igor - Fotolia

Strong BYOD strategy balances IT, user needs

The BYOD movement marked a major transition in the enterprise. Instead of managing a fixed number of in-office desktops, IT now has to control an unending stream of endpoints while delivering the performance its mobile workforce demands.

When establishing a BYOD program or enabling mobility one goal jumps out from the rest -- balancing the performance users' demand with the security and control IT needs. This can be a tough task for enterprise desktop administrators to grasp because IT can't use the same controls and utilities they use to manage desktops on mobile devices.

Without balance, a BYOD strategy can easily fail, and it's important to remember that responsibility is a two-way street: IT may ultimately be liable for any major breaches or incidents, but employees must understand what acceptable use looks like and exercise common sense to keep corporate data safe.

To fully understand how an effective mobile initiative works it's valuable to track the evolution of BYOD and learn about the components of a BYOD project, how to take a holistic approach to BYOD and manage the entire BYOD lifecycle.

The early days of BYOD

For enterprise IT, mobility changed management processes -- from apps to data. Although mobility ultimately increased productivity across the board, it also introduced a bevy of new challenges.

In the past IT only had to manage corporate-owned desktops in the office. Then, mobile devices entered the picture, but they were usually still corporate owned. IT could simply lock down the devices and users would accept it because they expect limitations on what they can do with their work devices. Now, with personally-owned devices users have a whole new set of expectations. They want nearly complete freedom and constant performance.

The problem is that IT still needs control over the sensitive data and apps, but that information lives on hardware admins can't fully regulate. Early BYOD programs took too many features away from users and didn't deliver the type of granular control IT wanted. Things were out of balance and nobody was happy.

MDM, MAM and MIM start to turn the tide

Mobile device management (MDM) is the first phase of BYOD management. MDM uses the traditional desktop management approach, giving IT control over every physical device in the enterprise. IT sets encryption requirements, pushes updates, establishes restrictions on which apps can be used and can even delete data from managed devices

MDM gives IT the ability to set password protections and control the use of certain features but when it's used with a heavy hand, there's no balance. IT has all the power, which can leave users unhappy because they have no control over their personal devices.

Mobile application management (MAM) tips the scales toward users with spheres to keep personal and work data separate. MAM allows employees to use their phones the way they want in their personal lives and minimizes the risk to the company. With MAM, IT only has oversight of the corporate data on the device, not the device itself. Admins can control where data goes, how long it can be on the device and whether or not it is encrypted. IT can also blacklist certain URLs and prevent users from copying and pasting information from approved to unapproved apps. Still, MAM keeps IT out of personal data.

While MAM represents a step toward balance, it's not perfect. Secured versions of apps generally don't come with a complete feature set. Custom apps are a hassle because they require app wrapping, which can fundamentally alter the app's performance. In addition, the MAM-specific APIs IT needs to implement security controls can quickly drive up the price of developing, testing and maintaining an app.

Mobile information management (MIM) takes things a step further, allowing IT to manage the data itself, including where it moves and how it can be accessed. Because workers use collaboration tools such as Dropbox and Google Drive for corporate and personal storage, MIM's importance cannot be understated. MIM is also useful for synchronizing data across devices.

IT can create encryption policies on individual pieces of data as well, but the policies are enforced by the apps, operating systems and devices, which requires IT to have the requisite skills to coordinate across multiple layers of an app stack.

Balance the BYOD scales with EMM

MDM, MAM and MIM are all nice, but alone they aren't enough. Enterprise mobility management (EMM) is a holistic approach that incorporates device, application and information management, but focuses on a fourth, often overlooked variable in mobility -- the user. With EMM, IT has the power to grant groups and individuals different permissions based on their roles.

EMM allows IT to set hard and fast expectations for reasonable use of devices and data, giving admins control over the apps employees use. It also shows users they have to take measures to protect against theft or loss, keep the OS and apps updated, and unregister any devices no longer used for business purposes.

Managing the complete BYOD lifecycle

With everything in balance thanks to EMM, it's time to get the BYOD mobile plan going, which means covering the entire lifecycle. It starts with determining who needs to be involved with what and when.

One approach an organization can take is for business data and app owners to work with systems administrators and the security team to establish acceptable use, security and management policies. After that, the developers have to use the policies to wrap apps to meet all BYOD guidelines. Then they take the apps to the device admins and pick a list of approved apps. Next, devices are registered or unregistered with the management software server and console. Finally, IT determines the final directory of acceptable and unacceptable apps and sites employees can use.

The job is not over though. There are several ongoing pieces to a BYOD plan, including reporting and compliance measures and verifying user device registration.

Next Steps

Best practices for BYOD management

Complete guide to BYOD in the enterprise

How to craft a BYOD policy

Dig Deeper on Endpoint security management tools