Mobility has changed the whole landscape of the enterprise. People now want to be able to work from anywhere, at any time and on any device. Studies have shown that people are subsequently working more hours, but this mobility also creates challenges for the IT environment. Ben Rossi explores how organisations can address these challenges to fully reap the rewards of enterprise mobility.
The consumerisation of IT and BYOD (bring your own device) phenomenon have had a massive impact on how enterprises are run.
On the one hand, it’s brilliant for both the employees and enterprise. Employees can use the devices and operating systems they prefer to use, whilst enterprises get more work out of them, with studies estimating people working up to 50% more hours, and even on vacations, because of the advent of mobility.
“Workforce mobility is one of the key ingredients when trying to create a professional, efficient and motivated workforce,” says Mikael Hansson, Head of IT, Ericsson ME.
“We need salesmen who, when interacting with customers, have access to all necessary information to initiate deliveries to the customer and the revenue collection before returning to the office. For us at Ericsson, workforce mobility is one of five corner pillars in our IT strategy,” he adds.
Other research into flexible working practices has pointed to the fact that a flexible working strategy is a huge benefit to the business and vastly improving productivity by keeping people connected from wherever they are.
“Research also says that on average more than half of a company’s ability to generate revenue depends on the positive productivity of its employees, so the extra productivity of flexibly working employees has a significant impact on the bottom line,” says Daniel Schmierer, Area Sales VP, MEA and Turkey, Polycom.
Deepak Narain, Manager, Systems Engineering, VMware, refers to another study highlighting how younger generations of employees are more productive when able to work from home.
“Young employees work more efficiently when they have an outside stimulus involved, such as the sound of a crowd or while watching television. Corporations need to embrace this idea anyway, because if they do not, these devices come in anyway and IT has lost all control,” Narain says.
Katja Rudd, Research Director, Gartner, adds: “With increased mobility, employees can place orders from on-the-road and receive work orders as they come in during the day. By routing field engineers more effectively, not only do they become more productive, fuel consumption is reduced and engineers can give more accurate information regarding arrival times to customer sites.”
However, with all these benefits comes a mass of challenges for the IT environment.
One is the risk to security and integrity of the corporate data, says Tareque Choudhury, Chief Security Officer, BT.
“According to a recent BT survey, only one in 10 IT managers think that all BYOD users recognise the risks and less than one in five believe all users understand the access and permissions related to their mobile devices,” Choudhury says.
“It appears IT managers are nervous, and with some justification. Of employees who use their own device for work, one in three see no risk in using their own device in a work context and just a quarter recognise the significant risks they pose to company security,” he adds.
Striking the balance
According to Hansson, one of the biggest challenges is to strike the balance between information security and ease of use.
“Mobility solutions need to be both quick and simple to use, since you are carrying around one of your company’s most important assets while being on the move. Speed of implementation is another challenge. If companies cannot bring in mobility solutions in a timely fashion, the creative workforce will identify their own ways and solutions. This might work very well for the individual, but might not be the best solution for your company from both a cost and security point of view,” Hansson says.
Choudhury adds that as with mobility, which has today become much more widespread, the key to implementing successful BYOD policies is implementation of policies that clearly spell out the rights and responsibilities of employees.
“Over four in five companies say they already allow BYOD or will do within the next 24 months and 60 per cent of employees claim they are already allowed to connect personally-owned devices to the corporate network. By far the most important element in allowing BYOD is education of employees and constant monitoring,” he says.
However, James Lyne, Director of Technology Strategy, Sophos, believes it is all about making compliance as simple and automated as possible, and modernising policies to cover mobile devices.
“You need to identify how these devices will be used, what data is acceptable to be present on them and the level of security obtainable on a per platform basis. You won’t be able to achieve identical security on an Android, iPad, PC and Blackberry, for example. On a case-by-case basis organisations should assess their risk profile, their adoption strategy and then define technical and policy controls to help them overcome these challenges,” Lyne says.
There is little doubt that the mobile security market is less mature, though good capabilities that simplify deployment, and easy adoption such as via the cloud, are now coming to the fore.
However, it seems that one of the biggest challenges is the casual loss of control by IT.
“Where typically certain functions were performed automatically, now they may not be and require the user to act. In an effort to please users, sometimes adoption projects can run on without addressing this detail,” Lyne says.
“Users may also make configuration changes post IT set-up, such as reducing the requirement for a pin or password on the device as it is an irritation. Interestingly, I’ve observed in many cases that users do not think of security in the same way on a mobile as a PC and can make poor decisions which they would never implement on a PC,” he adds.
Reacting to risk
Rudd says organisations must determine their tolerance to risk as part of their BYOD initiatives.
“Risks associated with BYOD initiatives are sensitive data loss, exposure to malicious software, device loss, showing a client out-of-date information, or any other business-risk-driven metric an organisation decides on,” he says.
With all these challenges that the IT environment faces in order to allow the enterprise to embrace mobility, the key question remains how to keep security intact.
“One such solution is for the IT team to set up a virtualisation of the desktops, which will allow the workers to finish their assignments away from the office, as well as giving the IT team control of what goes in and what comes out, creating a safer and more secure work experience,” Narain says.
Hani Nofal, INS Director, GBM, adds: “I believe that most IT organisations have to establish, at a macro level, what types of devices they will permit to access the network, perhaps excluding a category or brand due to unacceptable security readiness or other factors. Support must also be considered, such as adopting more IT-assisted and self-support models.”
According to the Cisco Visual Networking Index (2011), it is estimated that mobile devices and the traffic they create on networks will increase by 26 times between 2010 and 2015, driven by more powerful smartphones and tablets.
In 2012, Canalys estimated that smart device shipments will exceed 1.1 billion units with 23% growth, compared to only 461 million PC units, worldwide.
“The users of those mobile devices demand Internet access and access to applications wherever and whenever they want,” Nofal says.
“Very little of those mobile devices will have a LAN port to connect to a wired network, which means that this growth will drive an explosive build-out of Wi-Fi networks by employers, 3G and 4G networks by mobile providers, as well as public Wi-Fi by the likes of retailers and municipalities. It is not a surprise then to see that the wireless LAN network market grew globally in 2011 by 26% year on year compared to only 6.6% for the wired LAN networks,” he adds.
In terms of the Middle East, the mobility trends are very similar to those impacting the rest of the world.
“Research indicates that malware targeting Android-based devices has increased by nearly 500% since last summer. As organisations seek to securely integrate mobile devices into their corporate enterprises, they will increasingly require defences that deliver comprehensive visibility into vulnerabilities on the network to protect against advanced threats that result from mobility and BYOD challenges,” says Maher Jadallah, Regional Manager MEA, Sourcefire.
He adds that the BYOD culture has just begun and is growing rapidly as mobile devices connecting to corporate networks are increasingly owned by employees.
“While we can’t predict what the future will hold for smartphone malware, we expect that security professionals will continue to face new challenges resulting from the growth in mobility and the BYOD movement,” Jadallah says.
Schmierer believes technology companies will continue to lead the way as adopters of the BYOD model. “Also, companies that are predisposed to the innovative use of ICT in their business processes will be more likely to encourage BYOD,” he concludes.
