Following on from the opening post in this series where I covered the changing world of working and how a changing workforce, new devices and better network connectivity is rapidly changing not only our personal lives but also the way we want (and do) work, in this post I’ll take a look at devices, and the realities behind what this means for this new world of working.
This is a 5 part series.
So, devices. Devices, devices, devices. Everywhere you go, you see devices. Laptops, tablets, phones. On the go, connected, working, playing, living. Sounds utopic huh.
Right, so lets get straight down to the challenge. How are these devices managed?
And when you start to dig down into this question, another myriad of questions come to mind … how do they get provisioned? Do they get provisioned? Or are they just the same devices users use at home? How many different platforms do we need to know about? How to we make sure our information is secure and protected? How do we know it’s our user using the device and not some random who found/stole the device? And what do we do if that device is lost and stolen?
Oh man, what a hornets nest of challenges there, and let’s be really honest. This is hard. There are decisions to be made. The are compromises.
I’m going to use our own approach to phones as an example that encapsulates pretty much all the challenges above. In most cases, we as Microsoft employees run our own phones, as in, it’s mine, I own it. If I leave the company, it stays with me. I connect to the corporate network, I can view protected information … and I also have my personal stuff on it. So how does that work?
Provisioning: this is a BYOD scenario, if it was a laptop/tablet/PC, I would expect it to have a corporate image (or at least the enforcement of policies to ensure patch, AV, secure configuration, Bitlocker etc.) but this is a device that I own and want to connect to corporate resources.
Information: In order to connect to my mailbox, a set of policies must be accepted. This is the trade-off in a BYOD scenario. Sure, bring your device, but you play by our rules. In reality this means that the device must enforce security (such as things like an unlock PIN), I must provide proof of my identity (such as entering credentials) but could also go further if desired. The point here is that you can achieve any scenario you want, you just need to think about all these things. And make sure people understand what happens when Things Go Bad.
Recovery: OK, this is where things can get real sticky, what happens if you lose a device. When this is a corporate device, you simply use your management tools (you’re all using management tools that allow you to manage all your devices regardless of location right?) to send a seek-and-destroy message and wipe it. But what happens when this is a BYOD device. Oh man, the deep dark well of pain. This is ugly, but it’s also reality. If your users are accessing corporate information with their own devices, you need to ensure that you have a policy, that they accept that policy, that they understand that policy (and not just blindly accept it) and know that if they lose it (or if their kid gets hold of it and enters a random attempt at the PIN/password more than the limit – never happen right?) they’re gonna lose everything on it.
Now, thankfully, this new world of devices is helping us with this, with cloud backup of settings, application stores that easily push apps back onto the device and online storage. But you need to think about these things, and ensure that people understand the realities of using these devices to access corporate information.
So now that we’re all managed, policied, secure and backed up, we can actually use the devices.
In the next post in the series, I’ll look at the new world of applications and how the new touch driven devices, connected networks, incredible amounts of data and a global, social world are changing the way applications work.