Apple's alliance with IBM counters BYOD 'nightmare' for companies adopting iPhone
As many as 6 out of every 10 employees at one Wall Street firm have gone back to carrying a corporate BlackBerry alongside their personal iPhone thanks to "Bring Your Own Device" trouble, underscoring Apple's teething problems in the enterprise and highlighting the importance of the company's new tie-up with C-suite favorite IBM.
Many of the issues stem from the relative inadequacy of the third-party mobile device management -- or MDM -- solutions available for iOS when compared to battle-tested alternatives like BlackBerry's BES, one IT executive at the firm told CIO.com. Some cause excessive battery drain, while others don't play nicely with popular apps like those from Salesforce, making life difficult for users.
"The failure of these systems has to do with little things that drive users crazy," the executive said. "We're an investment firm with a hundred-something monkeys, everyone is super smart, everyone is a prima donna, and it's very difficult to accommodate them."
Privacy is also a factor, with users loathe to subject their personal data to corporate management thanks to the wide-ranging power enterprise administrators have once a handset has been placed in their control. An administrator can remotely track any device under their management, for instance, and lock down features like text messaging -- abilities that the same executive said made users view corporate IT with suspicion as an Orwellian Big Brother.
Some third-party MDM vendors have attempted to bridge the privacy chasm with mixed results. An offering from Divide -- recently acquired by Google -- creates a separate "workspace" on a device to act as a silo for corporate data, for example, though such solutions remain outside of the mainstream.
That these concerns are surfacing now is somewhat ironic, given that privacy issues and device lockdown are among the very reasons that corporate users fled BlackBerry for iOS in the first place. Enterprise administrators simply lacked the tools to enforce those same standards on the iPhone when CEOs first came calling for the popular handset.
Apple is partially to blame for these faults, the executive said, because iOS was initially designed as a consumer operating system with apparently little thought given to its eventual role in the enterprise and the symbiosis that must exist between users and administrators to keep the peace.
This is an area where Apple's recently-unveiled enterprise pact with IBM could pay steep dividends. Though the relationship is widely viewed as a sales-first affair, Big Blue has unparalleled enterprise expertise and thousands of employees that live and breathe large-scale mobile device deployments -- a deep pool of knowledge for Apple to tap as it refines its enterprise offerings.
The two companies hinted at just such an arrangement when announcing the partnership, touting IBM-developed "device management native to iOS" and a new "end-to-end procurement and lifecycle management services allow employees to manage their own mobile devices" dubbed IBM MobileFirst Supply & Management.
If executed properly, the pairing of Apple and IBM could easily beat back BlackBerry's mini-resurgence -- and might eventually be enough to stamp out the Canadian firm for good.
Many of the issues stem from the relative inadequacy of the third-party mobile device management -- or MDM -- solutions available for iOS when compared to battle-tested alternatives like BlackBerry's BES, one IT executive at the firm told CIO.com. Some cause excessive battery drain, while others don't play nicely with popular apps like those from Salesforce, making life difficult for users.
"The failure of these systems has to do with little things that drive users crazy," the executive said. "We're an investment firm with a hundred-something monkeys, everyone is super smart, everyone is a prima donna, and it's very difficult to accommodate them."
"We were shocked, blown away, by the privacy reaction," the executive said.
Privacy is also a factor, with users loathe to subject their personal data to corporate management thanks to the wide-ranging power enterprise administrators have once a handset has been placed in their control. An administrator can remotely track any device under their management, for instance, and lock down features like text messaging -- abilities that the same executive said made users view corporate IT with suspicion as an Orwellian Big Brother.
Some third-party MDM vendors have attempted to bridge the privacy chasm with mixed results. An offering from Divide -- recently acquired by Google -- creates a separate "workspace" on a device to act as a silo for corporate data, for example, though such solutions remain outside of the mainstream.
That these concerns are surfacing now is somewhat ironic, given that privacy issues and device lockdown are among the very reasons that corporate users fled BlackBerry for iOS in the first place. Enterprise administrators simply lacked the tools to enforce those same standards on the iPhone when CEOs first came calling for the popular handset.
Apple is partially to blame for these faults, the executive said, because iOS was initially designed as a consumer operating system with apparently little thought given to its eventual role in the enterprise and the symbiosis that must exist between users and administrators to keep the peace.
This is an area where Apple's recently-unveiled enterprise pact with IBM could pay steep dividends. Though the relationship is widely viewed as a sales-first affair, Big Blue has unparalleled enterprise expertise and thousands of employees that live and breathe large-scale mobile device deployments -- a deep pool of knowledge for Apple to tap as it refines its enterprise offerings.
The two companies hinted at just such an arrangement when announcing the partnership, touting IBM-developed "device management native to iOS" and a new "end-to-end procurement and lifecycle management services allow employees to manage their own mobile devices" dubbed IBM MobileFirst Supply & Management.
If executed properly, the pairing of Apple and IBM could easily beat back BlackBerry's mini-resurgence -- and might eventually be enough to stamp out the Canadian firm for good.
Comments
They're bringing their own device because they don't want to be monitored or they are engaging in private business on company time. IBMs involvement won't change human behavior.
Agreed. Folks want to use their own phone, but don't want the company to tell them what to do with it. Companies would rather let employees use their own devices to keep costs down, but get irked when personal/business needs clash.
Regardless of what OS is used, it will always be a problem. Even with using a Blackberry, it will still mean that people may go back to using two handsets again.
Although I'm pretty sure that there is no encryption when messaging a non iOS phone.
They're bringing their own device because they don't want to be monitored or they are engaging in private business on company time. IBMs involvement won't change human behavior.
or gov't compliance requirements. You can't connect a computer (and an iPhone is a computer) to a corporate network without the simple requirement of 'what just connected to the network','Is it a threat* [compromised with malware or software that puts the organization at risk*]?', 'is the user authorized to be on the network [authenticate - friend or foe]'
* texting 'outside' of the Command and Control of a central DLP/monitoring system is considered a federal offense in any financial institution. Compliance mandates that any statement made to an outside party from an 'official' person or device must conform corporate standards (you can't have a person inside of a corporation say 'BUY/SELL XYZ' without it being recorded, for post facto analysis of insider trading, pump and dump or anything else that may be illegal. Hence iMessage is considered malware inside of most financials, lumped in with skype, and many other P2P messaging (including stuff like Gmail, although that is typically attacked via corporate man in the middle proxies (that *.google.com certificate you have on your PC is planted there by your corporate compliance dept, so they can decrypt every message you send and receive via https from your desktop at the corporate proxy server).
I don't think messaging is part of their security problem. Apple encrypts their messages end-to-end, and even the FBI was seen complaining about this a few years back.
Although I'm pretty sure that there is no encryption when messaging a non iOS phone.
see above,
You texting corporate secrets is definitely part of their security problem. Can't manage/monitor it, it's then considered 'malware'
Which text-messaging service did Lois Lerner use?
Way to go ... how to derail a thread and attract the politically polarized nut job with one sentence.
Agreed. Folks want to use their own phone, but don't want the company to tell them what to do with it. Companies would rather let employees use their own devices to keep costs down, but get irked when personal/business needs clash.
Regardless of what OS is used, it will always be a problem. Even with using a Blackberry, it will still mean that people may go back to using two handsets again.
Which is by far the best solution, to be frank, on a practical level. Business and personal is perfectly separated in every way. Th penalty is that you have to carry two devices but that's not too big a deal for most people. With the new iPhone becoming so thin all someone has to do is create a 'back to back' case and voila! A double sided phone!
"... everyone is super smart, everyone is a prima donna, and it's very difficult to accommodate them."
This is what the CIO / CTO says when Wolf of Wall Street wannabes all bring their own iPhones.
I imagine things are a bit different when the CEO wants to use an iPhone.
Tom Kaneshige writes absolute garbage for CIO. An entire article about iPhone & BYOD that failed to even mention IBM, after a previous article that said Apple and IBM couldn't possbilly work together and that Apple has done nothing to support Enterprise MDM. Except that Apple has made enterprise MDM a major feature since iPhone 2.0 in 2008.
He's pushing BlackBerry so hard that its painful to read. All based on "stats" by one anonymous source at an unnamed company that is supposedly returning to BlackBerry.
Kaneshige cites this anonymous source as saying "There really is a great deal of capability inside these devices, [such as] the ability to turn on the camera or a microphone and listen to conversations," says the IT executive. "This stuff is pretty spooky."
That's purely false - MDM specifically allows companies to manage hardware features.
"We're an investment firm with a hundred-something monkeys, everyone is super smart, everyone is a PRIMA DONNA, PRIMA DONNA, PRIMA DONNA, and it's very difficult to accommodate them."
This situation is the nemesis of BYOD. Not playing by rules because of these Prima Donnas. The end play is unlawful but they don't give a Rats Petuti.
BYOD is healthy for the most part as I see it. Fire the renegades, send them to prison. But no, the almighty $$$$.00 is the bottom line.
I don't have any experience with enterprise MDM but I have some in an academic setting. We used Casper Suite to manage iOS devices and it worked pretty well. Maybe Apple should buy them and update it for enterprise use.
Regardless of what OS is used, it will always be a problem. Even with using a Blackberry, it will still mean that people may go back to using two handsets again.
I often carry two phones when out of the country. It is the only way when you have a local number and a USA number both of which you need to be active. Many people today don't have or don't use a home landline and important communications from their doctor, children's school, or childcare provider often need immediate attention. Of course people don't want the corporate IT managing their personal phone. Probably the best situation is to just not allow the personal phones on the corporate WiFi or plugged into a USB port if network security is a concern, but you can't take away their personal phone if the only number they have registered with the doctor or childcare is their mobile.
They're bringing their own device because they don't want to be monitored or they are engaging in private business on company time. IBMs involvement won't change human behavior.
Exactly the reason I never put an single personal thing on my work systems, As much as they do not want me using their things for personal things I do not want them tell me how to use my personal things for personal stuff.
I worked at one place and they use to get upset with the fact I would bring my own personal laptop to work, they did not want it touching the corporate network. Today you can be on cellular networks and do not have to touch the corporate networks. I can still seeing companies banning the use of personal cell phone at work.
Lois is an AI forums contributor?
They either want to limit how the user can use his device like it was a corporate device, meaning the user just bought a smartphone for the company and cannot use it like it was his own. Users will not do this.
If this is not the case usually a service is provided over a 3rd party app (e.g. from Good). An acceptable compromise. But because it doesn't integrated seamless on a user's device not many employees go for it as BYOD is opt-in.
So it ends with: "gimme a corporate phone" if you insist on me being reachable all the time. Especially as it comes with a plan the company paid for. Who is not eligible for company phone might opt-in for a 3rd party app to e.g. check some mails, contacts, calendar stuff. That's how BYOD usually ends.
This will not change with IBM, instead this will just end up with a corporate service taking data from other services (preferable form IBM as well) and some app from IBM. And Apple helps IBM here to get the Apps to look and feel like Apple apps to some extends. And probably some better full corporate IOS device management will happen result.
In the end BYOD is always the wish of an enterprise that an employee will do stuff for an enterprise without getting payed for it and even pays for the means to do so (device, contract).
There are instances where BYOD works nicely and is not a problem. But global players are usually way beyond paranoia (on the simple things they understand and not on the big open holes) and that together with fragmented and grown infrastructure results in bad BYOD projects.
One BYOD project I was involved in at global player in banking around 2010 probably started like many. Everyone hated the locked down Blackberries by now. CTO wanted to use his shiny new iPhone that he/she loves so much and access corporate services from it. And of course the CTO also wanted to use all the features like it was his own private smartphone (the CTO paid for it with his own money as the corporation only offered Blackberries, but of course it is a company contract). And BYOD was born. Ended with Good and a lot of hacks to get data into it and to provision it. Just horrible.
Instead of thinking how can we leverage existing Smartphones of our employees effectively for a better production value it starts as a "ween need to integrate IOS and Android for higher management tiers". A recipe for a bad project right from the start...
Another one went different. "Oh, we need to have BYOD as well! Users paying for their phones anyway. We can save a lot of money. But we have no budget to do so." Yep, another global player.
But they had some VPNs in place, even though the VPN in service was exclusively there to connect to Exchange servers from corporate notebooks. In the end the existing VPN solution was fully upgraded to a proper VPN with all bells and whistles.
With more "working from home" initiative, shared desk policies and other stuff in the pipeline it was just naturally to use a VPN as what it was. BYOD just jumped on the band wagon as there was already potential funding for the "workplace of the future". So funding came from a different project and the CIO could shine with "We also have BYOD now on the golf course".
Now if someone wants to access services of the corporation, he connects to the VPN from his phone or from home with a corporate notebook. In addition some corporate management of the phones happens as well as cheaper contracts for the employees as they are bought in bulk anyway (now more than ever). Later Android was also integrated. Stock VPN connections are not used here of course, as using private APIs in enterprise Apps is not an issue. Security issues were handled with a legal document everyone has to sign who want to access corporate data from outside. Company was covered as it dictated rules and and when to use any remote service. Rules for working from home where just expanded to smart phones. Sure no one cares, but hey we are covered.
At our corporate offices, only the top execs know the wifi password and they change it all the time. All the managers have company iPhones in addition to their personal phone. No one is allowed to plug in any phone into a computer USB, corporate or personal. They are supposed to keep their personal phones out of sight. No one is allowed to wear earbuds and only telephone customer support operators can wear headsets. MP3 and Facebook are blocked except for marketing manager. Originally IT said that no one was allowed to get email on their personal phone either, but someone figured out how trivial it was to set up Exchange on an iPhone and then secretly told the other iPhone users how to do it, so now that policy is no longer enforced, at least not for iPhone users. Everyone else is apparently still unable to log in to Exchange with their Androids, although I imagine it is equally trivial to hook them up. Perhaps they have discovered how to do it by now, but IT will not tell them how. I'm so thankful I don't have to work at corporate very often. The IT department is a nightmare.
On a personal level, as I am about to lose my work mobile as a cost-saving measure, I am no longer going to be contactable when out of the office. I will not put my personal phone number into our directory, as I want to keep my work and personal life seperate, and I cannot afford to maintain a second phone for work. I suspect I am not the only person in this poisition.
In my exoerience, providing IT services to a moderate sized organisation, it's usually the CIO or CTO (rather than the CEO) who wants to use their exotic hardware. Something about the personality types of people in those roles.
Nevertheless, the problem is real - policies are drafted according to sensible security and technological requirements, and then someone in senior management sees something shiny, and we end up having to shoe-horn it into the environment somehow. It's not limited to personal electronics either. For every instance of MacBook Air or iPhone envy, we get someone obsessed with implementing a virtual desktop infrastructure, regardless of whether it can actually provide any of the services we require to operate. Often these initiatives conflict so that we can't possibly implement both of them, but it doesn't stop the ridiculous demands.