At a recent Enterprise Mobility event, I spoke with a few Asia-based IT directors about their journey in the age of consumerization of IT, and how they were dealing with Bring-Your-Own Technology (BYOT) at work. Their responses ranged from ‘fear of the unknown’ – as in ‘how do we deal with this trend?’ to ‘paralysis by analysis’ – as in ‘let’s arm ourselves with as much information as possible, and analyze it to death.’
The issue is – their employees are already accessing corporate email on their own mobile devices – which means that these IT managers are scrambling to catch up to managing BYOT in their organizations. In fact, an IT head at a large FMCG organization admitted that he did not know where to start managing BYOT.
Security and compliance were key concerns for these IT folks, and their concerns are valid. Trend Micro predicts, for example, that 91% of targeted attacks begin with spear-phishing, a highly targeted type of phishing aimed at specific individuals or groups within an organization. This was heightened in a recent spear-phishing attack on a South Korea bank. The security provider also predicts that there will be 1 million malicious Android apps in the wild by the end of 2013 – another red flag for organizations coping with the rise of Android devices at their work place.
Like it or not, internal business functions will put pressure on IT to provide mobility to their workforce, and the fact that these IT directors were attending an Enterprise Mobility event is proof of that. My colleague, Michael Barnes, observes that IT is still only involved for due diligence in areas like security, bandwidth, and Internet requirements; governance and accountability considerations; and integration. It is time for IT to add value. Start by breaking your BYOT plan into elements:
- Link BYOT plans with your business and mobile workforce strategies: In a recent Forrester report, Industry Contexts And Constraints Diversify Approaches To Bring-Your-Own-Technology, we discuss industry BYOT strategies, and what you should consider as your users clamor for greater access to corporate data on their personal devices. If you haven’t already devised a BYOT strategy, you need to start building one now, even if it just means enabling a certain group of users to access their email.
- Involve relevant functions early: I agree with Katyayan Gupta’s recommendation that organizations must build cross-functional teams to plan their mobile strategies. Involve LOBs like finance, HR, legal and sourcing. In creating a BYOT policy, clearly define ‘go/ no go’ areas in compliance with local regulations.
- Worry about Windows XP support: Microsoft has announced that it will end support for the enterprise OS workhorse in April 2014, and with that, security patches and updates. Watch for employees who choose to use their own laptops running XP and accessing corporate data. Be certain to include XP migration in your BYOT plans, or at the very least, one that protect against potential XP security threats.
I hope this provides some guidance in progressing a BYOT strategy. I’d love to hear whether you face similar issues for enterprise mobility in your organization.