Our research shows that the majority of enterprises have adopted a policy of allowing users to Bring Their Own Devices to work, at least for some workers within the overall population. But BYOD is not without its challenges (e.g., datasecurity, device manageability, support, apps, TCO), and we expect to see some significant “adjustments” to BYOD policies within many orgainzations.
BYOD is clearly an important trend, but we expect it to "plateau" in the coming 1-2 years as enterprises decide that the cost and security issues associated with unlimited BYOD do not warrant the anarchy and increased support costs it has often caused. That is not to say that BYOD is dead. It simply means that companies are now starting to realize that the current mostly wide-open, laissezfare approach to BYOD is not sustainable longer term, and that more controls and better strategy are needed. This requires that an enterprise strategy be approved and implemented. In fact, only 21% of companies in our recent Enterprise Mobility Study have a mobile strategy in place, leaving the rest with a hodge-podge of policies and procedures that is often costly and inconsitent.
Also in our Enterprise Mobility Study, 42% of enterprises indicated they have never had a mobile security breach (across all mobile platforms, e.g., smartphones, tablets, laptops). This is “blissful ignorance", in our opinion, as large numbers of users admit to having lost devices and/or having sent or moved corporate data to non-secure places (e.g., personal email, Drop Box). Further, most BYOD users actually believe they are not risking corporate information assets when using their devices without enhanced security, yet many admit that they store sensitive data on their devices (and/or accessed through cloud storage) in an unprotected state. This clearly represents a security risk, especially for companies in regulated industries (e.g., financial services, healthcare, public agencies).
The rush to BYOD essentially created a substantial market for mobile device management (MDM) vendors. Most are still fairly small, but the major players in infrastructure now see MDM and its derivatives as important components of their overall solutions. That is why Citrix recently moved to acquire Zenprise, why SAP acquired Sybase and its Afaria product, why Symantec acquired Nukona and Odyssey, why McAfee acquired Trust Digital, etc. We expect the market for stand alone MDM/MAM vendors to slowly fade away as the major infrastructure vendors (e.g., Cisco, Oracle) acquire and deploy the technology, and the few remaining big MDM players (e.g., MobileIron, Airwatch) will likely be acquired too (although their valuations are quit lofty), and/or consolidate with some of the smaller vendors in the market to create a sustainable niche.
Going forward, employees who bring their own devices to work will likely see companies impose more constraints. We expect two trends to emerge. The first is that companies will demand and get more control over devices through stricter policy enactment and enforcement. The second is that devices, especially Android based, will become inherently more enterprise friendly. We expect to see more specific enterprise targeted features and "hooks" built into Android over the next 1-2 years, similar to what’s “baked in” to BlackBerry. Apple will likely do less in providing the heavy duty enterprise features that some big companies want. And BlackBerry will try to win back customers based on its security and manageability messages and extend them to competing platforms (e.g., iOS, Android). And even Microsoft will push some of the business-oriented features in Windows 8, and emphasize its close working relationship with Exchange ActiveSync as a way to secure mobile devices even in a BYOD environment.
Bottom Line: By 2014-2015 BYOD openness will be whittled away by more enterprise controls through tighter policies and enforcement, and by an ability of the devices to be more effectively managed and secured without the need for companies deploying tactical BYOD-driven MDM. MDM functionality will become built into infrastructure, and into apps, as the device vendors offer SDKs and APIs to make that possible. Stand-alone MDM vendors will have to add value on top of base capabilities. This will be harder for them to do longer term while competing with the major infrastructure players. Companies should plan accordingly.
Jack E. Gold
J.Gold Associates, LLC.
Research, Analysis, Strategic Consulting