BYOD stands for “Bring Your Own Device,” and is a constant source of prose and discussion for IT technology vendors and consultants. The “bring your own device” phrase refers to employees who bring their smartphones and tablets to work, and who wish to use corporate networks to get to the Internet — and sometimes, even to use their personal devices to access corporate resources. In the past quarter I’ve heard vendors who offer network management and security platforms and services bang this message out in strident tones, urging their customers to buy solutions to help them deal with this onslaught.
That’s why I read a recent survey from placement and services firm Robert Half with great interest this morning. It’s entitled “NO ALL-ACCESS PASS:…Only One in Three Firms Allows Employees to Access Company Networks Using Personal Smartphones or Other Devices.” Published on May 8, the results stem from 1,400 phone calls placed to randomly selected companies with 100 or more employees, and targeted those organizations’ CIOs to pose the question “Do you allow employees access to your corporate networks via personal laptops, smartphones, or tablets?” Only one in three (33%) of respondents answered in the affirmative, the other two of three said “No.”
I find myself wondering if a follow-up question might not have also made sense — namely, “Do you provide employees with guest, DMZ, or other segregated Internet access at work so they can use their personal laptops, smartphones, or tablets to access the Internet outside your corporate network boundaries?” As an occasional consultant and expert witness, I visit regularly with major corporations and law firms, and I have yet to find a single one of them that doesn’t make some kind of Internet access available to me on their premises.
It’s not hard to understand why CIOs don’t want unvetted devices roaming their networks. My guess, however, is that BYOD is too formidable to be stopped and that many firms will provide internal VMs that employees can access through secured channels from their own devices, even though they may not permit those devices to access their networks directly. This lets firms secure those VMs and impose policy constraints on what users can transfer from their own devices across the network boundary (or vice-versa).
If the Half study had included businesses with less than 100 employees, I also have to imagine they would have found the ratio reversed — namely, two thirds of them permit employees to use personal devices, and only one-third do not. Many of the smaller concerns I’ve visited in the last two years have proudly showed me how they use mobile apps to interact with employees, customers, and partners. At others, I’ve seen executives using their personal iPads as their primary workstations in the office, and their main computing platforms away from the office.
My gut feel is that virtualization and security technologies — including VPNs, virus screens, content and URL filters, and so forth — will be able to provide access to users who wish to work on their own devices. It’s just that those devices will essentially act like carefully sandboxed thin clients whose only job is to ferry input from user to a virtual machine or terminal server somewhere, and to display screen updates that result from such input. Everything else will stay inside the corporate network boundary, and only transient information will pass through personal devices for viewing and immediate use, rather than residing outside the confines of the corporate security perimeter.