It is interesting to see people carrying tablets to meetings, but is it really helping them be more productive? There is the other question of 'need' versus 'want'. Today it is a 'want', but tomorrow it is going to turn into a 'need', just as we saw with the mobile phones. This phenomenon is affecting how IT manages the networks and the additional personal devices on them.
Many CIOs are fighting to keep the personal devices away, while some are embracing the phenomenon and helping drive organizational productivity and effectiveness. As the BYOD trend accelerates, CIOs should think of 'how' to support and enable them effectively (with corporate security as well as employee privacy in mind) rather than 'whether' to allow them in the first place.
Let's take a step back in time to an era when Internet was becoming popular. Majority of what you could find on the Internet was not very useful. It was either personal opinion or entertainment. At that time, most companies banned the use of Internet by employees at work since they felt that it was a productivity killer. But, then, as the Internet matured and became an information super highway, and the material on the Internet became more useful, corporations opened up the gates since everyone saw the benefits. Nowadays, one cannot live without the Internet. All the user manuals are on the Internet. All the company SEC filings (like 10k) are on the Internet. All trade publications are online. There is no need to walk to the library anymore.
Coming closer to when the iPhone was introduced, the same cycle repeated. Everything that was initially available on the iPhone was for entertainment and consumption. So, naturally, corporate thought that it would be a time sink to provide employees with an iPhone. As the Eco-system matured for smart phones, everyone realized the value it can bring to the table: employees checking and responding to emails from anywhere, sales people checking their accounts and closing sales on their phone, looking for information on the Internet, accessing and viewing documents from anywhere and so on. Now, we are at a point where not having a smart phone is seen as counter-productive.
The same cycle is repeating again with tablets. When the iPad was introduced, it was seen as a device for entertainment and consumption. As more tablets are entering the market, companies are developing productivity applications and coming up with all kinds of innovative ways of using them.
Whether IT wants it or not, tablets are here to stay and their presence will only grow in the workplace.
So, what can the CIO do about this new phenomenon?
People extensively use smartphones at work. Some are employer provided and others are personal (BYOD). People use them to access work related information some of which could be confidential and secure data. I still see that many companies do not have a well defined policy when it comes to usage of smart phones. Companies define how they should be used and that they will be wiped if stolen/lost. But, when it comes to firmware upgrades or OS upgrades, IT is nowhere in the picture. When it comes to Apps, there are no set policies on what can/cannot be installed. Everyone is aware of viruses and malware that are rampant on personal computers. What people do not realize is that the same is becoming true for smart phones (recent report). If your smart phone is infected (by an App you downloaded, or by some activity), the company data could be compromised. There are no guidelines on protecting the smart phones.
The same holds good for tablets too. When an employee brings a personal tablet to the workplace, they are breaching the security of the company. The employee can access corporate data on the tablet, and they can also install any Apps that they desire. This can cause serious issues for the IT department from the corporate security perspective.
Majority of the personal devices are not secure. Compare it to the company provided computers. The corporate IT always makes sure that the latest patches to the OS are pushed to all the machines and they are up to date on the anti-virus. This ensures that there is a commonality amongst all the computers. IT recognizes the threats and secures the respective patches and applies them. How many of us regularly apply patches to our mobile phones? How many of us are even aware that new updates are available to the OS as well as the firmware for our personal mobile devices? Not many.
The other big issue is the difficulty of keeping track of devices accessing the corporate network. This can become a nightmare to the IT department. Plethora of the mobile devices (and the ever changing landscape) also means that there is no standardization of the devices or the OS or the form factor or the applications running on them. Jail broken devices could enter the fray.
One way to circumvent the security issue is to allow connections only through remote desktop. Do not provide direct access or VPN to the company network. Employees sign that their device is monitored by company and can be erased in case of misuse. If you do not agree, do not bring your own device to work.
Benefits are not just the company saving on its costs, but increased employee engagement, organizational productivity and increased innovation. Employee satisfaction will be high due to the ability to choose their own device, especially in these days of a glut of mobile devices. Mobile devices are becoming more and more powerful and more enterprise applications are being offered on them. It is paramount that the CIO and IT decision makers embrace this and capitalize on the opportunity, rather than shun it. But first, they have to craft a solid policy around all this.
