Documente Academic
Documente Profesional
Documente Cultură
Since mobile devices have proliferated as consumer gadgets as well as business tools, individuals are not only more comfortable with technology, they have their own preferences and want to make their own choices for work as well as at home. This bring your own device (BYOD) idea started with mobile phones, especially once smartphones became widespread, but has also been quickly embraced for other devices, in particular tablets and, to a lesser extent, notebooks, laptops and PCs. This brings an enormous management headache for organisations, but the smart move is to recognise that the device is ultimately far less important than the applications it runs and the data it has access to. This is where attention needs to be focussed to ensure the most important enterprise assets are properly protected and secured.
Rob Bamforth Quocirca Ltd Tel : +44 7802 175796 Email: Rob.Bamforth@Quocirca.com
Clive Longbottom Quocirca Ltd Tel: +44 118 948 3360 Email: Clive.Longbottom@Quocirca.com
Executive Summary
Consumer attitudes infiltrate the enterprise Smartphones and tablets similar or different? Securing the hardware
BYOD mi ght have been the most vi sible trend relating to the decentralisation of decisions over the l a st few yea rs, but i t i s by no means the only exa mple of consumerisation of IT (wi th cloud s ervi ces, s ocial media a nd mobile a pps a lso ha ving a bi g i mpact) a nd a s hift i n technology deci sion-making towards the needs of the business and individual users. CIOs and IT managers s hould not s ee this a s a threat to be resisted, but to be understood and embraced wi th a more s el ecti ve a nd pri ori ti s ed a pproa ch to ma na gi ng the core va l ues a nd benefi ts of IT. Mobi le phones, even a s they beca me s marter, ha ve been ma naged di fferently to other computers due to requiring contracts a nd often being subsidised by operators. In many cases they ha ve only recently moved from being managed by facilities or telephony contract managers to IT, whereas ta blets always appeared more like tra ditional IT devi ces. However, l ogically, they ha ve a similar i mpact on IT management, yet all too often IT still views them differently this needs to cha nge. Sys tems tha t a ccess corpora te IT res ources, whether owned by the employee or the orga nisation, need to ha ve s ome l evel of control a pplied to them i n order to protect the orga nisations assets. However, ca re must be ta ken a s devices a re ra rely ever going to be used excl usively for one purpose in future. Mobile devi ce management (MDM) must be discerning a nd discreet, but integrated wi th other mobi l e a nd s ys tems ma na gement s o not discrete. Mos t compa nies recognise the need to extend thei r mobility control s to i ncl ude mobile a pplication management (MAM) but, as yet, this is often disjointed and as many as one in five compa nies ha ve not even hea rd of MAM. Ta ki ng the next s tep towa rds s a ndboxing, conta inerisation or dual persona to s eparate work and personal a pplication usage is s till i n very ea rl y stages, but there appears to be an a ppetite to move in this direction, as banning or limiting the us e of pers ona l a pps i s a non -s ta rter. Enterprise data, a nd the context wi thin which i t is being accessed, i s one of the most important el ements of s ecuring a nd ma naging mobility a nd the one most l ikely to be keeping IT managers a wa ke a t ni ght. Ma nagement of da ta a ccess i s pa tchy, wi th jus t over ha lf havi ng data leak prevention (DLP) tools in place a nd over two thirds allowing data to be stored in cloud stores. Over a qua rter use encryption, but only 11% s tore data i n s eparate containers on BYO devi ces . A more precise a pproach to ma naging what i s important would benefit the organisation and mi nimise the impact on end users, who would still have freedom to choose and use their own a pplications. The orga nisation would a lso be s afe i n the knowledge tha t i ts a ssets a re more s ecure. This requires a more discriminating a pproach to IT s ecurity a nd a better understanding of wha t i s important from a business perspective, but this woul d do IT no ha rm wha ts oever.
Focus on data
Conclusions
Des pite all the hype, most organisations are s till at the early stages of dealing with BYOD and mobility i n general. However, their empl oyees a nd customers are already very fa mi liar wi th the benefits of using their preferred i tems of technology from hardware devi ces, through applications to cloud storage a nd servi ces. There is no simple way to deal with BYOD. It will not be limited to certain empl oyees or devices and will spread to encompass new technologies, from wearables to other ga dgets in due course. Organisations need to embrace the diversity of devices and focus on managing their core assets, not the networks and tools that access them, which wi l l , i ncrea s i ngl y, be outs i de thei r di rect s phere of i nfl uence.
Quocirca 2014
-2-
Quocirca 2014
-3-
Organisations and their IT management need to accept that BYOD is a reality and will only continue to increase as mobile technologies evolve. Employees have had mobile phones for some time, but not until phones became smarter, consumer-oriented computing devices, did the issue of bringing-your-own for work become a major issue. Attempting to restrict employees or hold back the tide will only prove to be futile. There was a cross-over when the cost of smartphones and their contracts dropped to the point where it could reasonably be considered as a consumer purchase, and that new and more appealing devices would appear before the end of the contract, creating pent up demand for the latest device. Consumers move qui ckly to get the latest device of their choosing, and typically much faster than their employers purchasing function. All of a sudden it seemed like the technology used for business had, for the first time, fallen behind that used by consumers. It was no longer just personal preference, but perceived as better. This process has continued with other devices such as tablets, not necessarily related to network contracts . These offer similar capability for enterprise applications to running on traditional IT desktops and laptops but with the casual and informal user experience of tablets. Most tablets are still not supplied with cellular networks, and rely on Wi-Fi connectivity, so should they be treated the same as smartphones or not? The opinions of those who have embraced BYOD differ significantly from those who have not (Figure 3). The overly high concerns with tablets amongst deniers indicates that, while smartphones share a lot in common with tablets and are even more likely to be connected while mobile, it is the tablet that is predominantly causing their negative feelings towards BYOD. This could mean that deniers are lax with their management of smartphones. Conversely, embracers see smartphones and tablets as similar, and are most likely thinking of more sophisticated approaches for managing them. Opinions about the future also indicate a more casual attitude among deniers, in thinking that the status quo will remain or that matters will simplify (Figure 4). They will likely find that reality is very different, with the mobile landscape undergoing significant change and innovation. The embracers, who already anticipate change and are putting in place more flexible approaches for managing mobile fleets, are better prepared. It is now time to accept the reality of BYOD and work out how to manage what is most valuable to the organisation its data.
Quocirca 2014
-4-
Quocirca 2014
-5-
The fundamentals of MDM have fairly widespread understanding, thanks in part to the success of BlackBerr y and the features of the BlackBerry Enterprise Server (BES). While struggling now, BlackBerry set the early standard for enterprise mobile management, much of which has been picked up by software tools vendors, as most enterprises have moved to a more open, multi-vendor world. The main attributes required of MDM tools are to be able to remotely wipe and lock the device, typically on the occasion that it has been lost or stolen (Figure 7). This also tallies with the overall need to spot when a device connects to the network. The provisioning of a base environment across a set of devices is a reasonable requirement for those being deployed by the organisation, but is less likely to be useful in a BYOD scenario. Similarly, quarantining an entire personal device will only antagonise users. A lowly scoring for interest in the need to be able to create containers (something that might prove a useful way to isolate work from personal on a BYO device) indicates that much of the thinking is still about keeping complete control of the device, even if it is not owned by the organisation. MDM tools are, for many organisations, becoming a standard requirement for overall IT management, but, surprisingly, about a quarter say that whilst aware of MDM, they do not currently use anything (Figure 8). Perhaps more worryingly, over 5% had not even heard of MDM. This smacks of trying to ignore the issue of mobility in the forlorn hope that it will disappear. Thankfully, many more have a more sensible attitude and either us e MDM-specific tools or have the required capabilities within general management tools. A significant lack of integration of MDM tools with other systems management tools among MDM users, and the high percentage of only basic mobile management functionality with those using existing tools, highlights that this is still a relatively young and immature market. The last few years has seen a degree of consolidation among the vendors of mobile management products. Acquisitions by established mainstream IT suppliers should lead to further product maturity, which will feed into the market over time. The even more promising development is that this will inevitably bring forward the integration of other useful management capabilities, relating to applications and data, into mobile management platforms.
Quocirca 2014
-6-
Quocirca 2014
-7-
The more proactive approach of designing specific apps for the mobile user finds some favour, although the preference for native applications for each platform over the more universal use of multi -platform technologies, such as HTML5, will cause problems as devices continue to evolve and diversify and as BYOD evolves. As with MDM, there is a split in the area of mobile application management (MAM) between those using tools that have been designed specifically for the purpose of MAM and those using application management capabilities in existing system management tools (Figure 11). While a few are making use of capabilities already in existing tools to help manage applications, the vast majority only have basic capabilities. Also there are fewer using MAM tools than MDM, and most of the MAM usage is not integrated with existing application management tools. Unfortunately, there are a large number not using anything at all and, of these, more worrying is that almost a quarter have not heard of mobile application management. When asked what might be useful feature requirements for MAM tools, there were no clear leaders, although there appeared to be a reasonable recognition of the need to separate private and business-owned data, despite a lack of appetite for containerisation, which was the lowest ranked feature here and elsewhere in the survey (Figure 12). It is highly likely that the concept of containerisation has not previously been well explained or widely understood, as this is an excellent way to provide the kind of separation that appears to be desired.
Quocirca 2014
-8-
This is borne out when looking into the detail of the use of containerisation. Few are actively using, and around a third are only piloting or actively inves tigating its usage (Figure 13). Beyond this, the majority of the remainder are not aware of containerisation and those that are have never considered its use. As BYOD continues to grow and spread, both down from senior executives and managers and across the organisation, the challenges of managing and allowing for the separation of personal and work elements will only increase. Containerisation is one area of mobile management many more should investigate. Beyond enterprise applications, the strong emphasis on mobile application development and supportive consumer channels to market encouraged by the mobile ecosystem leaders, especially Apple and Google, has produced a huge number of applications. While much of it is aimed at the consumer, with entertainment, games and ephemeral iTat, there are also useful applications for business users . The downloading and use of such applications is another important aspect of consumerisation Few such apps could be regarded as critical, but many offer useful information or support for mobile users. Enterprise attitudes to these types of applications is, however, rather unforgiving, with many not allowing their use, often insisting on the use of applications from corporate app stores only (Figure 14). This is not necessarily a problem, but a better approach is to have a defined list of acceptable apps and work with users to manage that list to ensure that useful apps are permitted, but checked to ensure they do not compromise security.
Quocirca 2014
-9-
Quocirca 2014
- 10 -
With increasing use of cloud-based storage services, especially for personal use, BYO devices bring further challenges for controlling the flow of corporate information. Over a fifth of companies say they do not permit BYOD access to corporate documents, but the majority do allow some access to such documents from either corporate or consumer versions of cloud storage services (Figure 17). Most try to limit this to basic documents, where hopefully this means documents that are of use to the general running of the business or employee efficiency, but are not critical, secure or private. Discriminating between different levels of security for different documents is important, but it must be kept consistent and well communicated so that everyone understands their responsibilities and it is enforced with appropriate tools. DRM and DLP go hand in hand with policies aimed at managing the use of public cloud storage. This type of information discrimination should ideally go much further and take notice of the context surrounding the potential use of data. This means a deeper understanding of who, how, and where in relation to remote access to corporate information. Many companies seem to be fully aware of the basics of what is required identifying the user and controlling flow to the device itself but some of the more subtle, yet potentially vital, elements of context are not deemed as important i.e. location, information classification and employee role (Figure 18). Doing so may currently be regarded as intrusive, but given that BYOD brings a higher level of choice, and therefore openness, which will only increase as devices continue to evolve and more employees expec t freedom of choice, the need to be mor e precise with controls will also increase. This is no longer about blanket approaches to security by the creation and enforcement of perimeter walls and fences, but a much mor e pinpoint and targeted protection of things of value to the organisation. This precision, or smart security, requires better intelligence in order to be fully effective.
Quocirca 2014
- 11 -
Conclusions
The old certainties are disappearing in the IT world. The old world of a comfortable and steady set of vendors, decisions made on technical capabilities, users happy with what was provided and all wrapped inside a controlled and secured perimeter has gone. The reality is that things were never that simple, but sometimes they could be treated that way as it made life easier. Now, users want to make their own choices because, as consumers, they are aware and comfortable with IT and they feel that the organisations own IT offering is often behind the curve. This may often be true and it not only impacts on users, it impacts on the business. Too often in its relationship with the business, IT is seen as a cost, difficult, and making seemingly arbitrary decisions the blockage in the end office. It does not need to be this way. BYOD might have brought many issues, especially those regarding security, to the fore, but all it really does is highlight the need to be a little more precise in the way in which corporate digital assets are managed, protected and used. It is highly unlikely that the trend towards user choice and BYOD will reverse and, if anything, it has already spread to individuals making even more of their personal choices around applications, cloud services and how they like to be identified. BYO does not stop at devices. Those companies that understand and embrace this trend, and take the necessary steps to manage it with precision, will reap the benefits. They already have a less stressful attitude to security, without being complacent (Figures 19 and 20). Accepting that it is inevitable and managing it on your own terms is the best way to deal with change. BYOD is just a current phase in the constant evolution of IT towards a more open, distributed and highly diverse collection of digital assets. The key for those tasked with managing IT for their organisation is to work out which digital assets they need to focus most of their attention on, and which they do not.
Quocirca 2014
- 12 -
Quocirca 2014
- 13 -
Quocirca 2014
- 14 -
About Oracle
With more than 390,000 customers - including 100 of the Fortune 100 - and with deployments across a wide variety of industries in more than 145 countries around the globe, Oracle offers an optimised and fully integrated stack of business hardware and software systems. Oracle engineers hardware and software to work together in the cloud and in the data centre - from servers and storage, to database and middleware, through applications. Oracle systems: Provide better performance, reliability, security, and flexibility Lower the cost and complexity of IT implementation and management Deliver greater productivity, agility, and better business intelligence For customers needing modular solutions, Oracle's open architecture and multiple operating-system options also give customers unmatched benefits from best-of-breed products in every layer of the stack, allowing them to build the best infrastructure for their enterprise.
REPORT NOTE: This report has been written independently by Quocirca Ltd to provide an overview of the issues facing organisations seeking to maximise the effectiveness of todays dynamic workforce. The report draws on Quocircas extensive knowledge of the technology and business arenas, and provides advice on the approach that organisations should take to create a more effective and efficient environment for future growth.
About Quocirca
Quocirca is a primary research and analysis company specialising in the business impact of information technology and communications (ITC). With world-wide, native language reach, Quocirca provides in-depth insights into the views of buyers and influencers in large, mid-sized and small organisations. Its analyst team is made up of real-world practitioners with first-hand experience of ITC delivery who continuously research and track the industry and its real usage in the markets. Through researching perceptions, Quocirca uncovers the real hurdles to technology adoption the personal and political aspects of an organisations environment and the pressures of the need for demonstrable business value in any implementation. This capability to uncover and report back on the end-user perceptions in the market enables Quocirca to provide advice on the realities of technology adoption, not the promises.
Quocirca research is always pragmatic, business orientated and conducted in the context of the bigger picture. ITC has the ability to transform businesses and the processes that drive them, bu t often fails to do so. Quocircas mission is to help organisations improve their success rate in process enablement through better levels of understanding and the adoption of the correct technologies at the correct time. Quocirca has a pro-active primary research programme, regularly surveying users, purchasers and resellers of ITC products and services on emerging, evolving and maturing technologies. Over time, Quocirca has built a picture of long term investment trends, providing invaluable information for the whole of the ITC community. Quocirca works with global and local providers of ITC products and services to help them deliver on the promise that ITC holds for business. Quocircas clients include Oracle, IBM, CA, O2, T -Mobile, HP, Xerox, Ricoh and Symantec, along with other large and medium sized vendors, service providers and more specialist firms. Details of Quocircas work and the services it offers can be found at http://www.quocirca.com Disclaimer: This report has been written independently by Quocirca Ltd. During the preparation of this report, Quocirca may have used a number of sources for the information and views provided. Although Quocirca has attempted wherever possible to validate the informati on received from each vendor, Quocirca cannot be held responsible for any errors in information received in this manner. Although Quocirca has taken what steps it can to ensure that the information provided in this report is true and reflects real market conditions, Quocirca cannot take any responsibility for the ultimate reliability of the details presented. Therefore, Quocirca expressly disclaims all warranties and claims as to the validity of the data presented here, including any and all consequential losses incurred by any organisation or individual taki ng any action based on such data and advice. All brand and product names are recognised and acknowledged as trademarks or service marks of their respective holders.