by Davin Wilfrid • @dwilfrid

Are You Ready for BYOD? What IT leadership should ask before committing to a BYOD strategy

Published July 31, 2012


There’s nothing the IT chattering class loves more than a good acronym, and the tidal wave of consumer devices into the corporate world was perfect fodder. Professional trend spotters hailed the era of BYOD (bring your own device) and pronounced it the next big thing. From here on out, the IT department would have to make all of its internal applications available to its entire workforce on every device, platform, or gadget. Allowing users to choose their own work devices would lead to happier users and lower IT costs.

Not so fast, says Bob Sutor, VP of Mobile Enterprise at IBM. While the mobility revolution is real, and more organizations are allowing users to connect to back-end systems via more devices, BYOD is simply too broad a term to reflect a good strategy.

Mobile is not a bubble. BYOD is not a bubble either. There are a lot of good reasons to do it. But you have to take a deep breath and be smart about it.

Bob Sutor, VP of Mobile Enterprise

“Mobile is not a bubble. BYOD is not a bubble either. There are a lot of good reasons to do it. But you have to take a deep breath and be smart about it. And wherever you need to place restrictions—do it,” says Sutor. Those restrictions may include limits in the areas of personnel, platforms, devices, and applications.

In other words, “bring your own device” shouldn’t mean “anyone can bring any device”. Companies need to carefully define the parameters under which users will be allowed managed choice and flexibility.

Designing an effective BYOD strategy requires careful consideration of your company’s needs. Here are three questions IT leadership should ask before committing to a BYOD strategy.

1. Is BYOD really your future?
According to a recent IDC benchmark study, 77 percent of companies provide smartphones to their employees and 49 percent provide tablets. Only 7 percent of mobile devices at those companies were purchased by employees. “No company I’ve ever talked to supports BYOD. None. Zero,” says Kevin Benedict, a mobile industry analyst and consultant at NetCentric Strategies. “But they are being pressured to expand the number of mobile devices they are willing to support.”

According to Benedict, pure BYOD is not a strategy, but rather a “lack of a strategy.” An effective strategy would identify which devices and which workers need to be supported and start from there.

Sutor says the process of identifying appropriate mobile access may require some pushback from IT to limit BYOD sprawl. “Employees who want to be on the network with these new types of devices have to have a reason to be there. If they have full access from their laptops and they are always in their office all day long, and that's the only time they need access to the network, you may not want to give them access via smartphone,” he says.

The enterprise has to find a way to take advantage of the devices people have to not only offset the budget but in terms of what they can do with these tools.

Bob Sutor, VP of Mobile Enterprise

However, BYOD is a very real strategy for some companies. Chaotic Moon Labs is a mobile application development shop which is nearly 100 percent BYOD, from laptops to smartphones. New employees are asked to use their own equipment for work, or are given a budget to purchase new equipment. William Hurley, General Manager at Chaotic Moon says the speed at which these employees are able to get up and running makes this strategy more than worth it. Recently a new employee was able to contribute code to a project via his laptop from the passenger seat of the moving van relocating him from Tennessee to Chaotic Moon’s Austin headquarters.

“By the end of 2013 we’ll be at 150 or maybe even 200 or 300 employees, and we still won’t have an IT department. We’ll just have someone in each department who can tell you how to get to your stuff,” says Hurley.

In the end, every company will need to balance the benefits of BYOD (reduced hardware costs, happier employees) against the potential drawbacks (server load, security issues, app maintenance) before pursuing any path.

Before adopting a development platform or even allowing employees to bring their own devices, IT leadership should start with a comprehensive mobility strategy that addresses security, device management, and application development and maintenance, says Benedict. That plan needs to include a thorough review of who needs mobile access to back-end data, and which devices they should be allowed to use.

Sutor says most companies will need to support iOS and Android (at least a few versions), and possibly BlackBerry and Microsoft Windows mobile operating systems. The key is to take a practical look at your user base in order to determine what needs to be supported.

2. Are your security policies in place?
In the beginning, there was the mainframe. Then mankind evolved the ability to connect to corporate data at his desk. With the advent of the laptop, man was free to carry his data and leave it on a hook in an airport toilet stall.

In fact, according to Sutor, the current mobility revolution is in many ways a continuation of what laptops started. “A lot of the core issues with mobile devices are, in fact, the same with laptops. Think about someone who uses a browser and gets sucked into a phishing scam. That browser could be on the laptop or a mobile device. The need for security for portable devices wasn't invented with smartphones and tablets, but there are some extra things with mobile that you have to pay attention to.”

For example, if someone is able to access back-end systems from his smartphone, he may be accessing via 3G, 4G, or another cellular data network. This raises several questions for the IT department, including who pays for that data consumption, how to prepare for the impact of increased traffic on the internal network, and whether the company needs to consider any additional security measures to protect data as it moves through a third-party network.

That said, device management principles are largely the same with smartphones and tablets as they would be with laptops, says Sutor. They all need to be protected with security codes and passwords, and IT should have the ability to prevent access to back-end systems if the device is lost or stolen. However, Sutor says, mobile devices are more likely to be lost, so IT should prepare for an uptick in those procedures.

 The hybrid model gives you reusability of Web skills. Then you learn just enough of the extra stuff you need. Those skills then become reusable and transferable from project to project to project.

Bob Sutor, VP of Mobile Enterprise

3. Who will make your apps?
Walking hand-in-hand with consumer devices is the app store. Smartphone and tablet consumers are now used to browsing vast warehouses in iTunes or Google Play, where they can sift through hundreds of thousands of possibilities before downloading the app they want to use. Things will need to be managed differently in a corporate setting, says Sutor.

“Those apps don't just arrive there. They were created by someone. The question is ‘who’? They have to think about who is going to develop and maintain these mobile apps,” he says.

Of course there are a number of development frameworks and tools available to create your own apps. However, allowing developers to choose their own way can quickly turn into a maintenance nightmare for any company, says Sutor. A better approach is one in which the creation of mobile apps is standardized across the enterprise.

“If you're using lots of different tools from lots of different vendors to create your apps, you’re going to have a heck of a time maintaining these things,” he says. “If everyone’s using the same platform or standards, that makes it a lot easier to have a simplified development environment and simplified way of managing those environments and maintaining those versions.”

Most larger companies eventually streamline app development by using a mobile enterprise application platform (MEAP) to standardize the development and ongoing maintenance of mobile apps. There are several commercially available platforms to choose from. Earlier this year, IBM acquired Israel-based Worklight to fill this need. Sutor says the real advantage of Worklight is that developers will be able to capitalize on their existing skills to bring business apps to life, rather than learning an entirely new code base or platform from scratch.

Apps developed on Worklight are typically a mix of standard Web technologies, such as HTML5 and device-specific code to allow the app to perform basic functions such as accessing a device’s camera or calendar. Developers with years of experience in Web apps will find it relatively easy to pick up on the extra skills necessary.

Common mobility mistakes>>


Focusing on one device

Developing an app or set of apps tailored to just one device, whether it’s a smartphone, tablet, ruggedized tablet or anything else, is the highway to vendor lock-in and replacement headaches down the road. A smart enterprise focuses on software first and promotes development that is at best device agnostic, at worst compatible with two or more device types.

Trying to replicate the desktop

Allowing employees to do their jobs from their smartphones or tablets doesn’t necessarily mean porting the entirety of functionality from the desktop application to a mobile application. To avoid server overload, security problems, and code bloat, IT leaders should justify any functionality before making it available on mobile devices.

Apps for apps’ sake

Just because your competitor developed an app or started supporting iPhones in the workplace is no reason for you to follow, says Sutor. Rather, organizations need to consider the bottom-line value of mobile apps first, and forego anything that doesn’t contribute.

Herding cats

Many companies started down the path to mobility by allowing divisions or groups to pilot their own projects, which in turn led to immense complexity managing the high volume of applications developed on multiple frameworks. Updating just one piece of functionality or fixing a security flaw becomes a nightmare when IT has to sift through reams of documentation on each platform.

Trying to please everyone

BYOD is largely a response to demand from employees, who can see the value in working untethered from work-provided devices and machines. Smart organizations will need to limit that demand, however, by selecting only the appropriate devices that will be supported. This means some employees will not be able to use their preferred devices, but it will save in dollars and headaches down the line.

X Close

“The hybrid model gives you reusability of Web skills. Then you learn just enough of the extra stuff you need. Those skills then become reusable and transferable from project to project to project,” says Sutor.

Centralized management of apps is also key to maintaining good security practices, he says. “Let’s say you find a major security flaw or a bug in an app that you've already distributed to 10,000 of your employees. You need to be able to go in and do something that forces people to upgrade the next time they use their app.”

Worklight is hardly the only MEAP out there. In 2010 SAP acquired Sybase, largely for its development platform. Antenna, Syclo, Pyxis, RhoMobile, and Kony all boast platforms offering “write once” applications that can be deployed to most major device types.

When choosing a development platform, IT leaders should be certain that it is able to deliver apps for the most likely operating systems before making any decision purchases. According to Benedict, all of these players will offer support for a subset of the panoply of mobile devices and operating systems out there. As long as your company’s preferred devices fit in that subset, it will be possible to develop apps on that platform.

“They all have enough customers that have deployed and are successful, that you can be pretty sure that it could happen,” he says.

The trend-spotting CIO and the future of BYOD
One of the defining characteristics of mobility is the incredible pace of change. Four years ago, the Android platform was just an idea floated by Google executives at developer conferences. Now there have been seven different versions of the platform, which have themselves been tweaked by hardware manufacturers into a wide array of options. In the age of mobility, CIOs have to be trend spotters and IT leaders must pivot quickly if a certain platform is picking up steam in the consumer space.

For example, IDC expects Microsoft’s Windows Phone platform to inch ahead of Apple iOS by 2016. While Windows Phone owns a very small piece of the market now, IT leaders committed to a modified BYOD policy should keep an eye on its progress. This puts extra burden on IT leadership to forecast trends and stay in front of the consumer space.

The buzz around BYOD will likely get louder over the next few years, as development standards mature and more devices flood the market. Sutor says we’re entering a period of roll-ups and acquisitions by major IT companies. SAP and Oracle, for example, have also acquired MEAPs in the past few years and are starting to gobble up niche players as well. What happens next, according to Sutor, is a sea change in how companies prepare to develop apps of any sort.

“I think what you’ll see happening in the industry across the board is that people are going to start developing applications by thinking about supporting mobile first. Then they’ll figure out how to extend the experience to laptops and whatever else.”



No one has commented on this item.