Increasingly, companies are allowing employee-owned devices to access their networks and data. This move represents a growing trend: the democratization of mobility IT.
For a while now, IT has been ceding some authority to the mobile platforms and devices permitted in corporate computing environments, and those environments themselves have become more open. Taking an individual liable (IL) approach, companies are providing employees with a list of smartphones and tablets approved for use in their environments, and employees are purchasing the devices they want to use. They pay for their own devices as well as their monthly plans, and IT makes it possible for them to use their smartphones and tablets to access corporate e-mail and select applications.
This approach contrasts with the corporate liable (CL) approach companies take for most of the technology used in the workplace. Following that model, companies procure mobile devices for employee use and pay for wireless service through a corporate plan. At first glance, the move to IL programs looks like a good one for the enterprise. Avoiding an expense--in this case for smartphones and data and voice plans--would seem to make sense.
Considering all the issues, a move to an IL model is not necessarily the right one in the long run. If a company provides a mobility allowance for employees, or allows them to expense their mobility device costs, it ends up paying for mobility anyway. A company could actually end up paying more to support IL devices than they would have under a CL approach. In the IL model, an enterprise pays for both for the wireless service and the transaction cost of processing expenses. Because carriers incur lower transaction costs for a corporate account than they do for multiple individual accounts, they can negotiate a quantity discount for corporate customers, resulting in a better deal than employees typically could get.
Yet despite the strong arguments for sticking with a CL model, more and more companies are finding that IL is more persuasive. Individual liable is here to stay.
The range of compelling platforms and devices allows employees to choose the devices they use on the job. They are deciding not to select and rationalize multiple standards. As a result, employees find themselves in a sort of democratic state, where they have a voice in deciding which smartphone they will use. Many are choosing to use a single smartphone for both business and personal activities.
As employees gain greater freedom in their choice of mobile devices, IT takes on some serious challenges. First, despite the fact that employees own the devices they use to communicate with customers via corporate e-mail or to access corporate databases, the enterprise is not absolved of its responsibility for managing how those devices are used. Companies retain responsibility for securing any corporate data accessed by or stored on mobile devices, no matter who purchased the device or is footing the wireless bill.
When employees have corporate data on their smartphones, the enterprise needs to protect it. That's not just good business practice; it also provides the means for complying with regulations like HIPPA, the PCI Data Security Standard and the Massachusetts Data Protection law.
What's Next? Dealing with the Good, the Bad, and the Ugly
Giving employees choice is The Good. The broad range of smartphones empowers users to work more productively. Compare what we can do today on a smartphone with the e-mail capability that defined those devices five years ago. The innovation that has occurred in that short time has been dazzling.
Today some users prefer the iPhone, which created the smartphone market and continues to drive innovative changes across platforms. Others are going with Android devices. Through constant innovation, Google's mobile platform has accelerated the rate of change in the market to challenge Apple's leadership position. Still others will choose Windows Phone 7 devices. Microsoft has a chance to regain prominence with its new mobile platform, which supports what might be the smartest smartphone design.
All three platforms are enterprise-aware, providing the means to comply with corporate security and manageability standards. The rivalry among the three companies is good because it creates and nurtures competition, innovation, and choice. Normally the way IT would seek to create order out of such diverse technology choices would be through standardization. That simply won't work for mobility. There are too many choices available to users, which only the most defiant IT leadership could limit for very long.
This obstacle to standardization is The Bad. This situation provides opportunity for new models of IT management that use other ways of creating order, rather than limiting choice. One possibility is middleware standards which spawn fairly open policies. (For instance, companies could allow employees to use any device that can be managed with a particular tool or that comply with core ActiveSync policies.)
Sadly, this leads to The Ugly. Ugly is what happens when choice gets ahead of the company's ability to deal with it, and what results is a mess. For example, an executive of a major medical delivery company recently learned the unintended consequences of neglecting to proactively get ahead of choice the hard way. The firm allowed employees to use a wide variety of devices, which the company did not manage at all. Without any constraints to restrict their usage, employees violated HIPAA privacy rules.
Allowing employees to use IL devices can and likely will get ugly as companies figure out how best to manage them. But there's no turning back. Expanded lists of corporate-approved mobile devices are the new norm, and IT will not be able to enforce narrow standards. In light of the changing mobility environment, the best thing IT can do is embrace the diversity among platforms and devices and develop new management models.
Accept The Good and The Bad and work hard to avoid The Ugly.