One thing I've learned over the years is that whenever you read a news article, you should ask yourself what the writer of the article wants to be true. This week, MIT's Technology Review published an article titled "IBM Faces the Perils of 'Bring Your Own Device'". In this case, the fact that the article title contains the loaded word perils gives you a good idea of what to expect.
The article explains that IBM is struggling with the fact that the devices employees provide themselves aren't under IBM's corporate control and might not meet corporate security standards; as a result, the company has taken some fairly draconian steps, including disallowing the use of Apple's Siri, file-transfer services such as Dropbox, and cloud services, including Apple's iCloud (and, I assume, both Google Drive and Microsoft's SkyDrive). The article makes it sound as though IBM is reluctantly taking these measures because of the Scary Bad Things out there on the Internet.
I don't mean to pick on IBM; I'm sure the company's CIO and her entire 5,000-person department (!) are doing their best to balance IBM's interests in protecting its internal networks from compromise and safeguarding the company's intellectual property with users' needs for access and convenience. Organizations of all sizes are facing many of the same issues, although IBM is better able to address some of them for two reasons: IBM is a large hierarchical company, and it has lots of money.
A more pertinent question to me is why, exactly, anyone is surprised by this so-called struggle. It's just history repeating itself. There's a long tradition of Bring Your Own Device (BYOD) behavior, running back at least to the early 1980s when Apple introduced the Macintosh. Ask anyone who's had to smuggle their Mac into work and then deal with smug "we don't support those" comments from their IT department. Or think about the millions of workers who access corporate networks every day from their personally owned home computers or laptops: If that's not BYOD, then what is?
A couple of different arguments lurk behind this question. One argument is that the company has the responsibility to provide adequate tools to its employees to do their jobs. If the old standard of a company-provided BlackBerry device (or whatever) is no longer sufficient, update to a new standard; if employees are bringing their own devices, that's obvious evidence that the company's IT is falling behind the power curve. There are problems with this approach, namely the cost and the fact that if the company owns the device, they get to control it. Individuals get a lot of benefit from having a single device that contains all the data they need for both work and personal use, but employees might be loath to put personal data on a company-owned device.
A countervailing argument: Employees who don't like BYOD-related security restrictions are free not to use their personal devices to access corporate resources. When I look at my coworkers who have dumb phones (oh, wait, I'm sorry; we're supposed to call those "feature phones" so they don't feel bad), I'm sometimes envious of the fact that they have an easy excuse to avoid checking email, filing bugs, and so on, outside of work hours: Their devices can't do it. Whether this is a realistic envy or not is hard to say; the ability to quickly access email, calendar data, and so on, from a mobile device has often saved me a lot of time and inconvenience. (In fact, I once wrote an UPDATE column on the keyboard of a Palm Treo while at Walt Disney World because I'd forgotten to tell my editors I was on vacation . . . sad but true.)
It's more instructive, though, to look at what companies have done to solve existing BYOD problems with laptops and home computers. Network access controls, health checks, and innovative solutions such as Microsoft's DirectAccess are making it easier for companies to regulate which machines are allowed to connect. Outlook Anywhere, and now Exchange Web Services, showed that it was possible to provide meaningful access to information without requiring a full-up network connection. The state of information protection for BYOD computers is still behind what we currently see for mobile devices -- where's the button to remotely erase my stolen laptop? -- but that's an improvement that will come in time.
Also in time, mobile device management (MDM) will evolve to provide better solutions. Why hasn't it evolved already? There are already companies such as AirWatch, Good Technology, and Zenprise that are providing solutions to address many of these challenges, but these solutions require time and money to implement.
The most interesting point from the article isn't the fact that IBM is struggling with controlling devices that don't belong to them. It's that Technology Review, and many other trade publications, present this struggle as unusual or even dangerous. It's been cast as a titanic battle between users and employers, or between valiant IT staff and evil hackers. But it's not; it's just the evolution of technology, something we're all familiar with. Calm down, have a snack, everything will be fine.
Writing this, though, has made me curious: What are the biggest mobile device management challenges you face with Exchange? If you could ask Microsoft for new MDM features in Microsoft Exchange Server 15, what would you ask for and why?
