MDM will break your BYOD
Leif Bildøy explains how overzealous mobile device management can eliminate the benefits
Mobile device management (MDM) vendors have long touted their ability to lock down – and essentially cripple – mobile devices in order to safeguard enterprise information assets. It is clear that there are use cases where this is required, but it is the wrong prescription for BYOD.
This is because MDM starts with the premise of asset management, which assumes the asset belongs to the employer. This contradicts the concept of having the employee own the device. In effect there is a joint ownership: the enterprise owns some of the apps and data, while the employee owns the hardware.
The implication is that enterprises can no longer dictate the rules and policies; they need to reach a consensus with their employees on a number of areas. Can device characteristics such as location be tracked out of work hours? Can all device data be remotely wiped?
Can you require an employee to type a cumbersome password to take family photos? In most cases, the common sense answer is no. This is fundamentally different from the situation with corporate-issued devices in the heyday of BlackBerry, when the enterprise had full access to all aspects of the device and its capabilities.
From the employee perspective, that was reasonable, as it was the corporation that owned the device and software. But it is unreasonable to cripple someone's personal device when you are not the owner.
So to be effective, the BYOD scenario needs two things: transparent usage agreements and a modern approach to application architecture.
First, the enterprise needs to reach consensus with employees about what is acceptable access and how the device should be monitored. In the future this agreement will increasingly be skewed towards maintaining the privacy rights of the individual device owner, which means the enterprise must trade off increased risk of information loss against higher productivity.
By allowing employees to discover and explore new apps and tools that they can use on an anywhere, anytime basis, you tap into a pool of benefits such as increased productivity and better responsiveness, leading to reduced downtime and improved employee engagement and satisfaction.
Second, part of a good BYOD solution is to build your enterprise applications with a mobile back end that provides security and processing of data. When building mobile-enabling infrastructure, common challenges arise around identity, security, API adaptation, optimisation for mobile devices and integration with outside notification, cloud and social services.
The mobile back end should also support a number of development models: native, hybrid and HTML5. Native development quickly fans out to include iOS and Android variants at a minimum, with BlackBerry 10 and Windows 8 as optional for diehards with a big budget.
The only way to efficiently support all OSes and device models with diverse needs requires policy control to be managed by the back end.
A good principle is to limit the amount of sensitive data-at-rest on the device and access data through the back end only when needed. Our customers are trying to handle these issues every day. We see them being increasingly careful with how they build and design their applications.
Modern mobile apps have a split processing profile, which involves some processing on the device, some in the enterprise datacentre and some via cloud services. This hybrid model allows you to limit data-at-rest on mobile devices and access data dynamically via APIs deployed behind a low-latency mobile access gateway.
If local data storage is truly necessary, data-fading features can be built into the apps. Asserting control over data and applications at a device level is a thing of the past and unacceptable to modern corporate employees.
Leif Bildøy is product manager for mobile at Layer 7 Technologies