It is hard to imagine, but the iPhone (News - Alert) was introduced in June of 2007 and the first iPad was revealed in early April of 2010. As we all know, the world has not been the same since. 

This has been the case not just in terms of the utility and the convenience smartphones and tablets afford us in our personal lives. Possibly more importantly has been the impact our preference to use our devices at and for work, the so-called bring your own device (BYOD) trend, has had in the enterprise. In short order BYOD has gone from oddity and the enemy of IT managers to indispensible workforce tool that needs to be not just accommodated by leveraged for all of the utility provided. In fact, Gartner (News - Alert) has predicted that by 2018, more than 70 percent of employees will be using their personal devices for work.   

However, therein lays the challenge. As the number show, BYOD is not a question of if or even a when. It is a here and now. Love or loath BYOD, it is a fact of organizational life. And, while increasingly deemed desirable, BYOD has literally overthrown traditional enterprise security.

IT departments must now deal with how to manage people, the devices they have, the apps they use, the content they access (including that from third-parties), and the networks on which mission-critical data is exchanged. Risks have increased exponentially as vectors of exploitation have proliferated. This has put IT departments in the unenviable position of trying to “tame the beast”—maintain control over a multi-headed hydra that poses real security threats, without destroying user desires to get what they want (business and personal) when they want, it, how they want, when and where they need it.

This challenge of maintaining control and security while giving users experiences they appreciate rather than distrust and try and circumvent when using their BYOD devices is only growing in complexity as well as urgency. Indeed, a driving factor has been the fact that most C-levels run their businesses from their personal devices, along with the accelerating trends that work is becoming more virtual and mobile. Another driving factor has been the security risks, running in both directions, when a single capability is used for business and personal needs.

It is hard enough to find the tools required to mange this brave new world if you are a small organization. But, what if you are a large multi-national with thousands of devices, from multiple vendors on disparate operating systems?

Some have suggested this is “mission impossible.” However, SAP (News - Alert), with more than 60,000 employees worldwide, is proof that such is not the case. It developed a series of best practices, and to its credit are relying heavily on its own BYOD-oriented tools and management solutions, to leverage BYOD for operational efficiency and competitive advantage. The reception by employees has been extremely favorable and the benefits to SAP have been demonstrable. 

I recently had an opportunity to discuss what SAP has done to manage it now mobile enterprise with Mike Golz, CIO of SAP Americas.

SAP Global IT Finds a Balance that Works

What Golz details is how SAP Global IT developed an entire mobile platform that enables employees to have access to work-related applications and applications from anywhere without compromising their either corporate security or employees use of their devices for personal reasons. In over 20 countries, SAP offers the option to use either a corporate-owned or personally owned device, from an approved list, for work.  This is a big population of devices. It consists of 55,000 mobile devices with roughly 18,000 iPhones, 18,000 iPads, and thousands of Android (News - Alert) and BlackBerry devices.

As Golz relates, SAP early on recognized that the iPad as game changer and it purchased 1,000 of them and put them out in the field, first as corporate ones but then allowed BYODs to be authorized for use as well.

In terms of tips on what to do if you are a large enterprise that would like to emulate SAP, he noted that first and foremost is the fact that you cannot and should not outsource security. Golz stated that, “You need a platform to protect the data and devices. We also say that BYOD does not mean bring any device or bring it anyway you would like to.” He explained how SAP made sure there was a framework in place that employees could understand as to how they could sign up to use their device, the manner in which they could sign-on, how profiles would be distributed and the policies and rules that would be employed and enforced.   

In fact, on the policies and rule front, he state that SAP has one master policy and one master consent form for the entire company that was created with input from a variety of company stakeholders, and that this is then adoptable to meet the varying privacy rules of the countries in which SAP has a presence.   

Golz advised that with the right tools, the right policies and the will to enforce them, it was not just possible but desirable to encourage BYOD usage and let the users in fact become part of the process by allowing them to express their creativity as to how to improve things. 

In answer to the question as to how it is working, Golz said off-camera that, “Our employees are becoming more productive. For example, we’ve rolled out over 50 internal apps for everyone: simple apps like vacation requests, purchase orders, and expense reporting make everyone more productive.” The result has been not just more satisfied employees but reduced support costs for SAP. “We’ve become a state of the art IT department known for saying yes”.

Active stakeholder participation is key

In discussing how and why SAP has gotten it right, it became clear that getting corporate alignment of important stakeholders like HR, sales, marketing, legal, internal communications and finance was critical with IT managing the process. This facilitates not just finding common ground but having the agility to address country- specific issues that include: regulations and privacy laws, reimbursement-package negotiation between the business and employees, tax considerations, and technical considerations including managing devices.

Rolling its Own

SAP IT relies on SAP Mobile Secure solutions to manage and secure its BYOD implementation. As TMCnet special guest Milja Gillespie, director, Mobility Product Marketing, Enterprise Mobility Management Solutions including Afaria and SAP Mobile Documents, SAP America, noted in a detailed article on SAP’s BYOD implementation, benefits have included:  

• Device enrollment is 100 percent self-service
• It takes only one minute to decommission a device if lost or stolen
• 92 percent reduction in provisioning and app-deployment cycle times
• Collaboration has increased with mobile content management solution

In fact, Gillespie’s posting is rich with lessons learned on how to successfully implement a strong BYOD regime in your enterprise, and Mike Golz’s top nine tips on best practices to help assure your implementation yields the desired results.    

The fact of the matter is that implementing a BYOD regime that satisfies the needs of IT and the end user population in a very large organization is doable. As Golz explained to be doable does not mean easy but it can be incredibly rewarding for all involved. After all this is not just about giving IT back the control and trust they desire and desire, it is also about giving workers the tools they need to do their jobs as well as peace of mind about their use of a single device to manage dynamically their multiple personal and professional personae. 

The good news is that there is a lot of great advice that is available to you if you are thinking about BYOD in your organization, regardless of size, and even if you have already started down a path but are not really satisfied with where you are and have questions about how to get to where you know you need to go. SAP has developed a BYOD Policy Guidebook. It is a valuable resource for getting insights into best practices and your questions answered.  

Finally, I hope you can join me for the webinar, The Evolution of Mobile Security (Tuesday September 10, 2013 12:00 p.m. EDT), where I will be joined by Dionisio Zumerle, principal research analyst, Gartner, Adrian Turner, CEO, Mocana (News - Alert), and Matt Carrier, senior director, Mobile Strategy & Solution Management, SAP, for an insightful look at all of the security issues facing IT as enterprises become more mobile.

Image via Shutterstock