Hello,

We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Business Report

IBM Faces the Perils of "Bring Your Own Device"

After letting its employees use their own phones and tablets for work, the company confronted a flood of insecure apps from the open Web.

When IBM loosened its restrictions on the smart phones and tablets its employees could use for work, the company got a lesson in IT management of the kind it usually sells to clients.

Inside job: At IBM, chief information officer Jeanette Horan asks employees to avoid using some popular Web apps.

In 2010, like many large companies in recent years, IBM adopted a “bring your own device” policy, meaning that employees who want to work outside the office don’t have to use a smart phone provided by the company. Although IBM still gives BlackBerrys to about 40,000 of its 400,000 employees, 80,000 other workers now reach internal IBM networks using other smart phones and tablets, including ones they purchased for themselves.

The trend toward employee-owned devices isn’t saving IBM any money, says Jeanette Horan, who is IBM’s chief information officer and oversees all the company’s internal use of IT. Instead, she says, it has created new challenges for her department of 5,000 people, because employees’ devices are full of software that IBM doesn’t control.

Horan says that when IBM surveyed several hundred employees using mobile devices, many were “blissfully unaware” of what popular apps could be security risks.

Since then, Horan’s team has established guidelines about which apps IBM employees can use and which they should avoid. On the list of banned apps are public file-transfer services such as Dropbox; Horan says IBM fears that using such software could allow confidential information to get loose. In the survey, other employees were found to be violating protocol by automatically forwarding their IBM e-mail to public Web mail services or using their smart phones to create open Wi-Fi hotspots, which make data vulnerable to snoops.

“We found a tremendous lack of awareness as to what constitutes a risk,” says Horan. So now, she says, “we’re trying to make people aware.”

Horan isn’t only trying to educate IBM workers about computer security. She’s also enforcing better security. Before an employee’s own device can be used to access IBM networks, the IT department configures it so that its memory can be erased remotely if it is lost or stolen. The IT crew also disables public file-transfer programs like Apple’s iCloud; instead, employees use an IBM-hosted version called MyMobileHub. IBM even turns off Siri, the voice-activated personal assistant, on employees’ iPhones. The company worries that the spoken queries, which are uploaded to Apple servers, could ultimately reveal sensitive information.

“We’re just extraordinarily conservative,” Horan says. “It’s the nature of our business.”

Horan’s division faces new complexities as it manages a growing number of devices that don’t come with as much security as BlackBerry phones. Even though the configuration of devices all happens remotely—the updates are beamed to the phones over the air—it is still cumbersome. Each employee’s device is treated differently, depending on what model it is and what the person’s job responsibilities are. Some people are only permitted to receive IBM e-mail, calendars, and contacts on their portable devices, while others can access internal IBM applications and files.

For employees in the latter category, Horan’s team equips phones with additional software, such as programs that encrypt information as it travels to and from corporate networks. The options vary even further; the IT department can match an employee with one of about 12 different “personas” that dictate what he or she is allowed to do on a mobile device, says Bill Bodin, IBM’s chief technology officer for mobility.

The kinds of challenges IBM faces are becoming increasingly common. Surveys have shown that more than half of large companies are catering to their employees’ desire to use their own smart phones, and as a result, the market for “mobile-device management” tools is booming. A January report by Forrester Research counted more than 40 companies offering such services.

Bodin expects device management to get even more complex in the coming years, but perhaps less restrictive, too. For instance, instead of making employees avoid apps like iCloud entirely, employers someday might be able to turn off just the two or three functions that worry them. Whatever happens, fewer and fewer IT departments will own their employees’ equipment. “The genie is out of the bottle,” says Bodin.

Cut off? Read unlimited articles today.

Become an Insider
Already an Insider? Log in.
More from Business Impact
Mobile Computing in Question

How technology advances are changing the economy and providing new opportunities in many industries.

Want more award-winning journalism? Subscribe and become an Insider.
  • Insider Plus {! insider.prices.plus !}* Best Value

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

    Bimonthly digital/PDF edition

    Access to the magazine PDF archive—thousands of articles going back to 1899 at your fingertips

    Special interest publications

    Discount to MIT Technology Review events

    Special discounts to select partner offerings

    Ad-free web experience

  • Insider Basic {! insider.prices.basic !}*

    {! insider.display.menuOptionsLabel !}

    Six issues of our award winning print magazine, unlimited online access plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

    Bimonthly print magazine (6 issues per year)

  • Insider Online Only {! insider.prices.online !}*

    {! insider.display.menuOptionsLabel !}

    Unlimited online access including articles and video, plus The Download with the top tech stories delivered daily to your inbox.

    See details+

    What's Included

    Unlimited 24/7 access to MIT Technology Review’s website

    The Download: our daily newsletter of what's important in technology and innovation

/3
You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.