By Abdulaziz al-Helayyil/Riyadh


The launch of Apple’s first iPhone back in 2007 was an important agent of change for the mobile industry, forcing competitors to rethink their very understanding of mobility. Seven years on and consumers now queue in the streets to get their hands on the latest models, but the impact of the iPhone revolution stretches far beyond the home and into boardrooms across the world.
Indeed, the emergence of the iPhone and subsequent introduction of the Android operating system have transformed the way in which businesses the world over address enterprise mobility.
Prior to the introduction of the iPhone and Android, organisations typically required their employees to utilise one mobile device and service.
In the majority of cases, this was the almost-ubiquitous BlackBerry and its requisite BlackBerry Enterprise server. But as BlackBerry handsets fell behind the capabilities offered by Apple and Android smartphones, employees increasingly began utilising their own personal devices for work purposes instead of their corporate-issued BlackBerry. And so began the era of “Bring Your Own Device” (BYOD).
What started as senior executives unofficially pushing the boundaries of their organisation’s own procedures quickly gathered pace, and IT managers were soon left with little choice but to draw up formal BYOD policies in order to protect the integrity of corporate networks and security of sensitive data.
The effect on the market’s composition is clear to see, with IDC forecasting worldwide shipments of employee-purchased smartphones for business use to reach 328.4mn units by 2017, growing by around 30% per annum.
In contrast, shipments of corporate-liable devices will total 88mn, expanding at a rate of “only” 11% per year.
The overwhelming motivation for organisations looking to embrace the BYOD trend is a reduction in capital expenditure, with 75% of CIOs surveyed by IDC asserting that BYOD has saved them money. However, the concept also brings with it some fairly major challenges, so it’s important for organisations to fully understand what they are letting themselves in for when they open their doors to employee-owned devices.
Indeed, despite the clear interest that exists from a bottom-line perspective, I often receive divergent responses from Middle East CIOs when I ask them about BYOD. Some are firmly on board with the concept, viewing it as a positive development that allows employees to work with the devices they’re most familiar with, thereby improving productivity.
Others, meanwhile, are much more sceptical, viewing BYOD as inherently dangerous. So are such fears justified, and what – if anything – can be done to assuage them?
The primary BYOD-related issue facing IT departments is security, with 72% of CIOs identifying this as their major concern. Not surprisingly, the most common company policy regarding BYOD relates to the installation of device management software, and agreements allowing for the wiping of lost devices are increasingly becoming a staple of BYOD security policies.
And while security will undoubtedly remain an ongoing concern, I expect other issues relating to break/fix procedures, activation, purchase, and the suitability of a device for enterprise use to take on greater importance as BYOD adoption increases.
Given the prevalence of these issues, it is clear that the era of ceding control to the end user is over. While BYOD implies that employees have unlimited freedom in choosing and utilising their own device, the reality must be a much more conservative experience.
Indeed, simply allowing employees to use any kind of smartphone for work is a recipe for disaster. IT managers need to set boundaries and limits or risk losing the benefits that mobility can deliver to the enterprise, and for this reason I strongly advise them to deploy a white list of approved devices from which employees can choose.
There are a number of fundamental capabilities that any white-listed handset must possess. From a security perspective, these include VPN support, SSL for Web and intranet access, remote wipe, and strict password enforcement, while in terms of user practicality, Exchange ActiveSync should be available for e-mail, calendar, contacts, and tasks.
A Wi-Fi client that supports VoIP is always a bonus, and support for viewing and editing documents, spreadsheets, and presentations is an absolute must for any self-respecting business-use phone.
Other potential areas to consider are battery life, stylus, and compatibility with other devices, including tablets and PCs.
To further protect themselves, organisations should not allow new smartphone designs (as opposed to new versions of smartphones that have already been on the market) on their approved device lists until the products have been on the market for at least six months.
It is also important for any formal policy to carefully articulate who owns and controls the corporate content that resides on a BYOD smartphone.
And another issue that is often overlooked is exactly who owns the phone number; this should be clearly defined as part of a signed agreement between employer and employee so as to avoid any dispute when the period of employment comes to an end.
The challenges are seemingly endless, and I advise IT managers not to put all their eggs in the BYOD basket.
While it may be the current preferred approach for delivering the advantages of mobility to the enterprise, it is important to recognise that the mobile ecosystem is rapidly evolving and what is relevant today can become less relevant overnight.
Given this reality, organisations must remain prudent in regards to all aspects of BYOD deployment, as the potential for disaster is always lurking just around complacency corner.

♦ Abdulaziz al-Helayyil is regional director for Saudi Arabia, Kuwait and Bahrain at IDC.

Related Story