BYOD might be a hipster honeypot but it's rarely worth the extra hassle

Security, compatibility, control... we enter another world of pain

Now I want to manage it

So far, then, we have a bunch of BYOD devices that are a faff to connect to the network and which place a fair support load on us. We still have to secure the devices so the users can put data on them. Now, we could mandate that users aren't allowed to put corporate data on their BYOD machines but while this is a reasonable idea in theory it's not very practical: these people are supposed to be able to work efficiently and smoothly, not have to fart about with, say, storing their files on encrypted sticks and the like.

So we mandate that the users must have some form of encryption on their devices. For Macs this is pretty easy (just turn it on); it's harder on Windows but still doable. This may well be enough to cover us in the event of someone's device being nicked from their car or left on the train.

Perhaps we also mandate that they have to run anti-malware software and keep it up to date (rather like we enforced with admission control earlier)... but we can't really guarantee they'll do it. It'd be better if we could use some form of control so we can enforce the requirement.

At this point things get hazy. There are plenty of packages out there that allow us to fully or partly manage devices, and many are excellent. The partial management packages suffer from one key drawback, though: users. Users understand that you need to have some control over their systems. Which is fine, until they understand that this means you can do stuff remotely, and that this includes deleting stuff.

Yes, there are sandbox-based apps that sit alongside the users' own apps and are manageable centrally. But these cost money, and since most devices are able to access corporate collaboration systems via ActiveSync and the like, this is often the way people go since the existing email server probably supports it anyway for zero investment. Which is all very well, but it means that the company's control over the device has a wider scope than just a tightly controlled sandbox, and the users start to get nervous that you could, for example, inadvertently blow away their daughter's wedding photos. Which is probably true.

So what's the alternative?

Well, you could just decide to buy a bunch of company-owned equipment. You'd devise a standard desktop/laptop build (maybe you'll issue laptops and docking stations so rovers don't have to have a desktop and a laptop) which your service desk was trained on.

For your laptops you'd probably have to invest in some admission control technology just like I mentioned for BYOD a while back. But of course your devices would be on the corporate Windows domain, so they'd authenticate just like company-owned machines (no surprise, given that this is what they are), probably use Certificate Services and 802.1x for network admission, and have their configuration under the control of the Active Directory world via Group Policies.

You'd have corporate anti-malware and corporate apps... but with volume licensing and rental models this needn't break the bank. You'd be able to control the encrypted internal drives from afar, and wipe them in the event of loss or theft.

That old buzzword

BYOD sounds – sounded – like a great idea. But it opened a whole new world of complexity in terms of support and device management that had not been foreseen beforehand.

It raised soft problems, too: it greyed the lines of who owned the device and what you're allowed to do it. Deleting somebody's files during an application update, for example, probably wouldn't go down down so well.

No, much better to bring back control over the ownership and supply of devices.

Owning the device brings back some much-needed control to proceedings: if you own the device you can be totally black-and-white about what users are allowed to do and what they're not. If there's an application update, it's not their files that get wiped and if it is then their files shouldn't have been on there in the first place.

Ultimately, ownership means you can end up on the right side of a term that seems to have fallen into disuse these days: Total Cost of Ownership. Reversing out of the unknown and unforeseen costs of BYOD for the known knowns of supplying your own: of controlling support and management and containing the risks – while getting benefits of mobile, of course.

Yes. I'm a re-convert. ®




Biting the hand that feeds IT © 1998–2018