BYOD: User Policy Considerations
Questions and key points companies should consider when establishing BYOD policies.
Surely I'm not the only one underwhelmed by the BYOD (bring your own device) hoopla. Haven't you been dealing with this for, oh, almost a decade when people started using their own laptops and home PCs?
Of course you have. Let's face it: The problem isn't me with my Windows-based, ultra-light (and mobile) laptop. Enterprise IT knows about that, from dealing with security to accessing back-end systems.
No, the problem isn't people using their own devices. The problem is people are using devices like phones and tables, with their spare mobile operating systems to connect to enterprise resources.
Surprisingly, it seems IT may be able to take a page out of the integration playbook to deal with the BYOD dilemma.
A recent post on GigaOm argues that APIs (application program interfaces) and API management solutions could be the key to mediate the problems between the old world of enterprise apps and the brave new world of BYOD.
OK, I admit that APIs aren't, strictly speaking, only an integration solution, but they are used for Web integration, as I've shared previously, and are one way to achieve what Dion Hinchcliffe calls lightweight integration.
And I'll grant you the GigaOm piece isn't unbiased. On the contrary, it's written by Matt McLarty, the vice president of client solutions for API management company Layer 7 Technologies. But hear the man out before you dismiss this as marketing hype.
He recounts the adventures of two companies - an airlines and an electronics company - as they tried to make enterprise applications mobile. Suffice to say, their first attempts went awry, so they tried using an API as the border between the presentation (mobile) layer and the logic (enterprise-based) tier. This allows you to design for mobile OSes, while still utilizing your enterprise systems, he explains.
APIs can also be used to address compliance and security concerns, he writes:
This API proxy plays a dichotomous role. It opens and eases integration with enterprise APIs, and it enforces the policies that check user identity and control access to backend resources and data. Due to the mixed personality of BYOD devices - business and pleasure - no API request message can be trusted outright. Identity must be checked using any number of principals - app, device, end user - and weighed against the requested assets.
And, as an added benefit, it so happens that APIs are a great way to address the integration challenges of moving enterprise apps to mobile platforms. That said, I'm not sure I agree with his point about this being a "developer-driven approach to integration" that is seen as "a refreshing shift from the current SOA state " Actually, I'm not even sure I understand what he means by that.
Still, it's a viewpoint worth considering as you consider how to incorporate BYOD and mobile devices in general into the enterprise.
If you can't beat them, you might as well integrate them, right? And when it comes to BYOD, the research suggests you can't beat 'em: Within two years, Gartner predicts 90 percent of organizations will support corporate applications on consumer devices and 80 percent of professionals will use at least two personal devices to access corporate data.