Mobile BYOD what’s the impact?

February 7th, 2013 by Stephen Jones Leave a reply »

A shift in IT is the consumerization-of-IT. With the advent of the iPhone and other modern mobile devices,  most businesses find employees have ther own mobiles but incealsingky these are smart phones and tablets an dicnreasnkgy get used for work purposes. Exponential growth success on the mobile front puts pressure on IT to allow other employee-driven technologies, such as PCs, cloud services, desktop apps, and social media

Wi-Fi access is available at most major company one might walk into. These companies might not realize it, but if they grant Internet access to any and all comers, then they’ve implemented a BYOD policy whether they know it or not. With an influx of devices carried by vendors, salespeople, trainers, temporary workers, field service technicians and employees, how should a company approach its network’s permission policy in regards to devices it might not be able to control?

A surprisingly small percentage of companies have implemented explicit bring-your-own-device (BYOD) strategies. An estimated 80% of enterprises lack a mobile device management (MDM) system to protect corporate assets on employee-owned devices. With companies liable for mishandled sensitive information, a BYOD strategy is a necessity.

The three tier model is a convenient way to explain how a distributed IT system works but this simple explanation is not always reality. Data is not restricted to one set of servers — it was scattered across all of the clients, servers, desktops of the enterprise. And that complexity is greater now with BYOD, and cloud based solutions In enterprise applications in a three-tier architecture,

  •  The customers ran thick clients on their desktops and connected with a front-end presentation tier.
  • The business logic and processing were codified in the middle tier.
  • The data sources were internal, kept away from the customers in the back-end tier.

 In the modern IT world, enterprise data is scattered around the organization’s network and elsewhere. The BYOD trend means require back up,. on business desktops, personal laptops, business phones and personal tablets, and in virtual environments etc. The traditional back up approach of of enterprise systems is to install agents to copy data and to forward it to a central backup service. Different types of agents are required for different types of applications – for instance, a virtual server system may run agents for Microsoft Hyper-V, VMware ESX, or Citrix XenServer. A database system may have agents for Microsoft SQLServer, IBM DB,2 or Oracle. Managing a fleet of agents is complex and expensive. Backup is a means to an end. What’s important is access to data when you need it most. Running a restore test is not the most exciting job in the world and its also not the easiest with mobile clients.

There are other BYOD challenges. If your enterprise deploys devices that integrate with your existing authentication infrastructure, then for BYOD you need an alternate route of authentication for a new application. Users don’t want to remember numerous passwords they are used to single sign on. So authenticate against the enterprise’s AD system. It makes your users and IT staff happy. One of the really nice things about working in an enterprise environment is that you can almost always count on Active Directory and Group Policy being there. Group Policy in particular is fantastic because it lets the system administrators centralize settings and configuration. Your application needs to be added to the “Trusted Sites” in order to work fine? No problem, push it through Group Policy. Require an obscure registry setting to be changed? Group Policy to the rescue! Is there an OS feature that must be installed for the application to work?  Group Policy does that too. With BYOD, your application must work without any kind of centralized configuration or control, which means that end users need to be able to configure it on their own. Maybe this means that you leverage DNS (like Exchange does) to help point users to a central configuration, or perhaps you use another configuration server scenario. Can you count on Group Policy and Active Directory for management and configuration with BYOD?. That is why we add AD synchronisation to SOTI mobile device management.

Android phones, iPhone, iPads and other smart devices are all about apps. Thousands of new apps for these platforms are introduced every day, including productivity-boosting apps that are being adopted by businesses. Apps can include malicious components designed to introduce viruses or steal data. While app stores have various evaluation criteria, it is risky to assume that all apps are safe for all enterprise environments. Even if a guest device doesn’t have direct access to corporate file servers or other resources, there may still be nothing preventing it from launching denial-of-service attacks or other malicious behavior

Managing applications relates to employee efficiency. “Angry Birds” and other seemingly harmless game apps can steal hours that rapidly multiply with the proliferation of BYOD.  Wha tf the app is on an emeployee  evice but he uses the device for work purposes e.g checking mails at an airport? or preparing a quote and he then connects to your network to transfer files?

BYOD policies should include restrictions on the types of apps that can reside on employee-owned phones that are used to access corporate resources such as e-mail and calendars

Every smart device offers password protection capabilities, but unless IT is overseeing the passwords, many BYOD users will take the easy route and opt out of password controls. Yet for comaopny moble devices the risk of loss of data due to a stolen or misplaced device is incresed so password protection is essential.

For enterprise development of new applications you knew screen sizes used by the company. With BYOD, an application must adapt to different screen sizes adroitly, which is a bit of work for a native mobile application if you want it to look really nice instead of counting on the OS scaling it. With Web applications, that is a lot easier. With traditional enterprise applications, we got used to rolling out something and having the users get trained on it. The training worked because everyone had the same experience. BYOD users expect to install an app or point to a URL and start working. And even when there are opportunities to train, users will have different experiences because they won’t all be using the same device. Your applications must be usable without formal training, and have self-contained help and documentation and tutorials.

Lots of companies set up barriers to VPN like physical tokens and third-party applications. These setups are sold with the promise of increased management and reduced headaches, but in a world of BYOD, they shut most devices out of the VPN entirely, meaning that everything needs to run over the public Internet. You should be prepared for your application to run over the public Internet too, unless it is something that is entirely useless off-premises.

Expect all traffic to be HTTP (will IT staff open a different port just for your application/), and plan how to leverage the device’s built-in email capabilities if you need to send email.

An application absolutely must be secure. This means HTTPS for anything but the most innocent of traffic. Consider encrypting sensitive data too to defend against man-in-the-middle attacks and snooping when the user is on public Wi-Fi. Sensitive data stored on the device should be encrypted. Treat data from the device like you would treat data from a public-facing Web site, and protect against SQL injections, cross-site-scripting, and other similar attacks.

Cost is also a  factor. Cellular networks discriminate by the minute and megabyte and the discrimination is worse when roaming or going off net to communicate with a different carrier. Enterprises get big benefits from going to a single carrier – in plan calls, large discounts and support. All these advantages disappear if employees’ mobile contracts fragment into individual tariffs reclaimed  through expenses

If  employees use their own devices, what safeguards does the organisation have for the sensitive data that might end up on that personal hardware and what can it do to ensure that personal device choices will support all the business apps that staff need to do their job?  Which users will be trusted with what data and/or resources and in what circumstances. The issues are complex when personal mobile devices are involved because such devices are not in the organization’s direct control. A trusted user carrying sensitive documents on an iPad might unknowingly disable company-mandated encryption, exposing the company in the event of loss or theft

Using the same end-point protection software on employee-owned devices that is used on corporate hardware is fraught with issues. For example, what happens when a remote lock and wipe destroys, say, personal photos?

Just as many security and compliance issues were caused by the early adoption of instant messaging. Now a similar risk comes from employee use of public social media for sharing business information.Who is moderateing  t he tweets, facebook posts instagrams and blogs?  Individuals have grown accustomed to using IT online, but are now increasingly taking advantage of access on their mobile devices. Sharing information is easier,but  increases the risks to the organisation.

Thereare  productivity and motivation gains when employees can use their favoured devices and tools and that’s why they fight to keep Excel when ERP is introduced!


Leave a Reply