You'd think it was 2010 with the reports and studies raising fear of unbridled IT costs, massive loss of corporate secrets, and general Armageddon, all for supporting mobile and home users. That was the year the iPhone phalanx broke through the IT barricades in the BYOD (bring your own device) movement, as enough company executives stopped backing fearful IT managers, saw the capabilities in the iPhone and Android platforms, disproportionately started buying Macs for home, and -- the clincher -- noticed the then-new iPad could revolutionize sales, customer support, and knowledge workers of all types.
For whatever reason, 2012 is shaping up as the counterrevolution, but don't be fooled: These studies are shams, designed and distributed to scare you into buying the products and services of the vendor or consultancy that paid for it. You may see an "independent" research organization credited for the work, but these researchers you never heard of are doing what they're paid to do: prove the sponsor's marketing message. Conversely, contradictory studies conveniently never get published.
[ Read InfoWorld's guide to mobile device, app, and information management tools. | Subscribe to InfoWorld's Consumerization of IT newsletter today. | Get expert advice about planning and implementing your BYOD strategy with InfoWorld's 42-page "Mobile and BYOD Deep Dive" PDF special report. ]
There are informative studies from Aberdeen Research, Accenture, Forrester Research, Good Technology, and Unisys, among others, but they explain what users and businesses are doing -- a useful service indeed. Those companies want your business, too, but not through the use of fear. Ignore those that do.
Most people think "BYOD" when mobile and consumer-driven technologies come up in conversation, but it doesn't matter much who pays for the devices. What matters is that people can and benefit from working on a variety of devices in a variety of settings, and that's the new world that IT must support, secure, and above all enable. Because mobile and other user-facing technologies are so important for corporate productivity and employee satisfaction, and because IT is already overburdened and can't afford to waste time and money remediating baseless fears, I've put together this simple guide to supporting the broad consumerization phenomenon.
Keep these three basic tenets in mind as you read through this guide:
- Any IT support, security, and enablement strategy should be as device-independent (or heterogeneity-supporting) as possible. Creating a mobile or other silo only increases complexity and risk, so use the BYOD issue as a reason to rationalize your full user-facing technology systems. For example, it's a good opportunity to dump IBM Lotus Notes or Novell GroupWise, which aren't BYOD-savvy. (Notes is also a money sink; I've never met a CIO who regretted leaving it, but plenty who regretted not doing so when a merger raised the opportunity.) It's also a good opportunity to rethink file sharing and group-based policies around information and network access. For example, you may want to abandon a SharePoint-centric strategy given Microsoft's refusal to support all the platforms that users want (Macs, iOS devices, and Android devices) in favor of a managed cloud storage service such as Box or Dropbox. Dump your BlackBerrys and the pricey BlackBerry Enterprise Server, to simplify your IT management by standardizing on a common protocol and management tool for all your endpoints.
- All risks you seek to mitigate should be real ones. Too many vendors and consultants throw up laundry lists of risks, few of which happen in the real world in any meaningful amount. I know: I've been asking for more than a year all the majors to tell me what of the risks they cite happen to any significant degree -- to help me share with you a risk profile so that you can focus your time and dollars to the greatest effect. I have yet to get an answer, which tells me the alleged risks are minor in practice. Whatever happens doesn't happen very often.
- Don't make up problems to solve. If you think to yourself while reading, "But I need to control more than he's saying," unless you can show that the cost of doing more -- the effort cost to IT, the financial cost to the company, and both the effort cost and lost-opportunity cost to the user -- is worth the actual benefit of the increase control or security, you shouldn't do it. "No" is the wrong default answer, despite the play-it-safe security you might think results. (It doesn't: Users will work around you, creating more potential vulnerabilities, or they'll do less work rather than fight the system.)