The growing BYOD trend has made mobile device management (MDM) tools essential for IT, and Mind Commerce estimates that the MDM market will grow annually at 23.3 percent compounded over the next five years.
However, by 2016, 20% of enterprise BYOD programs will fail because excessively restrictive MDM measures have been deployed, Gartner predicts.
The BYOD trend threatens IT's control of endpoint computing resources, and IT will seek to establish the same type of centralized control over mobile devices that it has over enterprise PCs, for which it develops and deploys images, according to Gartner.
Putting on the squeeze
Most MDM solutions have been all-or-nothing full-device approaches to security with features such as remote kill, remote wipe, and controls over password strength, applications and data, remarked David Matthiesen, director of products at DeviceLock.
"In order to use their personal device for work, most employees are forced to sign a waiver agreeing that their data could and will be wiped by the MDM solution circumstances," Matthiesen said. "For most MDM/BYOD implementations in place, all of the personal and corporate data goes 'poof' when wiped."
However, employee response to company-managed mobile devices varies according to the business context, remarked Milia Gillespie, director of product marketing for mobile security at SAP AG (NYSE/Frankfurt: SAP), more than 5,000 of whose employees worldwide bring their own mobile devices running iOS, Android or BlackBerry OS, to work.
Employees who prefer their own devices to those assigned by corporate "are willing to accept some level of management" because of the productivity benefits they enjoy, while others may be more resistant, Gillespie explained.
In the final analysis, the employer has the right to enforce data security policies on any devices used for work, Matthiesen argued.
Hey, you! Get outa my life!
Meanwhile, employees are demanding solutions that isolate personal content from business content and restrict the ability of IT to access or change personal content and applications, Gartner said.
"Companies that employ highly restrictive or intrusive data management policies risk not only minimal adoption of a BYOD program, but outright non-compliance [with staff] using illegal devices regardless of [company] policy," said David Applebaum, senior vice president of marketing at Moka5.
Possible technical solutions
Some security technologies, such as Samsung's Knox, provide on-device containers that separate users' personal and business data, and MDM manages the container, Gillespie said. However, there is a "strong negative impact" on the user experience because users have to log in separately to the different areas.
Wrapping apps is an alternative approach that is gaining momentum because it provides "the strictest security without impacting user experience," Gillespie pointed out.
Moka5 provides a highly secure container that runs a fully managed and secure corporate image impermeable to the underlying host or the data and apps resident on the host, Applebaum said.
DeviceLock's approach forces all BYOD devices to connect back to corporate portals hosting virtualized Windows sessions to access data and published applications that are not allowed to be stored on the device, Matthiesen remarked.
App wrapping and container technologies will rack up more than 60 million mobile workspace management subscribers by 2018, ABI predicts. However, app wrapping will win out because of its perceived simplicity.
Managing the process
SAP recommends enterprises put together two core documents when starting a BYOD program -- an electronic consent form and an acceptable-use policy, Gillespie suggested. "Include users in your testing from Day One," she continued.
Be very specific about what IT can and cannot see and do, Moka5's Applebaum said. Also, create security tiers that let employees stay with their preferred level of monitoring, and use data containers that separate work and personal data.
However, Gillespie pointed out, "Often, IT loves the containerization approach but users revolt and won't use it." Pilot a small-scale BYOD project first to gauge users' reactions.