Blog Post

IBM stung by BYOD pitfalls

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

The whole bring-your-own-device trend may cause as many problems as it solves, according to IBM(s ibm) CIO Jeanette Horan.

BYOD, in which companies let (even encourage) employees to use their personal smartphone or other tablet of choice for work, was driven largely by the popularity of Apple’s(s aapl) iPhone and iPad devices and embraced by companies that saw it as a way to boost productivity and mobility of their workers. But it turns out that the same proliferation of cloud-based services that lets users access applications and data via mobile devices both enables BYOD and causes companies to question its use.

That’s the risk Horan pointed out in a new Technology Review article. IBM, according to the story, provides Blackberrys(s RIMM) for about 40,000 of its 400,000 workers while 80,000 more use their own smartphones or tablets to access IBM networks. And that’s where the trouble began.

IBM soon realized that it had no grasp of which apps and services employees were using on their personal devices and set forth guidelines of proper use. It banned, for example, the use of such popular services as Dropbox cloud-based storage. The well-justified fear was that employees would put IBM-sensitive information in their personal Dropbox accounts and forward internal email to public Web mail services, or use their smartphones as mobile Wi-Fi hotspots. All of these scenarios constitute a CIO’s nightmare, as GigaOM has reported.

Said Horan: “We found a tremendous lack of awareness as to what constitutes a risk, [so now] we’re trying to make people aware.” These BYOD risks are not really new. What’s interesting is that a big tech company like IBM got bitten by this bug.

According to the story, before IBM will allow an employee to access its networks with his or her device, it must make adjustments.

The IT department configures it so that its memory can be erased remotely if it is lost or stolen. The IT crew also disables public file-transfer programs like Apple’s iCloud; instead, employees use an IBM-hosted version called MyMobileHub. IBM even turns off Siri, the voice-activated personal assistant, on employees’ iPhones. The company worries that the spoken queries might be stored somewhere.

Here’s the problem: If IBM (or any other company) is going to strip these devices of the very things that attracted users to begin with, chances are, those devices will stop being used for work at all.  Who wins then?

Photo courtesy of Flickr user saebaryo

27 Responses to “IBM stung by BYOD pitfalls”

  1. Many Organisations are enabling BYOD by separating personal applications and data from personal applications and data. This way users can still use services such as Dropbox for personal use, yet there is no way the y can move corporate data to these services.

    Two companies to check out are and Pinecone.

  2. Mike T

    My prediction is in less than 3 years, company’s will go back to administering phones/ IPAD’s on company plan’s to those who need it and turn to a managed service for plan optimization and service/helpdesk support. Businesses will soon learn that it’s easier to manage their own deployment of plans/phones. Catering to multiple standards/ devices to address every employee’s whim is an eventual disaster. If employees do not like the phone/ipad/tablet/ Hotspot/carrier, etc they are given, they should hit the brick’s. Unless you’re in the field, the majority of employees can accomplish their work without an IPAD/ Smartphone. Another problem I see is access to call records, text log’s, etc. For example, if you have an employee who is moonlighting for a competitor, best of luck trying to get their device/call records/ etc. with BYOD, you’re SOL.
    For company’s that must have BYOD, it will eventually be single App that will come pre-loaded with each phone.

  3. geek squad

    I work in an ITS department. The company has supplied me with a cell, then BB for the last 12 years. To cut costs most users were stripped of BBs this year. Now our management wants ITS to do the same. They will let you keep the BB as your own phone. Then add a stipend to your paycheck to add to your family plan so you can have data services. My issue is that i have never had other than a company phone. My wife’s plan will cost alot to add me. SHe will need to remove a parent from the plan to do so. I don’t need a data plan personally, but they want me to get email 24/7 as related to work. We have a call center these days so it is rare for me to take a call at 2AM. There ar several issues with this idea i feel are wrong. one is the company wants to block email from the comay from being sent to internet mail. This would mean i would need to have our phone team work on my personal cell, and have access to it ongoing. If i receive a stipend for the phone the IRS will consider it income and tax me. When my phone finally dies, i will need to buy a new one, and repeat the process to set up mail. I question how this will work for people not on AT&T, which is what the company uses. SInce i work in ITS, i am forced to obtain a cell phone, this is not an option. Personally i don’t see why we can’t go back to a pager -as it worked before smart phones. I rarely call on my work phone outside of work, and it is usually left in my bedroom on the weekends. This simply feels like the comapny expect me to pay for their phone systems.

  4. Ramon Nuez

    Placing restrictions on smart devices is simply reactionary — a knee jerk reaction from carry over from filtering rules.

    There certainly needs to be a mobile management infrastructure in place but filtering is not the way.

    I have seen allot of good work in the mobile virtualization space. This is where enterprise applications are installed on your device but virtually. This is similar to a virtual desktop or virtual (desktop) applications.

    So if you want to access the corporate network you must access it through the “Enterprise VM.”

  5. We are at the very beginning of this trend and the companies at the edge are having problems. We need products that put mobile applications in virtualized containers to avoid the mixing of data types and avoid data leakage.

    You last statement has been my stance of why VDI is bad for BYOD. If we begin to strip users of the functionality what’s the point? Hard problem.

  6. I don’t really see why is this such a concern when there are so many solutions to prevent this!
    I read an article in a german security magazine saying that you can get protection for Mobile Endoints for free from certain companies. One is which is managing Mobile Devices from a certain security product, blocking, filtering mobile devices marked as BYOD. If they can do it, for sure the giants can also.
    And like cstarbird said, limit the device with accounts for certain tasks and allow only the one you, as a company, trust when the device is in your network.
    Just my 2c and to complete Sharona, this is not a passing trend at all, its the future!

  7. focher

    The issue is that the mindset of corporate use of technology needs to change. Previously, enterprises used technology to “manage” the information. One needs to accept it simply isn’t possible anymore. How exactly is the ability to store sensitive documents in Dropbox different than access to a photocopier in the office which is not managed. Or how does an iPhone introduce the issue of forwarding emails to my personal account when I can do the same with a Blackberry or my desktop Notes client? These aren’t new issues. It’s only that IT departments are being forced to find technical solutions to bad employee behavior.

    The world has changed, and trying to shoehorn the new one into the policies and approaches of the old paradigm isn’t going to work.

  8. and this is why I end up carrying a blackberry (from work) and an iphone (personal) with me. My company has similar policies for using personal devices, and I’m just not willing to give them the ability to control what goes on a device that I pay for.

    As an added bonus to this though, is that I generally don’t carry the blackberry on weekends, psychologically freeing me from the compulsion to continually check work email (read: work) during hours for which I’m not actually getting paid.

  9. Duane Toler

    “The more you tighten your grip, the more star systems will slip through your fingers”. This is the wrong response to this situation. You can’t control every behavior of every employee. You have to cut out and replace the employee’s brain every time they cross the campus threshold to be completely certain all information is safe and secure. Better yet, just don’t hire people and use robots. Of course, those can be intercepted and dissected.

    Employees will just revolt again and not connect their device and leave it detached and in their pocket. Yay for unhappy workers. Again.

  10. Michael W. Perry

    My sympathies going out to IBM employees deprived of Dropbox. It’s a service I can’t see myself without.

    The developers at Dropbox are clever. They could market a product that’d let companies such as IBM set up an in-house version of Dropbox. It’d be maintained by corporations and run on their servers under their policies, giving them the security they need. DropBox would provide the upgrades and product support. It’s be a win-win for everyone involved.

    • Michael, as an ex IBM employee, and a current Dell employee, I can’t see what an “internal” only dropbox would do that would be different from existing internal offerings. The point is to share information easily between employees, partners and customers, dropbox is great in so much as it has both free service, easy registration and a wide range of client support.

      Employees should remember that there employer is REQUIRED to keep certain legal records about what they do, say and access and this must be tracked. There are two ways you can remind them of this responsibility, one completely block and forbid accessing them, this is a pointless, finger in the dam approach; the other is to have an ongoing education program where from time to time there are these big visable reminders…

  11. Sharona Meushar

    Companies must realize that this is not a passing trend and be pro-active about accommodating employees devices. With the main concern being security, a company like Cellrox offers a multi-persona solution for BYOD where the personal and enterprise personas are separate.

  12. John Harrington, Jr.

    BYOD is by no means an undertaking that goes without adequate preparation. Each business has a different makeup of employees, using different devices for different purposes. Here’s a good starting point for those looking for guidance:

    P.S., was your ‘a aapl’ reference from Dennis the Menace? “Whatcha eatin’ there sport?”

  13. Jim Black

    Are there two flavors of BYOD going on?

    I have heard that some companies give employees a sum of money to be used towards purchasing a device that the employee “owns”. In that situation, then there might be something in the agreement that says IT can limit the functionality etc?

    If it’s a device that is owned by the employee, that they bring in and connect to the company’s network, then I doubt if the vast majority of users would be happy for IT to limit functionality, etc.

    In the pure BYOD scenario, how the device is used on the network and what type of data can be stored on the device to minimise data leakage will be huge issues for companies.

    The Ericom product looks like an interesting approach though.

  14. Why can’t manufacturers and carriers make it possible to have 2 separate accounts on one handset? I run into this issue all the time. I’m a student, employee, entrepreneur and a social person. These handhelds are amazing for entertainment but they are equally as great for work tools, until my pictures and docs get mixed up.. But I refuse to carry 2 iPhones. Give me at least 2 wireless accounts on one phone.

  15. Luis Garza

    If my employer were to pretend that he has control over *my* gear, he’d have to buy it for me…he doesn’t even have a username, much less admin password, on my laptop, nor access to my iPhone nor iPad…if he wants control, he gets to pay for the gear…company used to pay for my laptop and my phone, and back then I had no problem with them controlling it…but when I started BYODing…control moves over to my side.

    • Peter Deep

      I don’t think they care about controlling your device. They care about controlling access to their network, including all the security that’s associated with that access.

  16. David Bressler

    Your last paragraph is so glaringly obvious, I can’t believe I’ve never read it before. Brilliant articulation of exactly the point.

  17. It’s possible to address security concerns and still implement BYOD. Whats needed is to separate the Enterprise apps and data from the personal devices. This can be achieved with a solution like Ericom’s AccessNow, a pure HTML5 RDP client that enables remote users to securely connect from various devices (including iPads, iPhones, Android devices and Chromebooks) to any RDP host, including Terminal Server (RDS Session Host), physical desktops or VDI virtual desktops  and run their applications and desktops in a browser. This keeps the organization’s applications and data separate from the employee’s personal device. All thats needed is a HTML5 browser. No plug-ins or anything else required on the user device.

    • In general I’m not a fan of VDI/RDP as a solution for BYOD but I’m not naive enough to think that VDI/RDP doesn’t have a huge place in any solution today. I have to take a look at this as when you talk about SSL based solutions the ability to create RDP sessions from non-Windows devices becomes a big issue. This product looks to solve that problem.

      Thanks for the recommendation.