Jack Gold: Has BYOD peaked?

Expect enterprises to start instituting stricter policies to make BYOD a more secure and cost-effective policy

It is now the majority of enterprises that have adopted bring-your-own-device, or BYOD, policies, at least for certain classes of workers within the overall population, according to our recent research.

But BYOD is not without its challenges (including data security, device manageability, support, apps and TCO), and I expect significant adjustments to BYOD policies at many organizations. Indeed, I expect the trend to plateau in the next year or two as enterprises decide that any benefits of unlimited BYOD do not warrant the anarchy and increased support costs it has often caused.

BYOD isn't going to die. But companies are starting to realize that a laissez-faire approach is not sustainable and that more controls and a better strategy are needed. Today, only 21% of companies in our Enterprise Mobility Study have a mobile strategy in place, leaving the rest with a hodgepodge of procedures that are often costly and inconsistent.

In the same study, 42% of enterprises said that they have never had a mobile security breach (across all mobile platforms: smartphones, tablets, laptops). But in my opinion, that is just blissful ignorance. In truth, large numbers of users admit to having lost devices and/or moved corporate data to nonsecure places (such as personal email or Dropbox). Furthermore, most BYOD users actually believe they are not risking corporate information assets when using their devices without enhanced security, yet many admit that they store sensitive data on their devices (or access it through cloudstorage) in an unprotected state. This is a clear security risk, especially for companies in regulated industries such as financial services and healthcare.

The rush to accommodate BYOD created a substantial market for mobile device management (MDM) vendors. Most are still fairly small, but the major infrastructure players now view MDM and its derivatives as important components of their overall offerings. That is why Citrix recently moved to acquire Zenprise, why SAP acquired Sybase and its Afaria product, why Symantec acquired Nukona and Odyssey, why McAfee acquired Trust Digital, etc. I expect the market for stand-alone MDM/mobile application management vendors to slowly fade away as major infrastructure vendors like Cisco and Oracle acquire and deploy the technology, and the few remaining big MDM players (e.g., MobileIron, Airwatch) will likely be acquired too (although their valuations are quite lofty) or will consolidate with some of the smaller vendors in the market to create a sustainable niche.

Going forward, I predict that employees who bring their own devices to work will see companies impose more constraints. Furthermore, I expect two significant trends to emerge. The first is that companies will demand and get more control over devices through stricter policy enactment and enforcement, including requiring users to add third-party security and management apps to their devices that separate work apps, data and interactions from their personal counterparts. The second is that devices, especially those that are Android-based, will become inherently more enterprise-friendly. There will be more specific enterprise-targeted features and hooks built into Android over the next couple of years, similar to what's already baked into BlackBerry. Apple will likely do less in providing the heavy-duty enterprise features that some big companies want. And BlackBerry will try to win back customers based on its security and manageability features while extending them to competing platforms such as iOS and Android. Even Microsoft will jump in, pushing some of the business-oriented features in Windows 8 and emphasizing its close working relationship with Exchange ActiveSync as a way to secure mobile devices within a BYOD environment.

So what's the bottom line? By 2015, BYOD openness will be whittled away by more enterprise controls through tighter policies and enforcement, and by an ability of the devices to be more effectively managed and secured without the need for companies deploying tactical BYOD-driven MDM. MDM functionality will become built into infrastructure, and into apps, as the device vendors offer SDKs and APIs to make that possible. Stand-alone MDM vendors will have to add value on top of base capabilities. This will be harder for them to do longer term while competing with the major infrastructure players. And companies should plan accordingly, while understanding that limited BYOD is here to stay, but also that the mobile technology will continue to evolve.

Jack Gold is the founder and principal analyst at J.Gold Associates, an information technology analyst firm based in Northborough, Mass.

Read more about bring your own device (byod) in Computerworld's Bring Your Own Device (BYOD) Topic Center.

Copyright © 2013 IDG Communications, Inc.

It’s time to break the ChatGPT habit
Shop Tech Products at Amazon