by Pat Brans
It’s been about two decades since the bring-your-own-device movement burst into enterprises, placing new demands on networking infrastructure and security.
A bring-your-own-device (BYOD) strategy enables workers to bring personal devices—smartphones, tablets and so on—to the office and connect to corporate networks. As a result, they can use personal devices in work environments seamlessly, which has been a boon for mobility in the workplace, enabling new forms of productivity, even when workers are on the go.
Nevertheless, one issue continues to catch IT departments by surprise—and it has nothing to do with mobile device security. Many IT professionals still find themselves stymied by BYOD’s impact on network and other infrastructure costs—and on the network in particular.
According to recent research by Forrester, BYOD’s impact on network infrastructure is substantial: It doubles the network infrastructure cost per employee—and it nearly quadruples the mobile device management (MDM) costs. “All too often, when IT directors weigh the benefits against the costs of BYOD, they fail to factor in upgrades to network infrastructure,” said Forrester analyst Andrew Hewitt.
After learning the hard way about the impact of BYOD on network capacity, some IT directors compare the challenges of BYOD to those in running a large Internet of Things (IoT) application: There are myriad devices, and every device communicates constantly. More devices and connections spell greater complexity.
“A lot of companies use BYOD to expand their mobility strategies,” Hewitt said. “So a lot of populations who didn’t previously use a mobile device on the company network begin to do so with BYOD. In some cases, bring your own device means putting everything on one device. But more often we see an expansion of devices with BYOD. Also, you get partners and contractors coming in to access the network.” These third parties further strain the network.
Three steps to managing the impact of BYOD on infrastructure
To minimize network disruption, proactive IT managers rely on three pillars to support their BYOD strategies: policy, tools, and monitoring.
1. Establish a clear policy and communicate it widely and often. A well-written policy addresses acceptable use, acceptable device types, internet access, and quality of service. Successful policies are sensible and they are communicated in ways that all users understand.
Few IT departments have sanctioned a pure BYOD strategy, which allows any device on the network. To limit the number of device types allowed on a corporate network, most organizations choose one of two approaches: choose your own device (CYOD) or corporate owned, personally enabled (COPE).
Under a CYOD policy, the enterprise provides a whitelist of acceptable devices, usually iPhones and a subset of Android devices. With a COPE policy, the enterprise provides its employees with devices that enable personal use, with personal data and applications compartmentalized from work data and applications.
When it comes to Internet access, policy should stimulate productivity rather than stand in its way. “There’s a level of trust that enterprises need to have,” Hewitt said. “Restricting network access is probably the No. 1 productivity inhibiter that we hear of—and one of the things people think of as quite annoying and negative. Most companies seem to be aware of this; I haven’t seen many companies strictly enforcing that type of control.”
2. Deploy the right tools to enforce company BYOD policy. Several tools and techniques can help manage bandwidth, including web caching, web access controls, port and application blocking, antivirus tools, and spam filters. Network access control (NAC) can be used to allow or disallow access to users and devices. Policy-enabled gateways and controllers can provide granular access-control mechanisms. These appliances can manage access and priority based on the category of user, location, data and time, and the end point with which users are communicating.
Network administrators should consider different quality-of-service requirements. They should identify mission-critical applications and use a controller or a gateway to prioritize traffic from these applications—and to deprioritize bandwidth-hungry entertainment applications, such as Spotify and YouTube.
The presence of remote users is also significant. “The amount of extra network infrastructure needed to support BYOD depends on the structure of the company and where people are connecting,” Hewitt said. “If it’s mostly people connecting their own devices at corporate headquarters, the network infrastructure required is less consequential. But if it’s a lot of people connecting in far-flung and disparate field offices, the network infrastructure is more complicated and more expensive. You need extra VPN software and extra proxies.”
Some organizations have gone so far as to set up a separate Wi-Fi network for employees to use for personal matters. This separation of personal and work-related access often winds up being a source of frustration rather than a productivity improvement; the same device has to connect to two different routers simultaneously.
3. Monitor the use of resources to refine your policy. The third pillar of any good BYOD program is monitoring usage. You need monitoring and reporting tools to identify who is connecting, when they are connecting, how long they are connecting, how much bandwidth they use, and which applications they use and why. Monitoring not only helps ensure adherence to policy but also provides information to help refine your policy.
“Monitoring usually reveals pretty stable usage patterns for business apps,” Hewitt said. “Whereas for personal browsing, you see peaks at the beginning of the day and at lunchtime.” If spikes in network demand plague your daily work, this kind of information can allow you to solve the problem by either updating policy to restrict personal usage at certain times of the day or by increasing capacity.
When developing a BYOD strategy, most enterprises think first about device costs and then about security threats. Only a few think about how they will minimize BYOD’s impact on network infrastructure. By focusing on policy, tools, and monitoring, organizations can control BYOD’s impact on network capacity, reining in the risk of additional infrastructure costs.