Security managers remain skeptical of BYOD [Network World]
(Network World Via Acquire Media NewsEdge) COMPANIES ARE grappling with thequestion of whether and how to let employees use their own smartphones and tablets at work even as a huge push is being made to set up internal "app stores" of approved and custom-built corporate mobile apps.
"We identified our needs, and we're planning on custom mobile apps," says Lincoln Cannon, director of sales and marketing technology at Merit Medical Systems, a maker of medical equipment in Utah.
The company has few reservations about allowing employees to use Apple iPads, including their own, to present information to business customers and allow access to cloud-based services, such as Google Docs, where product-related documents and videos are placed. While a few apps from die Apple App Store have worked out, the business has determined that to really gain the functionality it wants on the iPad to synchronize with its salesforce systems, it needs to design some apps on its own.
Merit Mobile is the first in-house customized app the technology team came up with for Apple iOS 4.0, for the salesforce group. "They open the app and it checks whether new content is available," Cannon said. It's typically used to download new content overnight so the latest information in the form of brochures, videosand more is ready for them.
Havingtoget an Apple software developer's license and certificate for designing apps was "a little time-consuming" and "painful," he notes. But in the future, if the coding is done in HTML5, there won't be the need for the Apple certificate, he adds.
Merit Medical is hardly alone in its decision to build custom apps. According to the Symantec 2012 State of Mobility Survey of 6.275 technology managers in the private and public sectors in 43 countries, 71% "are now looking at implementing a corporate 'store' for mobile applications." The report notes that 11% have already set up an internal app store for line-of-business applications.
For others in the healthcare industry, the pressure to figure out a suitable mobile strategy seems to be far more difficult to sort out. At Kaiser Permanente, with medical groups and health plans and more than 150,000 employees, IT security has held to a traditional discipline of tight controls that eschews the idea of employee-owned mobile devices. "The security group has set definite standards," says Mark Kadrich, senior security architect at Kaiser Permanente, who says bis role is to help define strategy in cooperation with a separate security group responsible for ongoing operational needs. If outside contractors, needed to connect to the Kaiser network, they have to use the Cisco Connect VPN client for Wi-Fi for example.
But the debate between bring your own device (BYOD) and corporate-owned mobile devices has now taken center stage.
"The clinicians were pushing to get iPhones and iPads, and the security group was pushing back," Kadrich says. Executive staff decided to tackle the BYOD question by setting up a Mobile Center of Excellence staffed by Kaiser employees to identity standards for what might be accepted use of iPads and Android devices, including employeeowned ones. Several hundred iPad and Android tablets are undergoing pilot tests as software and security needs are explored.
Kadrich acknowledges havingstrong reservations about the idea of BYOD, based on both cost and security. Mobile-device management (MDM) software is often viewed as a way to have some control over these devices for inventory and remote-wipe purposes, but Kadrich remains skeptical. 'Tm not convinced MDM is cost-effective or appropriate," he says.
Because the need for building custom apps for clinical and business use is apparent, the question is how to start this software- development process in a way that will enforce a high level of security assurance both in-house and with outside software developers. Kaiser Permanente is in negotiations with mobilesoftware vendors, asking them to define what processes they use to identify and track business flaws in software. This takes the process beyond the iTunes and Android store approach, in an effort to define strict coding practices for an in-house apps store. There is momentum around BYOD. and Kadrich says that one day it is likely to be a component in Kaiser Permanente's IT strategy.
Like Kaiser Permanente, a number of IT consultancies have expressed doubts about whether BYOD is cost-effective. Although it may look at first glance as though a company is saving money by having employees buy their own mobile devices, perhaps with a corporate stipend, there are management costs that may not work out to the company's advantage. Aberdeen analyst Hyoun Park notes that telecom rate plans cost less through traditional contract negotiations than through individual contracts.
As far as cost savings go, "the jury is still out on BYOD," says Joe Nocera, principal in the IT security risk practice at PricewaterhouseCoopers. He thinks the BYOD "promise of cost-savings" is largely "unrealized" today.
BYOD raises questions about security controls and how forensics will be done on a device owned by the employee, Nocera notes. He also is skeptical about how far MDM software goes to meet strict security requirements. "Its functionality is very limited," he says. "All they do is secure email fairly well."
The goal has to be securing the data on the device and having a way to validate it through risk assessments, he says. In regulated industries, such as healthcare and finance, there will be audits of these BYODs and die apps uhat are used, Nocera points out. Unfortunately businesses are thinkingabout these questions only after they've rolled out BYOD practices.
Who needs the Apple App Store?
Symantec recently asked technology managers whether their organizations have plans to roll out a private app store where employees can get officially supported applications for their moot e devices
SOURCE: 2012 STATE OF MOB UTY SURVEY ASHED THIS QUESTION OF 6,275 TECHNOLOGY MANAGERS 43 COUNTRIES
(c) 2012 Network World Inc.
[ Back To Contact Center Solutions Homepage's Homepage ]