How to reassert control in era of bring your own application

The growth of bring your own applications means IT has to find new ways to reassert control over software introduced into the workplace.

This Content Component encountered an error

A power shift that's sweeping through IT today may be more transformative than anything that has come before it.

Consumerization is changing how employees work and businesses operate. Thanks to the rise of mobility and the cloud, users have instant access to a wealth of tools and services that have the potential to help them function more efficiently and effectively. Employees can download and use new applications that streamline communications, improve collaboration, and support greater productivity and workplace success.

It's no secret that the bring your own device (BYOD) strategies that have evolved from consumerization -- and its offshoots -- have impacted IT. Market research firm IDC, for example, reported that the wireless LAN market grew more than 10% in the first quarter of this year. Much of this growth is fueled by businesses pumping up the power of their wireless networks to support the broader use of mobile devices. At the same time, businesses have had to corral unmanaged smartphones stuffed with whatever applications users -- typically without consulting IT -- have chosen to download.

Risk management is the key underpinning

Yet, as tantalizing as the benefits of a BYOD environment sound in theory, the flip side could be a nightmare for IT. Just as consumerization puts the power of self-service and choice into the hands of the user, in combination with bring your own application (BYOA), it removes an important level of control from the central IT department, which in the past had the ability to bless or condemn the use of any application.

While IT reported an average of 2.8 unauthorized user-downloaded applications running in their businesses, the reality was much different. In fact, 28 such applications were introduced into the organization.

Do applications that users have downloaded without IT's explicit approval have inherent security flaws that could open the door to security breaches and destabilize the operating environment? Are these applications bandwidth hogs that could imperil performance for all users and actually increase costs? And how will IT know exactly what to expect when in too many cases department staffers don't know which applications users have downloaded?

Most organizations admit there are at least some applications running in their environments that users have downloaded but that aren't explicitly managed by IT. While many of these applications may actually be quite helpful in increasing employee effectiveness, the lack of clarity around what is running in the environment is troubling and opens the door to myriad technical problems with respect to the security and stability of the environment. The use of these unendorsed applications also introduces questions about their potential to distract users from the tasks at hand rather than inspire them to productivity.

There is ample evidence that IT is in the dark about much of the activity happening in environments where bring your own application reigns. A recent study of businesses conducted by Edge Strategies and sponsored by remote IT management firm LogMeIn Inc. revealed that IT significantly underestimated the impact stemming from unmanaged and unsanctioned applications running in the enterprise.

Indeed, the results were eye-opening: While IT reported an average of 2.8 unauthorized user-downloaded applications running in their businesses, the reality was much different. In fact, 28 such applications were introduced into the organization, LogMeln said.

Concrete policies can help enterprises oversee downloads

The good news is that there is a variety of discovery and management tools available to help IT get a handle on which applications are running in the business so it can get a better handle on its operating environment. These tools are key, but equally crucial is having a policy in place -- one that's clearly and frequently communicated to employees and other users -- that defines what constitutes an acceptable application. This simple step alone can help avoid a lot of issues.

In addition to having a well-designed policy in place and the means to accurately discover all the applications running in the enterprise, IT needs tools that control application use and handle license management effectively. A number of vendors offer products to help IT identify which applications are running in their environment and kick-start the process of managing the applications users have downloaded, as well as corporately mandated software, in a consolidated fashion.

These applications often work with Active Directory to sync existing policies and user profiles with actual activity. Syncing performs two important functions. First, it helps IT successfully execute policies by making it possible to manage user access to corporate resources. Second, it simplifies the arduous task of license management in a Wild West era of fast downloads.

Ultimately, what IT needs is a clear policy that identifies the applications deemed critical for business success. It's only after policies are determined that an enterprise can leverage all of its varied resources to reach its overarching corporate goals.

Next Steps

Managing the flow of BYOA

Forces align to exploit BYOA

Understanding BYOA lifecycle management

This was first published in September 2014

Dig deeper on WLAN Security

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Related Discussions

Amy Larsen DeCarlo asks:

What are the challenges in establishing a BYOA policy?

1  Response So Far

Join the Discussion

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close