Let’s start with the obvious.
There is no silver bullet, one-size-fits-all checklist for creating the perfect Bring Your Own Device strategy. Every organization is completely different.
But it’s not as bad as it sounds. Many of the technologies necessary to support a strategy are probably already in your ecosystem. It’s just a matter of knowing what’s missing, and how to leverage what you’ve already got.
To give you a hand, we’ve assembled seven tools and technologies that make planning and executing your BYOD strategy a reality.
1. Application Virtualization or Presentation
There are two approaches to delivering business apps to a device you are not in control of – for example, personal smartphones or tablets: Application Virtualization and Presentation.
The key difference between them is where the processes run. Presentation consumes the resources of a Terminal Server (TS) or Remote Desktop Server (RDS). This is a great approach when you need to deliver native Windows apps to non-Windows devices. Just make sure you’ve looked into server licensing requirements when doing that.
Application Virtualization consumes the resources of the destination device, such as a laptop. A key benefit is software compatibility. IT creates a Virtualized package based off the supported operating system (OS), say Windows XP, and is then able to stream that package to a non-supported OS, like Window 7.
Note that the destination device must support the Application Virtualization agent. So you could not take a Windows application and stream it to a Mac.
2. VDI or Desktop Virtualization
Another approach is presenting an entire Windows desktop to an employee-owned device using VDI or Desktop Virtualization. The value here is that users consume resources in the data center, and not on the local device. Similar to Application Presentation, desktop virtualization uses a display protocol to deliver the entire desktop to personal devices. This solution is good for different reasons. For example, it’s ideal when an application can’t be virtualized, or the application itself needs more access to a virtualized client operating system.
Keep in mind when you choose this delivery model, a Microsoft Virtual Desktop Argent (VDA) license is required.
3. Cloud brokerage solutions
Where and how does cloud fit into your BYOD strategy? SaaS or IaaS offerings are venues to offload internal resources to a cloud provider, and often clients will employ several – which gets complicated.
One approach is becoming an Internal Cloud Broker for your organization, leveraging a holistic solution like Softchoice Cloud. This type of platform lets you find and buy SaaS apps, manage and deploy them to personally-owned devices, federate them securely through Active Directory, and get the 24/7 support you need to make your users happy.
4. Mobile Device Management
Mobile Device Management (MDM) is a powerful tool to securely manage the network access of employee-owned devices.
The main upside of MDM is that it enables IT to handle entire fleets of devices at once, setting the policies and access restrictions, without having to deal with every device individually. All users are required to do is sign-in to an app or web page, and you automatically push the correct configuration to that user, based on his/her profile.
A good MDM solution example would be Airwatch, which offers great compliance control via a SaaS solution.
5. Wifi bandwidth
One common “gotcha” for BYOD is WiFi. When most organizations rolled out the wireless networking technology, the majority of employees connected via Ethernet. In today’s world of instant-on devices, large organizations barely have enough WiFi infrastructure to support a fraction of the total employee base.
What we regularly see in mobility assessments is that our clients frequently underestimate the sheer volume of outside devices connecting to their infrastructure.
6. Data Loss Prevention
Data Loss Prevention is a good idea if you want to make sure certain types of data are simply not allowed to leave the network.
For instance you probably don’t have any reason to allow credit card numbers, or social security numbers to leave the premises via email. By establishing policies and leveraging technologies that stop the most sensitive data from leaking (preventing certain kinds of attachments or types of data), you are insulating yourself from risk. So when an employee loses their personal Android device, the risk to your organization is mitigated – and it hopefully also means one less headache for you.
7. Network Access Control and Authentication for Guests
It’s very common for visiting clients or guests to require access the internet at your office. The risk, of course, is having unmanaged (and non-secure) client devices connecting to your corporate network.
With NAC, you can easily do just that. A good example of a NAC is Cisco ISE, a policy-control platform that is device- and location-aware.
A NAC also allows you to implement security policies in place that dictate what a user can- and can’t – access remotely. For example: users can’t access tier-1 apps from their local Starbucks… but coming from a trusted environment like their home office, they can.