NEW YORK — Many IT managers are scrambling to control the influx of personal smartphones and tablets in the enterprise. But they might want to focus more on applications and data.
That was the message from analysts at this week’s Interop New York conference, where the consumerization of IT was a major topic of discussion.
“The device is just a detail,” said Andrew Borg, senior research analyst with the Aberdeen Group. “The real risk to the security of organizations relates to the data.”
Mobility: ‘At the center of IT planning’
Mobile devices are proliferating in the enterprise in a variety of ways, although most are part of the bring-your-own-device (BYOD) phenomenon: employee-owned smartphones and tablets being used for business tasks. Some organizations will also buy and support specific, corporate-sanctioned devices for employees.
Regardless of the approach, CIOs and IT administrators usually start by choosing which devices they’ll support. Oftentimes, these decisions are made based on which devices are most popular. But analyst Craig Mathias, principal with the Farpoint Group, said organizations should start with their data needs — security, manageability, application requirements, etc. — and then choose to support the devices that best meet those needs.
“Mobility today is at the center of IT planning,” Mathias said. “If it’s not, something is wrong.”
Focusing on data also helps organizations deal with other consumerization trends, such as the use of Dropbox and other unsanctioned cloud services to store corporate data.
“If you don’t think your employees are already using them and putting data there, you’re missing the boat,” said Brian Katz, director of mobility for Sanofi-Aventis, a 125,000-person pharmaceutical company.
More devices, more complexity
Historically, organizations have developed mobile strategies by asking three questions, according to Philippe Winthrop, managing director of the Enterprise Mobility Forum: Who should have a device? What applications should you mobilize? And what devices should you use?
But with BYOD, IT pros no longer have the only say over who has devices and which devices they use. That means they should focus on making the right applications available to the right mobile users, regardless of device, Winthrop said. But he warned that it’s not an easy task to accomplish.
“You may be having multiple platforms over multiple form factors,” he said. “The complexity … is astounding.”
Another problem with this vision of “endpoint independence” is the reliance on an Internet connection, said Paul DeBeasi, research vice president with Gartner. Organizations may consider Web apps as an alternative to developing applications for so many different devices, but with Web apps, “there’s an implicit dependency on connectivity,” DeBeasi said.
“Even with 4G, there’s a lot of variability,” he added. “These are shared networks, and they’re dependent on population density and usage and the like.”
Walking the security tightrope
Despite the focus on BYOD and the consumerization of IT at Interop, some experts said IT won’t give up so much control without a fight.
“There’s still a significant portion of the [IT] population out there that believes they need to own and manage these devices,” said Bob Egan, managing director of MGI Research.
But Sanofi-Aventis’ Katz warned that managing these devices too tightly could have adverse effects. If IT limits their functionality too severely, users will look for less secure ways to go behind IT’s back.
“Security’s got to learn to compromise with the business and figure out how secure is secure enough,” Katz said.