There's a sentiment that often comes up when discussing BYOD, the changing workplace, and the consumerization trend as a whole. It's the idea that consumer-oriented cloud services and mobile apps are delivering a much better user experience than an IT staff, business software, and enterprise developers can provide. That's led companies like Enterproid and Apperian to focus on the end-user experience as well as the IT and management experience of their mobile management products. Both companies see the end user experience as a powerful competitive advantage.
How Hadassah University Hospital's "no" to BYOD later turned into "yes"
Five years ago, many of Hadassah University Hospital's 7,000 employees started asking if they could start using their personal laptop computers in their jobs. Initially, the answer was a firm "no" due to security concerns involving the institution's network and sensitive patient information.
But the pressure from many doctors and other workers continued, until finally in mid-2009 Hadassah brought in a potent network security application that allows deep protection of the hospital's network while giving employees some freedom and flexibility to use their laptops.
Of course, the Bring Your Own Device discussion didn't end there. Shortly after the laptops were permitted, hundreds of doctors and employees began bringing in other personal devices, including smartphones and tablet computers, and asking if they could use them for work as well.
At first, the hospital network completely blocked network access to the additional devices. But soon the tide turned and the IT staff started looking at ways to use their recently acquired network security system to allow more personal devices to be used without putting the network and data in jeopardy.
"It was chaos," said Barak Shrefler, the Chief Information Security Officer (CISO) for the Jerusalem, Israel-based hospital system. "When hundreds of people bring them in you start to ask whether maybe you can find a way to do it without risking your security and information."
So why the change of heart? Because despite the fact that more personal devices inside the network certainly would complicate data security, there was no arguing with how much more productive and efficient doctors, nurses, and administrative staff members could be if they could get needed information on their personal devices, wherever they were located.
But getting there wasn't easy. It took a lot of discussions about security and policies with hospital executives and employees before it finally came to pass.
"We talked to management five years ago about 'how do we manage all of this?'" said Shrefler. "At first they asked a lot of questions, about what are the risks and why. We did presentations about how different organizations were planning to attack this situation."
After about 18 months, the IT team received the OK to deploy a network access control system.
The IT team reviewed products from three vendors – ForeScout, Juniper Networks and a local vendor in Israel – before selecting ForeScout's CounterACT appliances, which allows agentless control of devices down to their individual features, such as turning off built-in cameras and screen captures. Today, the application not only watches over tablets, smartphones, PCs and laptops but also a wide range of other devices, including imaging machines, blood pressure systems and CT scanners.
Using CounterACT, Hadassah's IT staff can see and control every device on the network, according to Shrefler. What's more, each device is identified with a unique "fingerprint" that permits the assignment of specific use policies for each device and user, giving the hospital system the control it was seeking.
"Even if you brought your own devices in, it didn't mean that you can do everything with them," said Shrefler. "We changed permissions on the devices, which some workers objected to initially."
Bring your own device is so 2012. The next big push in the consumerization of IT is bring your own cloud. And just as when consumer devices poured into the enterprise, many IT organizations have already responded with a list of do's and don'ts.
Skyhigh monitors what cloud services employees are using and said that most businesses are surprised at what it finds.
A study by Cisco Systems' Internet Business Solutions Group concludes that the value companies currently derive from BYOD is "dwarfed by the gains that would be possible if they were to implement BYOD more strategically."