At a packed IT Leaders Forum gathering in London in early December, industry experts reflected on how far enterprise mobility has come in the past few years, and the direction practice and policy must take as we move into 2013.
The BBC, explained CTO of the organisation John Linwood (pictured), has been on a four-year journey to “allow more and more” office services on employee-owned devices.
An initial rollout of laptops to employees tended to prompt the question, “Why are you giving me this? I’m just going to lock it in the cupboard every night”. However, a subsequent iPhone deployment resulted in an almost immediate clamour for data portability, and Linwood said his team is now “under pressure to support a vast range of tablets and mobile devices”, with Android and iOS devices “the two front and centre [platforms] for us going forward”.
Intel, explained the company’s global support engineering and business operations manager Jeff Kilford, believes smartphones have cleared a path for more “productivity-focused” personal devices.
“The past couple of years were all about the smartphone device being prevalent in BYOD. We managed to build a policy there, and an infrastructure, so now we have tablet and ultrabook devices enjoying the same service. All the hard work is pretty much done,” said Kilford. “And as we transition into next year with more touch devices available, we’ll find people can do pretty much whatever they want to do.”
But supporting a wider range of increasingly versatile BYOD devices can throw up some complex security issues. This is why firms that handle very sensitive data like HSBC continue to tread carefully.
“Within HSBC, I think it would be fair to say we’re playing catch-up with other parts of the industry,” said head of research and development, global banking and markets technology, Barry Childe.
“A big driver for us has been the availability of information we use on the mobile devices, and behaviour of our customers. In the area of market data in particular, we’ve seen a lot more move in the direction of internet or transactional-based portals, we’ve seen a lot more global-type business, and we need to be able to work within that new ballgame. But the challenge for us is obviously to secure the information.”
For Childe, the danger posed by mobile devices’ vulnerability to hacking and theft is still not being adequately addressed by security vendors. But while Childe might like to see more robust mobile device management technology, Linwood believes that in his industry, too tight a security regime can be problematic.
“When I joined the BBC four years ago, the desktop was locked down as it is in most corporates, and you couldn’t do anything with it except run applications already on it,” said Linwood.
“So journalists went out, they bought their own laptop and put Gmail and Skype on it, they forwarded their BBC email to Gmail, and suddenly you had completely unsecured, unencrypted laptops with confidential information being left on planes and trains and buses.
“It was all because we tried to be too secure,” said Linwood. “So you have to take the pragmatic line that recognises that your users will fight their way around it, so you have to find an answer.”
Both the BBC and Intel agreed that data security training is vital. The BBC goes to great lengths to educate employees about the value of data. For example, Linwood said staff need to be constantly reminded that using a service like Dropbox does not involve simply “moving data from a PC to tablet or phone, but that that data is now sitting in a datacentre on the other side of the world, under the jurisdiction of another government”.
Kilford said that at Intel, company information is categorised as “top secret, secret, confidential, important and so on; there are certain echelons of information that never move to devices”.
But the key issue, he added, is deciding which category of employee should be given BYOD privileges.
“Execs are the worst place for BYOD technology to start,” said Kilford. “They have all the secrets, and they’re very gung-ho.”