Low MDM adoption is a sad comment when you realize that Microsoft Exchange's built-in Exchange ActiveSync protocol offers good first-line-of-defense protection right out of the box to any device that tries to access corporate email. Exchange is used by about two-thirds of all businesses. The current version of IBM's Lotus Notes also supports it, as does corporate Gmail and, through an add-on, Novell GroupWise.
All IT has to do is turn it on to block devices that don't support the basics such as having passwords, encrypting on-device data, and the like. That will cover at least heavy users. Of course, as Herrema points out, users can still access the Outlook Web Access (OWA) website login page to get around the EAS policies unless IT sets up Exchange for explicit mobile Web browser detection in OWA.
Also, EAS policies won't help protect against users who don't access corporate email but do sign onto local wireless LANs. But there too it's not difficult to implement basic protection such as PEAP that corporate networking gear typically supports; such protocols help filter out the least secure devices with little effort.
John Herrema isn't surprised to hear about the high rate of hidden Android usage. He's senior vice president for corporate strategy at MDM provider Good Technology, and notes that many IT organizations lack a comprehensive approach to device management. Even if they use MDM tools, they're not thinking about other network routes such as wireless LAN or OWA access. Users find real value in mobile devices, so they use them. "If you don't define your BYOD policy," he says, "your users will do it for you."
My head is still reeling from the contradictions: There's so much fear and doubt about mobile devices putting businesses at risk, yet most businesses don't bother with the inexpensive basics. ZScaler's Chaudhry says most companies are still figuring out their policies, but it seems unconscionable to me not to cover the simple basics during that longer-term planning period, especially given the ease of deployment. I don't believe in overmanagement of mobile devices, but a blind free-for-all is also wrong. Perhaps it's not the BYOD users who are the problem that businesses need to worry about, but slow-moving security and IT managers.
The reality is that modern mobile devices -- meaning iOS and Android -- already are normal equipment in business today. Whether you know it or not.
This article, "Android's secret surge in business," was originally published at InfoWorld.com. Read more of Galen Gruman's Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen's mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.