This story was written by Keith Dawson for UBM DeusM’s community Web site Business Agility, sponsored by IBM. It is archived here for informational purposes only because the Business Agility site is no more. This material is Copyright 2012 by UBM DeusM.

BYOD: Productivity Concerns Eclipse Security

In these early days, it's not as much about security as IT has been letting on.

A study of how mobile device management is implemented finds that more apps are blocked on productivity than security grounds; Angry Birds tops the list.

IT often sells mandatory mobile device management (MDM) programs for employee-owned devices on the basis of enhanced security or regulatory compliance. Yet a recent study of what MDM features are used in the real world suggests that in practice, in these early days of BOD, productivity is a bigger concern.

Zenprise collected data in Q4 of last year on what features of its Zencloud MDM solution its corporate customers were deploying. Their study shows that twice as many devices had an application blacklist in place as a whitelist. The top three apps banned were Angry Birds, Facebook, and the Web browser. On the other side of the productivity question, the most-often whitelisted apps had to do with productivity as well: Adobe, Citrix, and Xora.

Blocking potential time-wasters such as Facebook and Angry Birds from mobile devices, sometimes ones owned by the employee, is heavy-handed -- a technological response to what is essentially a management problem, if indeed a problem exists at all. The CMO of Zenprise, Ahmed Datoo, says in the company's press release that he expects such strictures to be relaxed as the BYOD movement gathers steam.

Security concerns showed up farther down the blacklist, with Dropbox and Evernote being banned, probably over concerns about data leakage.

The security policies imposed by most companies via MDM were not particularly heavyweight. Passcode policies were deployed for only 29 percent of enrolled devices, a surprisingly low number. Another 29 percent had VPN policies in place. 14 percent of enrollments had some restriction on devices or resources such as the camera, Bluetooth, iTunes, or the Android Marketplace. Only 2 percent of the devices had deployed more sophisticated security policies, such as certificate services for two-factor authentication. The report notes that Zenprise is seeing strong growth in the deployment of newer, advanced policies in their offering such as Mobile Application Tunnels and Mobile Data Leakage Prevention.

Also of interest are the stats Zenprise collected about the prevalence of mobile operating systems. The most common device OS Zenprise saw was iOS (at 57 percent), followed by Android (33 percent) and Windows Mobile (10 percent). In Europe, iOS was 67 percent while Windows Mobile was less than 4 percent. (The overall Windows Mobile numbers were boosted by US government adoption of current Symbian-based devices; the numbers should rise when new Nokia Windows Mobile devices become available.)

The overall impression from the Zenprise study reinforces the newness of the BYOD phenomenon and corporations' response to it. As BYOD becomes more common and widespread, and companies embrace the gains in productivity and agility that an empowered mobile workforce has to offer, policies will shift more toward important matters of security and compliance, and away from mindless control.