In June 2010 a customer was starting to mull the idea of a “Bring your own Device” (BYOD) policy. There are various interpretations of this but it’s been certainly been driven by the huge growth in smartphones and tablets in the enterprise. A story familiar to you all: CxO of your company is a “technical” and brings into the office Foxconn’s finest fondleware. Suddenly it’s your number one priority to “increase the productivity” of this shiny-haired buffoon by allowing him to strut around the place with a rare-earth vanity mirror Facebooking his Mum or what-not. I’m going to focus on the whole practicalities of access and network access control in a future blog, but as you may suspect, I’ve got a bit of an issue with these policies and what it means to the enterprise and the poor sap whose job it is too keep the data where it’s supposed to be and looked at by whom it’s supposed to be.
This customer was discussing the possibility of in lieu of issuing standard Wintel Laptops, employees would be offered a stipend of circa £400($500)/year to allow them to purchase a device of their choice, be it fruit-flavoured, Robot Penguin or just a regular “Grandpa Box”. This fund was designed to cover the entire cost of the device, including productivity software, support etc. The vision was that this would massively relieve the burden on support departments as they wouldn’t have to mess about supporting and setting up these Windows devices and worrying about patching it and rebuilding it etc.
A more common “BYOD” policy is just too simply allow users to bring in their personal devices and at the very least, allow them to “leach” from the company internet break-out. In no particular order, my issues are as follows:
- The management of Wintel devices is very well done. Microsoft is Good at this. Even the standard AD GPOs allow a huge amount of control over every aspect of a corporate issued desktop or Laptop. For the gaps where the “free” tools aren’t good enough, there is a huge ecosystem 3rd party tools which can go even further. With the possible exception of Blackberry, all other fondleware providers have either completely excluded this from the design or rely on 3rd parties. Whilst vendors such as Juniper, Check Point and Good Technology all have device management solutions which cover the most common variants, there are huge discrepancies in terms of the features which can be offered. They mostly rely on the uniformity on the platform to ensure that nothing bad can happen, but the built-in security on all platforms has been broken, usually within hours of the Beta SDK release, limiting the strength of this controls.
- Corporate data is going to end up in these devices. Be it at the very least the synced mail, but especially on a OS which expose the file system and have a half-way usuable office suite, more serious amounts of data is going to be exposed. Whilst file system encryption is available for some platforms, it’s sketchy and not usually integrated into corporate tools. These things get lost/stolen/dropped down manhole covers all the time.
- Actual Billable Productivity. My other worry is how much productive works actually gets done on a tablet. Right now on my laptop I have about two browser Windows with about 20 tabs open, two IM clients, a photo editing application (a proper one), Excel, Word, Full Outlook, Notepad++, a “proper” terminal client and about four PDFS’ open. I switch between them constantly. Most days you could add to that a 3rd Browser, MS Project, Wireshark and random other diagnostic/analysis tools. I literally could not do my job with anything less than a full blown “Fat” operating system which I had complete admin privileges on. Whilst I appreciate that there are cut-down equivalents in the various app stores, no one platform has them all or implements task-switching as well as I need it to be. Furthermore, I can type significantly faster than I can usually think, a task I find almost impossible on a capacitive touch screen. I hear you cry: “get a Bluetooth external keyboard!” But what’s the point? I’m sorry but if I’ve got to haul around an external keyboard with a tablet, then what I’ve got there is an even-less useful Netbook PC. I really wonder how many jobs/roles in the public sector can actually be usefully performed using a device which has the following:
- A cut down web-browser which renders properly about 50% of Internet content
- Complete dependence on reliable and “free” network access
- A “productivity” suite which is about as advanced as MS Works Circa 1999
- A really, really good Facebook Client (really, don’t get me started on Facebook)
- Provision of Enterprise Applications. If your users are providing their own devices (or if you are paying them to do so) you don’t have any control over what they are running on their devices, or what data they are storing. Again, device management tools exist but they are very fragmented and dependent on what the platform is capable of/What Steve Jobs says(said) is Ok with him. An example; end-user brings in his “Bargain” £99 HP TouchPad and demands access to the CRM which he needs to do his Job. Guess what, there is no client for WebOS. Just a very limited iOS one. Problem solved! Use Terminal Services/Citrix/VMware View, nice idea except:
- The users don’t like having to login every time
- There is no thin client for that platform or even worse:
- There is and your CRM GUI extensively uses the right-mouse button
- Pretty much every organisation going to have at least one non-office suite application which is core to the business; if you are lucky it MIGHT be web based and supported by standards-based browsers. However it’s more than likely that it was designed for a single platform (probably IE6) and none of the pages render properly on Safari or Chrome. If you are REALLY unlucky the custom extensions you’ve made to Oracle forms don’t work at all and it’s going to cost a king’s ransom to upgrade the code, because at the time the CRM was developed Steve Jobs was still working for NeXT.
To show that I’m not a complete Luddite, I actually own a Samsung Galaxy Tab 10.1 running Honeycomb, certainly one of the slickest tablet implementations currently around. Of an evening, I play with it for a bit, maybe check my mail or Twitter feed; maybe play a couple of games then I put it down and get my laptop out for some “proper” work. It stays at home, where it’s was designed for. I don’t bring it into the office. No point.