BYOD: "The Inmates of the Asylum Have Control"
Mobile devices are multiplying and -- sanctioned or unsanctioned -- finding their way onto corporate networks. For IT pros, the influx of personal mobile devices to the corporate network is raising security concerns, creating management challenges, and swamping the help desk with support calls.
In a survey of 400 IT pros jointly conducted by Network World and SolarWinds, respondents shared a wide range of tactics for handling the mobile device management challenge.
For starters, the majority of survey respondents said their companies issue mobile devices that can access the corporate network, including laptops, tablets and smartphones. RIM BlackBerry devices, iPhones and Android devices are among the most common corporate-issued smartphones, cited by 48%, 45.7% and 38.4% of respondents, respectively (multiple responses allowed). Windows Mobile devices are issued by 14.4% of respondents.
[MOBILE WORK: 25 useful iPad business apps]
Just 15.1% said their companies don't issue mobile devices with network access. Tellingly, some of the respondents whose companies don't issue mobile devices said there's opportunity for end users to bring personal devices to work -- the bring-your-own-device, or BYOD, trend -- and receive support from corporate IT.
"We provide a monthly stipend where users can BYOD for smartphones. We support iPhone, RIM and Android devices," one respondent said.
"We don't issue mobile devices, but users who own their own mobile devices can access the corporate network once they have received IT permission," another respondent said.
The BYOD trend is not universally embraced, however.
In the pro-BYOD camp, 59.3% of respondents say there are no device restrictions when it comes to employee-owned devices that are allowed to access the corporate network. (Access is often limited to specific Web applications or segregated virtual networks, however.)
Among the remainder of respondents who restrict specific personal mobile devices from accessing corporate resources, there was no one device type that's universally banned. Respondents were nearly equally likely to not allow Android (26.6%), iOS (22.8%), RIM BlackBerry (22.3%) and Windows Mobile devices (24.5%)
When asked why companies decided not to allow specific personal mobile devices, responses varied. Many were absolute: "If it is not company-owned, it does not touch our network," one respondent stated. Another said there's "no need to have personal devices on the network when the company provides every resource necessary to do your job."
Respondents frequently expressed security concerns and IT support challenges. They cited the potential for loss of confidential information via personal devices; legal issues and regulatory compliance risks; the introduction of malware threats; and the management burden associated with supporting diverse device types. (See our sampling of BYOD user policies.)
If employees use personal devices to access the corporate network, "in our experience they expect the IT department to also support those devices, and we have a strict policy against supporting devices that we didn't issue," explained one respondent. "We've taken a lot of time and effort to become familiar with specific devices and software, and that's what we expect to be used."
"Most often these devices are using pirated software, have been infected from home, or are being utilized to do non-work-related stuff," another said. "We have not set up a method to segregate these from our production network, so for now they are not allowed."
Not surprisingly, permission is not always clear-cut. Some respondents said exceptions are made for certain job roles (and certain company executives) that are allowed to use personal devices to access the network.
Nor is it always clear exactly how often employees bring their own devices to work. When asked if they're confident they know about all the personal mobile devices with access to the corporate network, respondents expressed varying degrees of certainty. Sixteen percent said they are certain, 30.4% are very confident, and 26.3% are somewhat confident. Meanwhile, 23.3% said they are not at all confident, and 3.8% admitted they have no clue.
The BYOD effect
Despite myriad security concerns and manageability challenges, there are positive effects associated with the BYOD trend.
Among the respondents whose companies allow personal mobile devices to access the corporate network, 46.2% said the policy has increased productivity among end users. A nearly similar number (47.2%) said it has increased end users' ability to work from home.
"Team members are always able to receive and respond to emails, regardless of where they are," one respondent summed up.
In some cases, having a BYOD policy has positively impacted employee relations. BYOD has "improved employee attraction and retention," one respondent said. "We have seen a change in morale," another noted. The policy has "increased job satisfaction for the employee and satisfaction with central corporate IT's customer service," another concluded.
Next page: Additional survey results