16/10/2012

By Richard Blanford, Managing Director, Fordway

The trend for individuals to bring their own mobile device to work (BYOD) is increasing, from CEOs with a new Macbook or iPad to teenagers with the latest smartphone.

I believe we need to find practical ways to support consumer technology at work while maintaining control of sensitive information. If you can make it fit your security model, then do it!

BYOD requires a security policy which is enforceable, realistic, acceptable to users and doesn’t violate personal privacy laws. Whoever is responsible for company IT should also encourage users to come to them for advice on using their device, so they don’t send information outside the organisation in an uncontrolled fashion.

Fordway believes BYOD is a very useful capability to offer staff but within strict security, minimising data that is transferred or held on the device.This can be done by virtualising applications and streaming them to the device, so the user can'taccess corporate applications unless the company is in control. It ensures data stays in the cloud or on the corporate network.

Policy will be able to prevent the user downloading data. If the organisation wants to allow data to be downloaded, it becomes the user’s responsibility if they lose the device, and they need to be made aware of the consequences and their responsibilities. Further security can be implemented by taking advantage of the remote wipe capability that most devices have, and ensuring that the organisation’s BYOD policy mandates implementing Mobile Device Management (MDM) capability on the BYOD device.

There are three ways of implementing a virtualised solution.

Option one is to run a hosted or virtual corporate desktop which the user can access through their device, using software such as Quest, Citrix or VMware. All the device needs is the appropriate client software or web browser. This solution is largely device independent, so will work with everything from a tablet to an Android phone. It needs appropriate back end support and processing and means that the user cannot work on corporate applications unless theyare connected to the network. It can also be set up so the user can only access the desktop from known IP addresses. It is important to ensure that the device is reasonably secure and not infected, with appropriate virus protection.

A second option, particularly for laptops, is to install client hypervisors and desktop check-in/check-out software on the device, such as MokaFive. This is a higher impact solution as the IT team needs to configure the user device and install the client hypervisor to accept the virtual desktop. It works by partitioning the hard drive into business and personal areas and can then be run locally, so is a good solution if the user needs to work offline. When the user goes online it checks back into the server (using a VMware/Citrix solution) or synchronises (using MokaFive/Quest). However it will not work with all devices as you cannot run a full corporate desktop on devices such as an iPad.

The third option is to repackage applications to be accessed through a portal (similar to iTunes). It requires either application streaming or the creation of lightweight clients which can run on a smartphone or tablet,which have just enough intelligence to run basic functions, while most of the processing is carried out by the web-based backend. This becomes more difficult if the user wants to run ‘large’ applications such as SAP or Microsoft Office.

This is where most people believe desktops are heading, with a web portal used to display available applications to the user accessible from a wide range of devices and operating systems.