Security "Bits"

A Knife Fight in a Phone Booth: How we got from BY-Oh-NO to BYOD

By Rich Campagna | March 14, 2014 at 10:08 AM

The BYOD phenomenon hit enterprise IT faster than a knife fight in a phone booth. You were cruising along with your easy, secure managed Blackberry deployment and then one day in 2009, the CEO bought an iPhone and demanded access to her corporate email. So you opened a door for her to do so via Activesync to the Exchange server. After noticing a surprising number of iPhones floating around the corporate cafeteria a few months later, you went and checked the logs and found more than 2000 unauthorized iPhones were actively connecting via Activesync! Yikes!

[BTW, this is a true story (including the number of unauthorized phones) told to me by several IT folks from a large, well-known organization]

At first, we tried to fight employees and push back, urging them to stick with their Blackberries. At some point, we realized that this was a losing battle, so we waved the white flag and decided to embrace BYOD. We still weren’t sure how.

As is typically the case, the startup world stepped in to save the day, this time offering up Mobile Device Management as a solution. It sounded great – you could manage personally-owned mobile devices in much the same way that you managed corporate-owned laptops. Locking down Bluetooth and iCloud, and blacklisting applications sounded like a great idea.

The problem is, those types of restrictions don’t work when it’s the user’s personal device. If they want to backup to iCloud and play Candy Crush all day, it’s their right to do so. Making matters worse, you’re not really sure whether the time and expense of rolling out the MDM solution (assuming you fully rolled it out) actually provided any real security.

Here’s how it unfolded (overlaid on Google searches for “BYOD” over time):


And here’s what we did about it: 


 So here we are today. Your employees are getting more savvy and pushing back more and more on heavy-handed BYOD security policies, and you’ve hired a team of administrators to keep up with deployment and management of a security solution that doesn’t really provide security, and won’t scale to your future needs.

So what’s next? Keep watching this blog over the next 2 weeks as we countdown the 6 key requirements for next-generation BYOD programs. Or sign up for our webinar on March 27th and hear them all in one shot.

Sign-Me Up!



see all