Here are ways to avoid wasting your time and money on those selling you faux BYOD:
- Make sure they practice what they preach. Are they using iPhones, iPads, and Androids broadly? Are they using them in the same ways you want to? Or do they have a few pilot deployments or implement BYOD in effectiveness-killing ways such as disabling copy and paste from email or restricting users from installing their own apps? (Yes, in some cases, these are good things to do, such as if you're managing spies, but they should never be the norm.)
- Make sure they are adding value. For example, dozens of MDM companies offer a management tool for the basic Exchange ActiveSync (EAS) policies built into Microsoft Exchange. You already have that management capability baked into Exchange (on-premise or hosted, including in Office 365), and can get it in the corporate and government versions of Gmail. IBM and Novell offer EAS capabilities for their email servers. Don't buy it again.
- Make sure they are enabling users, not promoting "no." Consultancies and tech providers should be able to show how they can make your users more productive while keeping your risk levels acceptable. Unfortunately, many play on your fears, saying mobile devices are less secure because employees are likely to lose them. That's false -- analysts tell me that employees are less likely to lose mobile devices they own, as well as the laptops they own. The fact is, the more you wrap mobile devices into security straitjackets, the less secure you are and the higher your costs go. And the less productive your employees are.
MDM by itself is not enough for effective BYOD
The good news is that mobile device management tools are well proven in all sorts of industries, including highly regulated fields such as health care and financial services. There are simple ways to handle tech support for the new generation of mobile devices; plus, it turns out that iOS devices at least are cheaper to support than the traditional BlackBerry. One lesson SAP learned is instructive, and I've heard the same finding from vendors offering mobile support tools: Issues around 3G and 4G cellular networks -- slow speed and inconsistent availability -- form the bulk of employee support questions, even though IT can't do a thing about the carriers' networks. What IT can do is educate users that cellular networks aren't as reliable as corporate networks and design apps to better handle latency and intermittent connections.
The bad news is that the MDM tools don't handle the whole picture. MDM tools work mainly with mobile devices that access corporate email, whose servers validate devices and apply management policies to them. But MDM tools don't address devices on the corporate network that aren't accessing email (nor those accessing email only through Webmail), so effective BYOD management also needs to involve the network in a way that goes beyond the traditional "unguarded inside the building" approach practiced by most organizations.
Also to be figured out is the role of mobile application management (MAM). Right now, this label refers to many things: designing HTML5 apps so that their contents can be managed and secured, managing and distributing native corporate apps on users' mobile devices, and managing commercial apps and their access to content and corporate resources. Then there's the question of whether you should have a corporate app store and how to deal with commercial app stores. There are tools for some aspects of these needs, but there are certainly nothing like best practices yet for what, how, and when to manage mobile apps. Those will begin to develop in 2012, I suspect.
BYOD will evolve beyond mobile devices
For many organizations, the consumerization-of-IT phenomenon and the BYOD phenomenon are one and the same. They are not, though BYOD is the most visible aspect of that larger shift. As companies realize the scare stories about BYOD have not materialized and start to look at how to gain more benefits from the iOS and Android devices that BYOD has let users force into the business, you can expect the "let me choose the technology" trend to grow beyond mobile devices.