model.
Alive to the benefits of their new devices, corporate employees have started to either favour them over the more basic handsets allocated to them by their IT departments or seek to use them in the absence of an officially provisioned device. As Nigel Pindar, who led a BYOD implementation programme for MCI’s parent company Informa, points out: “The technology people are buying for themselves is better than the technology with which their employers are supplying them.”
The high profile challenges faced by Research in Motion, which still enjoys a near monopoly in the enterprise mobility sector, bear this out. RIM’s Blackberry devices didn’t suddenly stop doing what they were supposed to. Instead the firm found itself (aside from a niche, teen enthusiasm for its instant messaging product) failing to compete in the consumer market. This really ought not to reflect badly on the firm, given that consumer devices were never a problem that RIM set out to solve.
Whether or not RIM’s difficulties have driven the BYOD phenomenon, whether it’s the other way around, or whether the relationship between the two developments is simply one of coincidental timing is a matter for debate. But as Mobeen Khan, CMO for advanced mobility solutions at US operator AT&T, observes: “Demand has grown and choices have improved. As a result of that, a single vendor solution is just not going to cut it any more.”
But the drivers aren’t limited to device snobbery. In the modern corporate world there are many temporary employees; contractors or consultants on secondment, who cannot function without access to key client data. It can be easier to facilitate that access through their own devices than provide them with a centrally sourced, temporary fix.
Remote working is also increasingly popular, placing greater demands on the central IT function at an enterprise to look for more efficient ways to connect employees off-premises. In smaller organisations, meanwhile, device procurement is a headache that the leadership may well be happy to do without.
Looking forward, Jeremy Spencer, head of propositions and campaigns at UK operator Everything Everywhere, suggests that LTE will accelerate the remote working trend. Spencer is certainly on message; Everything Everywhere recently announced that it is to become the first UK operator to launch the next generation network technology, lighting 16 cities before the end of 2012.
“The changes that 4G will bring to the device and the usage patterns are amazing. It really does make mobile working feasible in terms of access to business systems, and doing business on the fly,” he says. “It’s going to drive more businesses to want to make more use of mobile data and flexible working.”
Just because something is happening doesn’t necessarily make it popular, though. The reaction of central IT functions and CIOs to BYOD has been, and remains, mixed. The departments and people responsible for these functions like control and they like security; two factors at which RIM’s Blackberry Exchange Server has excelled, hence its dominance. Controlling and guaranteeing the security of a wide range of employee-owned devices is far more difficult.
In a recent survey of 73 CIOs from developed market multinational corporations (MNCs), analyst Ovum found that BYOD ranked bottom of a list of 12 mobility priorities, with half of respondents deeming it of either low or zero importance. Ovum identified security as the greatest concern for those MNCs.
“From speaking to our enterprise customers as well as going by AT&T’s own experience, control and security are areas that IT admins hold very dear to their hearts,” says Mobeen Khan. “Any time you modify rules around security and management of data it’s a difficult decision for these folks.”
But resistance to the trend appears to be on the wane, even among its most staunch opponents. “About a year ago, the CIO of a very large, Northern European corporation said to me: ‘If [my employees] want a phone from me it’s going to be a Blackberry and if they don’t like it they can go and buy their phone in a shop. But if they want to connect to my IT they go through the Blackberry or nothing’,” recounts Vivek Badrinath. “Even that person is starting to come round to the idea now.”
Part of the reason is that the tech-savvy workers pushing the BYOD trend from the field are often more than capable of implementing their own workarounds to gain access, of which there will be no visibility for the IT admins.
In a study published recently by Cisco which focused on enterprise attitudes in the US, Canada, UK, France, Germany and Spain towards the rise in popularity of tablet devices, 48 per cent of respondents said their company would never authorise employees to use their own devices for corporate access. But 57 per cent of those surveyed said that employees were using personal devices without consent, a trend that was highest in the US, where 64 per cent of respondents conceded that it was happening.
Absolute control over all devices accessing the corporate network may be CIO nirvana, but it is better to have less control over all devices than none over some. BYOD should be about “moving from control to management,” says AT&T’s Khan.
Another reason for the softening of attitudes to the trend is that it is not just field workers that are asking to bring their own devices to the enterprise. Often the senior executives are the first to acquire the latest in personal devices and it will be these people that demand BYOD access be granted before the rank and file. When the CEO comes knocking with a request like that, nobody in IT support is going to tell them it can’t be done.
There are also perceived benefits to BYOD, chief among them cost and employee satisfaction. If employees are buying their own devices to the tune of hundreds of dollars, the thinking runs, the enterprise can reap significant savings on device procurement.
“We keep telling CIOs that this is a blessing in disguise because otherwise they’re in the middle of this arms race towards bigger screens, bigger memory, better devices, better materials,” says Vivek Badrinath. “I think most of them are valuing that. They’re fed up of being the person who employees look at in the corridor and think: ‘that’s the guy who won’t let me have an iPhone’.”
Cost savings around procurement may well turn out to be an upside but there is an important counterpoint. As bulk buyers, enterprises have access to levels of discount on both devices and usage that individuals do not. They might well incur substantial costs in having to reimburse airtime charges and in processing a much higher volume of expense claims.
Employee satisfaction seems more straightforward. In a second study by Cisco, which surveyed 600 US IT and business leaders (the US is the most advanced BYOD market) the ability to carry out work-related tasks out of working hours, ranked second behind device choice in the list of employee motivators for BYOD. Productivity gains are another attraction.
For CIOs, though, becoming comfortable with BYOD as a concept is really only the beginning. A number of stiff challenges await any organisation that looks to embrace the trend, beyond the headline concerns of security.
How do they approach payment for the services being consumed? How do they manage a much wider range of devices, and indeed decide which to support and which to exclude? How does the burden of support get split between an operator and an IT department if that device has two distinct usage profiles » and sets of requirements? What happens when employees want to keep using their existing service provider—to bring their own network as well as their own device?
These are serious challenges for CIOs and sit at the heart of the opportunity in the BYOD space for mobile operators’ enterprise services departments. “The feedback I’m getting from our enterprise community,” says Everything Everywhere’s Jeremy Spencer, “is that they are really struggling with all these issues. They want the operators to think it through for them and come back with ideas and suggestions for guidance.”
AT&T’s Mobeen Khan picks up the thread: “Let’s say you allow some active sync of email with some simple encryption and you start allowing employees to bring in their own devices. The next level is that the employee now needs CRM access. Traditional IT departments are not used to managing those kind of things on a wide variety of devices, they’re much more used to a controlled environment like a laptop, or desktop PC. BYOD is about more than just managing the data and devices and being able to wipe them clean, it’s about managing your entire work environment.”
The US operator is at the vanguard of BYOD, and its Toggle solution for device segmentation is often referenced by other operators. Toggle—based on technology provided by OpenPeak—takes a literal approach to the issue of dual usage profiles on a device by creating a secure container that sits on the device and houses all corporate data and functions. It has a component that allows the IT admin to set policies and rules around when and how data can be accessed, what kind of apps need to be deployed and any reporting that is generated from the container.
When the container is first installed on the device it scans the entire device for security threats and alerts the user to any that it discovers. The solution allows remote shutdown of the container, without affecting the rest of the device—a functionality that is common to many MDM platforms targeting BYOD, given the different types of content that sit on the devices.
Policies include geo-fencing and time-stamps, designed to restrict access to data to certain locations—corporate campuses, say—or to certain hours of the day. This latter functionality allows US enterprises to ensure that unionised employees are not involved in work-related activities outside of the hours that they are contracted to work.
“The IT admin desk can monitor every single communication, data, voice or messaging, that goes on inside that container,” says Khan. “They can implement policies that compensate the user for the number of calls they make or messages they send, or they can generate two bills; one that goes to the home of the end user, and one to the IT admin.”
True BYOD has to include the ability of the user to maintain their existing service plan. This is particularly complex for operators looking to provide BYOD services and it’s an issue that is being dealt with in various ways. Everything Everywhere’s Jeremy Spencer says that his firm offers substantial discounts to employees of its enterprise customers, which is partly motivated by the desire to simplify the provision of BYOD services. This is good news for EE when it works, but it doesn’t really address the problem.
Uri Gurevitz, marketing manager at B/OSS solutions provider Amdocs says his firm has seen “no real solution” to the BYON (where the ‘N’ stands for network) so far. “Most of the enterprise customers who do allow employees to BYOD will limit them to MNOs that they can work with, so it’s not completely open,” he says.
Support for dual lines, including lines from separate mobile service providers, is a functionality that AT&T is planning to introduce in the near future, according to Mobeen Khan. He declines to explain exactly how this solution will work when the Toggle container is installed on a non-AT&T device but offers a hint, saying: “think about call-forwarding as a mechanism. It will handle it something like that.”
For AT&T devices a more sophisticated dual line solution is available, but Khan says that operators have to accept the reality of a world in which competing operators will need to provide service to a single device based on consumer and enterprise divisions. “We’re starting to raise this issue at an industry level. We need to decide how we’re going to get this accomplished in a more elegant way.”
Discussions are underway at US trade association the CTIA, he says, although industry operator group the GSMA declined to comment, saying that BYOD is currently viewed internally as an enterprise issue.
It could simply be viewed as a form of roaming, if there was enough collaborative weight behind a drive to get it right, Khan says, although he concedes that, historically, interoperability has taken a long time to establish on more than one occasion. “Carriers are already exchanging this kind of information on a roaming level. That connectivity exists,” he says. “We just need to agree on what the right mechanisms are as well as the frequencies and the level of detail that needs to be exchanged.” AT&T will issue a vision statement for such a collaboration in the near future, he says.
A co-operative approach is particularly important given that, despite attempts by large enterprises to centralise their mobility services, many procurement deals are struck at a regional, national or even departmental level, with a single MNC often likely to have a number of different operator partners.
Over 60 per cent of MNC CIOs interviewed by Ovum said that that while mobile strategy is set at a global or regional level, services are likely to be sourced locally. “Mobile service providers looking to win managed mobility contracts should recognise these conflicting trends,” Ovum advises. “They need to help multinationals that are ready to take a holistic view of mobility and want to drive their mobility strategy through their organisation. This will include support for more flexible usage policies that might vary considerably by country or employee role.”
No matter how sophisticated operator- and vendor-driven BYOD solutions become (and most operators with significant enterprises’ business will resell MDM solutions from a number of vendors), not all enterprise customers will embrace it.
Everything Everywhere’s Jeremy Spencer relates an experience with one “large professional services organisation” that looked to implement a hybrid model that allowed its employees to choose their own devices from a range that included the most popular, while the employer subsidised both the cost of the handset and the cost of the airtime. But the client withdrew the service “because they found the overhead of trying to manage an incentivised choose-your-own-device programme just wasn’t worth it.” This organisation simply reverted to supplying its employees with a device of its own selection.
But the consumerisation of IT, as it has become known, is not going away and there are considerable opportunities available to operators that are able to pull together a solution that implements the key elements of security, device management, flexibility and billing, and offer it as a managed service, taking the difficulty and responsibility away from CIOs with plenty of other pressing issues to consider.
Operators should take heart from another statistic from Cisco’s global IT study mentioned above. Some 44 per cent of respondents said that dealing with BYOD diverted attention away from other important IT functions that needed their attention.
Certainly operators seem uniquely fitted to this market, as AT&T’s Mobeen Khan suggests: “If you look at who is capable of providing this scale of solution to enterprises, there are only a handful of companies that come to mind. You can’t rely on the device vendor because it needs to be cross platform. You can’t rely on a software vendor because it needs to be a marriage of software, connectivity and device. I think carriers are very well positioned,” he says.
What really stands out, though, is the need for collaboration. And it’s tempting to suggest that the extent to which this happens will really be the measure of how seriously operators want to address BYOD.
Nigel Pindar is technical architect at Informa, the parent company of Mobile Communications International and Telecoms.com. Earlier this year he was responsible for assessing the demand for BYOD and the solutions available to meet Informa’s needs. Informa selected an MDM solution on a 12-month contract, which is currently being implemented.
We looked at metrics from the service desk. The problem we had was that while we could capture information that said a request had come in relating to a handset that wasn’t Informa-procured, we didn’t have the data on the nature of the request. We weren’t sure if we were getting a lot of requests for active sync, or a lot of support calls for previously-enabled phones. But that lack of knowledge led us to be concerned that the amount of time being spent by service desk staff on problems supporting BYOD devices was rising rapidly. Those calls are up 10x in 2012 from 2011.
The attitude among our CIOs was that this trend is coming and there isn’t a great deal of point in trying to resist that level of change; especially as there was demand from the C-suite. We supply mobile handsets to around 20 per cent of the global workforce but there is a far larger proportion of employees who can see the benefit of corporate access. The company isn’t going to stand in the way of people who want to work outside of office hours and locations.
There’s actually a big transition going on in terms of devices. We’re moving away from Blackberry and more towards Apple and Android devices. With BES you get considerable control and high security, which you don’t get when you’re linking other phones to email through active sync. So we needed a solution in place to provide the same level of security and management on individual devices.
The decision was taken during the course of the project not to go with a very sophisticated and high-cost solution first time out. We wanted something from a leading provider that was cost effective and we wanted to have the experience of living with it for a year to see what issues we encountered and how we might change our approach in a year’s time. But cost was a very important factor.
This is a very dynamic market. With Windows 8 coming out, and the fallout from all the litigation between Apple, Google and other handset vendors, a lot is happening in a relatively short space of time. There’s no point in putting in a solution with a three to five year lifespan because things are going too fast. A 12-month deal gives us the flexibility we need.