Identity and BYOD


Posted by Neil Wilson on 11/9/11 3:42 AM

One of the latest trends in the IT world today involves the use of personal devices (laptops, mobile phones, tablets, etc.) for conducting business. It’s arguably one of the subplots in the broader story of the Consumerization of IT. The trend has been termed “Bring Your Own Device” or BYOD. This, of course, is borrowed from the term BYOB or “Bring Your Own Bottle”, which denotes the practice of allowing patrons or guests to bring their own bottle of <insert adult beverage of your choice> to a restaurant or gathering as a way of getting around liquor licensing or reducing the costs incurred by the host. Isn’t funny how these names come about? I digress.

The BYOD trend is increasing for many reasons, most notably because of the increasing attractiveness, in form and function, of the various mobile devices on the market today and the increasing use of those devices to access services on the Internet. Most of us already have a smart device or two (or three, or four if you’re as geeky as some of the folks I work with) in our pocket or lying around at home. And we are using these devices to access email, social networks, or various other applications that are meant to make our lives easier. So why then would we want, or need to use a company issued device to accomplish essentially the same tasks for work? Not only that, but who wants to a) learn how to use, b) maintain and update, and c) carry around two smartphones or tablets? Worse yet, many of the most popular consumer devices are not currently, or may never be, offered as an option by companies to their employees.

As Andy discussed in the post referenced above, the consumer desires for techno-gadgetry are opposed by an IT organization whose job it is to manage, control, and secure the network, applications, and data being accessed by these devices. While we as consumers want flexibility and simplicity in managing our digital lives, IT is seeking standardization and control in the management of their infrastructure. Something has to give.

An interesting development on this front that offers some middle ground to the dueling forces are new offerings that promise to segment your mobile device along a virtual boundary for both personal and work use. One such offering announced last month from AT&T, aptly named Toggle, allows you to “toggle” between personal and work modes. According to reports, Toggle will be available later this year for Android devices and will be expanded to additional platforms in 2012.

To date, there appears to be two general approaches to accomplishing this separation of the two environments: one involves the use of a mobile hypervisor such as one offered by VMware or Red Bend, while the other involves a separate set of applications designed specifically for work purposes. AT&T’s offering appears to be based on technology from Enterproid, which seems to follow the non-hypervisor approach. With either approach, you get a separate profile and application space for both personal and work use. Enterproid, and thus AT&T, are also offering a cloud based management application for both individuals and IT organizations to manage different aspects of the dual profiles. For instance, IT could remote wipe the apps and data stored in the work container; however, they have zero access to apps and data on the personal side.

In the long run, the hypervisor approach should provide more flexibility given that you are not limited by the type of applications you can install into either profile, but there are some advantages, namely security, to offerings like Enterproid’s. Enterproid also provides companies with the ability to customize the look and feel of the work profile and to develop and install custom applications specific to their businesses.

Regardless of the approach used to separate the two environments, the fact that there are now two environments, and thus two identities (or personas), on a single device presents some interesting identity challenges for the carriers. Will they separate the billing so that you are responsible for usage in the personal mode, while billing your company for work usage? How will access be controlled to the apps hosted in a company’s private cloud, or public SaaS applications used for business purposes? I use both Facebook and Twitter for personal and business use, so how will that be segmented? One solution to managing the multiple identities is to leverage dual-SIM cards. While not all networks, nor devices, can support this setup, maybe this option will become more commonplace in the dual world? All this is to say, “mo subscriber identities, mo problems.

That said, we really think this represents a great opportunity for carriers to step up and offer a fully integrated enterprise mobility solution – from the apps installed on the device, to the cloud-based IT management platform and enterprise app storefront (hosted by the carrier). This solution should transparently leverage the subscriber identity to streamline the billing, authentication and authorization of the applications and services hosted by the carriers. Best of all, it also lays the groundwork for the carriers to begin offloading some of the identity provider responsibilities from enterprises.

Topics: Data Management , General