A question that crops up every so often in the forums and from readers is when can we expect a vendor certification focusing on bring your own device (BYOD) policies. Considering the multi-layered complexities around BYOD implementation, security, and management, vendor technology certification seems to be a natural step. While significant challenges remain, there have been some upstarts pointing to BYOD certification in the future.
In August 2013, Condition Zebra, an IT risk management consulting firm, announced a BYOD certification program. However, except for an article announcing the certification on FierceEnterpriseCommunications and the company's site, I can find no other references to the certification.
I also came across Bring Your Own Device (BYOD) Cisco Training from Global Knowledge, an IT training provider. The curriculum pushes Cisco Unified Access as a BYOD solution. However, the courses don't lead to an industry certification.
CompTIA added more iOS, Android, and cloud topics to its widely accepted (and vendor neutral) A+ Certification, which is another start toward a standards-based BYOD certification.
Some challenges facing a BYOD certification program include:
Lack of consistent BYOD definition
BYOD lacks a consistent definition across industries, further complicated when vendors, pundits, and analysts seize on the popularity of the BYOD and spin a definition for their own ends. Even as a writer about BYOD, I was quick to learn early on that organizations define BYOD in terms of the benefits they want it to bring to their business. Unfortunately, neither approach contributes to establishing a BYOD certification program.
Governance and Risk Compliance (GRC) have yet to act fully
Governance and Risk Compliance (GRC) programs, most notably the Health Insurance Portability and Accountability Act (HIPAA), Payment Card Industry (PCI), and Data Security Standard (DSS), could offer up a start for BYOD standards that could see a certification for IT staff tasked to support BYOD initiatives. However, these GRC certifications have a reputation for being quite slow moving.
No platform vendor involvement
Vendor approved BYOD training curriculum isn't available yet to support the mobile application development, device management, and security platforms that are becoming popular to support BYOD devices. Companies want their employees to get recognized certifications from vendors. No such vendor BYOD-specific certifications could mean the market for BYOD certification just isn't at the point where it can make money for the vendors. The time is certain to come though.
Towards an industry standard BYOD certification
Outside of the challenges I mention, we've yet to see the first big-dollar lawsuit because of BYOD. While that's not a challenge, I still rank it as a key event that will drive the need for BYOD certification.
In the absence of an industry wide BYOD certification, organizations need to define the technical skills critical to managing the security of their BYOD initiative that their IT staff requires. Certification training from CompTIA or another recognized provider can still cover your IT staff. Then augment it with vendor training or certification for the mobile device management (MDM) and/or other security and management solutions an organization has in place.
Do you see an industry standard BYOD certification in the future? Share your opinions in the comments.