BYOD & the Implications for IT: How to Support BYOD without Putting Your Company at Risk NEC Corporation of America www.necam.com
Table of Contents Executive Summary... 3 The Onslaught of BYOD: Why Now?... 3 Implications for IT... 3 Security...3 Support... 4 Business Community...4 Performance...4 Desktops as a Service: Making it Easier for IT to Embrace BYOD...4 Quickly onboard BYOD employees... 4 Enhance security and make it easy to enforce...4 Support the corporate desktop, not the device... 5 Boost workforce productivity... 5 Ensure positive user experience...5 Support the corporate desktop, not the device... 5 Conclusion... 5 NEC Corporation of America 2013 2
Executive Summary The predictions that many industry pundits have been making about the rise of BYOD (bring your own device) are coming to fruition. The surprise is that it is happening at a much-accelerated rate at businesses of all sizes, around the world. While BYOD is increasingly important for employee satisfaction, it poses significant challenges to IT in terms of security risks, productivity loss, support issues and costs. By adopting desktops as a service (DaaS), businesses can embrace BYOD while ensuring security of corporate data. Employees will be able to easily access their desktops from any and multiple devices, and IT can set clear policies around usage and support that make sense for your users and your company. The Onslaught of BYOD: Why Now? Signs pointing to BYOD s growth are all around us. Gartner found that 50 percent of employees use personal devices for work to one degree or another1. The research firm predicts that 90 percent of companies will support corporate applications on personal mobile devices by 20142. In businesses that allow BYOD today, nearly a third of the mobile devices connecting to the corporate network are employee-owned. Most 66 percent are laptops, but a full quarter are smartphones and nearly 10 percent are tablets3. This suggests that, not only are more people working from their own devices, but they are also accessing their corporate applications and data from more than one personal system. There are a number of reasons why BYOD s growth chart resembles a hockey stick. First, the impending expiration of Windows XP support in 2014 is driving IT organizations to evaluate alternative desktop strategies, making them much more open to concepts like BYOD than they would have been just a few years ago. Another factor is the growth of smartphones, which, according to IDC, continues to outpace PCs4. A lot of these smartphones are owned by employees who get some form of reimbursement from their employers. These smartphones are more than capable of accessing and manipulating corporate applications, and employees want to use them to do just that, whether they re at the office, at home, or somewhere in between. Perhaps the biggest influence on BYOD growth has been the ipad. It took off faster than anyone had guessed. Executives started buying ipads and pressuring IT to allow ipad access to corporate data, and they were quickly followed by people throughout the corporate world. This infatuation with ipads has also driven more employees to start using MacBooks instead of PC laptops for work, forcing IT to support an array of personal Apple devices. Businesses are also beginning to accept that their hard-working employees want to do some personal tasks while they re on the clock. In fact, a recent ISACA Shopping on the Job Survey5 found that 96 percent of companies expected employees to use company-supplied computers or smartphones to shop during the 2011 holiday season, and 92 percent also expected workers to use personal devices during office hours to shop. Companies allow this type of behavior because they want to promote work-life balance. It s becoming increasingly clear: Businesses that don t embrace consumerization of IT and BYOD are putting themselves at risk for low employee morale. And that s not good for productivity, employee retention or competitive standing. Implications for IT Before embarking on a large-scale BOYD initiative, you need to understand the implications on corporate IT. BYOD raises several rather substantial questions and challenges that should be addressed up front, ranging from security and support to business productivity and performance. Security Security tops the list of concerns that most companies have about BYOD. A study by Timico6 found that 72 percent of companies are worried about protecting sensitive data as employees use their own devices for work. When data resides on a personal device, there is tremendous risk due to viruses and theft or loss of that device. You will need to consider whether employees will be required to install particular antivirus software on their devices, and then figure out how to enforce compliance and whether to pay for that software. Additionally, if employees access your corporate network from their personal devices, then your network and your company are exposed to that risk. IT must decide how to deal with allowing devices that you don t know or trust to plug into the corporate network. For instance, are you going to restrict access to sites that could potentially introduce viruses, such as YouTube or shopping sites? If you do, you may end up compromising the goodwill that was the whole reason for allowing BYOD in the first place. NEC Corporation of America 2013 3
Support Do you want to manage the endpoint hardware or leave that up to each employee? Enabling support of some personal endpoint devices (i.e., BlackBerries) and not others (i.e., iphones) may lead to dissatisfaction or even employees attempting to circumvent corporate policy. But keep in mind that it s difficult, time-consuming and expensive for IT to manage such a variety of endpoint devices, particularly when they can be easily compromised by personal use. You can also consider providing a stipend or reimbursement for a warranty, similar to those that some companies provide for cell phone usage. You must also address how to handle software support and patch management. Even if you re following a BYOD model, appropriate support needs to be provided for the corporate image and software. Now, with BYOD on the rise, DaaS or cloud-hosted virtual desktop infrastructure (VDI) is even more compelling. With DaaS, the corporate desktop becomes an isolated application on the employee s personal device. This makes it possible for businesses to adopt BYOD while ensuring data security and employee productivity all without burdening IT staff. Quickly onboard BYOD employees DaaS makes onboarding BYOD employees easy, fast and inexpensive. With just a few mouse clicks, IT can provision corporate desktops for employees who want to use personal devices. Because you are leveraging the infrastructure and elasticity of the cloud, you don t have to plan for new capacity. Your IT admin simply goes to your service Finally, if your IT department decides not manage the BYODs, you have to determine what to do for employees who don t bring their own devices. For instance, if you support corporate-owned devices for those other employees, you may want to use more cost-effective thin client computers. Business Community How will you restore business continuity when an employee s own device breaks down and needs to be repaired or is lost or stolen? Will your company provide these employees with a spare computer while they get their devices fixed or replaced? If so, you ll have to figure out a process for provisioning those desktops so employees can get back to productivity as soon as possible. If that necessitates having extra devices on hand for this purpose, in addition to determining how many you ll need, you should also calculate whether the cost and time of maintaining these devices justifies this use case. Performance Employees will need to be near enough to your company s data center that latency will not impact performance when they are accessing corporate applications. How will you handle situations where you have a distributed or remote workforce? DaaS: Making it Easy for IT to Embrace BYOD DaaS (desktops as a service) has been adopted by many companies that want to gain visibility into and control over the desktop environment, while making it much more cost-efficient to manage. DaaS provides a much simpler, more affordable way of onboarding BYOD than alternatives such as traditional, on-premise VDI. On premise requires building out your own installation for X number of desktops, which is typically tied to employee count so that your company doesn t have to maintain and pay for unused capacity. Not only does on-premise VDI require tremendous upfront capital expenditures and ongoing maintenance for the data center equipment needed to support VDI, but there are also cost and time-drain implications when the company hits inflection points. As the number of BYOD desktops rises, you need to add storage systems, additional clusters of data center servers, SQL Server database licenses, etc. Enhance security and make it easy to enforce Instead of data residing on the employee s personal device, with DaaS, company data resides in your business data center. This means that, while employees personal documents and applications may be at risk if their devices are compromised, lost or stolen, your corporate data is secure because it was never on those devices. You also don t have to worry about putting policies in place that, for example, restrict online access to just the company intranet and partner sites, and blacklist sites such as YouTube. The corporate desktop is insulated from any viruses that attack the personal device or applications. Therefore, your IT team can apply security-related policies to the corporate desktop VM, or application, while allowing employees to access whatever web sites, email programs, etc., they want from their own devices. Now, you can legitimately block access without impacting employee morale. NEC Corporation of America 2013 4
Because the corporate desktop is completely separate from the rest of the personal device, you can easily delineate who is responsible for what aspect of security. IT can be responsible for the corporate desktop /VM security while the employee is responsible for maintaining overall security on the personal device at their own expense. DaaS provides additional peace of mind when it comes to security because, since it was built for the internet, it is pre-configured for the internet security paradigm. DaaS has two-factor authentication typically something the user knows such as a password and something the user must obtain, such as a text code to a mobile device. It also has an external security gateway that allows access to the corporate virtual desktop but prevents those desktops from being directly accessed from the internet. This is in contrast to on-premise VDI, which was built for the corporate LAN. On-premise is risky because anyone who plugs in while on-site can get access to your entire network, whereas DaaS allows IT to specify who gets access and what each person can access. Support the corporate desktop, not the device Because the hardware is decoupled from the software, IT can easily support the corporate desktop from a central location and require that employees maintain support of the BYOD and any personal applications. And unlike on-premise VDI, where IT has to manage all the infrastructure required for VDI, including servers, storage, and hypervisors, with DaaS you only manage the desktop images. The infrastructure is maintained by your service provider in its highly secure, fully managed hosting facility. Boost workforce productivity Decoupling the corporate desktop from the personal device also makes it easy to maintain business continuity. The corporate desktop application can be accessed from any device. If an employee s primary device goes down, IT does not have to be concerned about how long it takes to provision a replacement desktop, or how much it costs to maintain enough spare desktop computers. Employees can easily access their desktop from another of their own devices (ipad, smartphone, MacBook) or, if any are available, corporate-supplied thin client or other computers. This goes a long way to minimizing any interruption of employee productivity. Ensure positive user experience DaaS is ideal for companies that have a distributed workforce and want to adopt BYOD. By leveraging a service provider s global DaaS distribution network which has many more points of presence than a single corporate data center you eliminate potential latency issues that could result in a less-than-optimal employee experience. Conclusion BYOD is here to stay and it is only getting more prevalent. The sooner IT accepts BYOD, the better it will be for employee morale, retention, and productivity. By adopting DaaS, you can easily present the corporate desktop to employees on their own tablet or mobile devices without putting your company s security or business continuity at risk, and without having to devote additional time and money to complex BYOD support requirements. Corporate Headquarters (Japan) NEC Corporation www.nec.com Oceania (Australia) NEC Australia Pty Ltd www.nec.com.au North America (USA & Canada) NEC Corporation of America www.necam.com Asia NEC Corporation www.nec.com Europe (EMEA) NEC Philips Unified Solutions www.nec-philips.com About NEC Corporation of America Headquartered in Irving, Texas, NEC Corporation of America is a leading provider of innovative IT, network and communications products and solutions for service carriers, Fortune 1000 and SMB businesses across multiple vertical industries, including Healthcare, Government, Education and Hospitality. NEC Corporation of America delivers one of the industry s broadest portfolios of technology solutions and professional services, including unified communications, wireless, voice and data, managed services, server and storage infrastructure, optical network systems, microwave radio communications and biometric security. NEC Corporation of America is a whollyowned subsidiary of NEC Corporation, a global technology leader with operations in 30 countries and more than $42 billion in revenues. For more information, please visit www.necam.com. WP130010 v.03.27.13 2013 NEC Corporation. All rights reserved. NEC, NEC logo, and UNIVERGE are trademarks or registered trademarks of NEC Corporation that may be registered in Japan and other jurisdictions. All trademarks identified with or are registered trademarks or trademarks respectively. Models may vary for each country. Please refer to your local NEC representatives for further details.