Consumerization step 2: Focus on policy-based governance
This may seem obvious, but it's usually a big gap for companies to bridge: Develop policies to govern how consumer technologies can be used in the workplace, and deploy an asset management strategy for company-owned objects such as PCs and mobile devices.
Yes, consumer IT is largely about giving people freedom to choose devices and applications. But without a cohesive policy in place, anarchy can result.
"The majority of IT departments feel powerless when it comes to consumerization or any aspect of bring-your-own-device," says Barb Rembiesa, CEO of the International Association of IT Asset Managers (IAITAM). But governing policies, strong processes, and proactive guidelines will give organizations the ability to move into a consumer IT environment while bringing value instead of adding risk and cost.
Also, think about deploying IT asset management systems to control risk and ensure financial return of company-owned technology goods. After all, you own them because you have an explicit expected benefit or payback, or a specific security need that moved you to mandate that tool.
Your standard deployment process for technology may not accommodate the management of consumer technologies. For example, the Austin Convention Center found that its IT-initiated approach of adding a mobile device to a Windows domain and adding user profiles didn't address the casual nature of BYOD usage. The IT department had to start from scratch and determine how it was going to manage equipment, yet still comply with the City of Austin's IT security policies and procedures under which it operated.
In the end, the center wrote a new deployment policy that centered around educating users on the do's and don'ts of device usage, Gonzales says. This is also how the center goes about segmenting company data and personal data on devices: by educating users about how not to mix the two.
IT also took responsibility for the initial setup of devices, so it could control app deployment on them.
Consumerization step 3: Implement mobile device management
Mobile device management (MDM) software secures, monitors, and supports mobile devices. Typical functionality includes app distribution, configuration and enforcement of access controls, and -- for higher security environments -- imposing usage requirements, such as disabling the camera or limiting Wi-Fi access to specified access points. Such software -- and the policies they execute -- apply to both company- and employee-owned devices.
Consider the experience of furnishings company Holly Hunt's iPad trial, where a few sales staffers used Apple iPads on visits to client sites. During the pilot, the company discovered there was no way for IT manage the updates of iPad applications without going through an iTunes account. That meant it had to have one corporate iTunes account for each device issued and users had to periodically send their device in for the company to update with the PCs running that iTunes instance.
This was an operational nightmare, says Neil Goodrich, director of business analytics and technology at Holly Hunt. Instead, the company decided to shift to a BYOD model for the sales rollout, eliminating the concern about IT needing to keep devices current. Users took that responsibility, aided by iOS's application alert system.
Holly Hunt also deployed MDM software, so it can blacklist certain applications where appropriate. It can also remotely wipe data and deny network access to devices that do not adhere to corporate policies.
This strategy gave the company what it wanted with its mobile strategy: Users can self-update their personal devices and get the full utility from the one device for both their personal and work need, and Holly Hunt can protect itself against risks such as lost or stolen devices.
In addition, MDM software allows for multiple profiles, so the company can have one profile for employee-owned devices and other profiles for corporate-owned devices, which it uses in its warehouse and fabrication facilities. Other organizations implement such multiple profiles to vary permissions and privileges based on users' roles.