BYOD is a reality, and, by all estimates, it will continue to grow in adoption over the next couple of years, regardless of whether your company officially implements it as a policy or not. Current estimates place BYOD adoption at 60% within the workplace, and projections state BYOD may receive 90% adoption by 2014 alone.
With numbers these big being tossed around, many experts are beginning to argue that BYOD needs to not only be taken seriously- it needs to reshape the way we think about out UC solutions entirely.
Now, we need to point out that, even with BYOD on the rise, the workplace isn’t changing quite as radically as some experts want to paint. Mobile devices are being brought into the workplace to supplement and to add to the existing telecommunications environment found in many companies. While mobile devices offer impressive functionality, on their own they can’t run an entire company, and they remain largely inappropriate for certain functions (call center, secretarial) that traditional telephony technologies still handle best.
That being said, BYOD is becoming so prevalent that it really does require special consideration- especially when you think about the fact mobile devices offer their own security and functionality challenges to many UC systems.
Swimming in the Alphabet Soup
Looking over suggestions about how to handle BYOD, it’s natural to feel a little overwhelmed and confused by the volume of acronyms being tossed around. Let’s take a quick minute to discuss what some of these mobile-oriented solutions entail, and whether or not they’re necessary to adopt within your company’s network solution:
- MAM: Stands for “Mobile Application Management.” MAM products and programs revolve around helping companies to monitor, manage and safeguard mobile devices at the software level. If you adopt MAM then your company will basically tell your employees what apps they can use, your company will install those apps on your employee’s devices, and your company will maintain and manage those apps.MAM sounds restrictive at first, but it does offer a solution to the very real problem that many malicious third parties use fake apps on employee mobile devices to gain access to company networks. The main challenge to MAM is compliance- whether employees will actually let their employers completely police their personal mobile devices or not. Many employees dislike this option (though feel more open to it when it comes to using corporate provided mobile devices).
- MSM: Stands for “Mobile Security Management.” This is closely related to MAM, but it goes further than just encompassing application management and also manages content downloaded to, and accessed by, employees on their mobile devices. On a more lenient level, MSM can also refer to security safeguards built into mobile device’s operating systems and applications themselves. One of the main reasons why third parties target mobile devices to produce security leaks is due to the lack of these built-in, software-level precautions. Your company can impose them directly, though more and more devices and applications are beginning to take security as seriously as other UC providers.
In both cases, the debate rages between whether employees should be allowed full control over their mobile devices, or whether they should submit those devices to the company to maintain security. These debates move beyond application and security management and even extend to questions of whether employees should be allowed unrestricted access to the web on their own mobile devices, and whether mobile devices attached to UC solutions should be made fully visible to employers, IT and HR.
Restrictive or not, the security and compliance threats offered by BYOD need to be checked, and more often than not that means instituting formal policies related to all devices that attach to a company’s network- regardless of whether those devices are personally owned or not. Implementing these changes at both the policy and the software level (including restricting access to the company’s network to authorized, monitored and managed devices) seems to be the only sure way to protect networks… at least until mobile device OS’ and applications all standardize a high level of internal security.