I’ll be honest the bring your own device movement annoys the hell out of me as an IT administrator. I think this is mostly because the movement starts from higher up, usually when an executive discovers how wonderful it is to read personal email on his iPad and then wants the same thing for work. Queue a rushed, short term project that involves putting in all manner of hacks, poorly documented systems and as of yet unvetted devices being introduced into the network. I guess if you read inbetween the lines on that one I don’t really have a problem with the BYOD movement per se, just the way it’s weaselled its way into the environments I’ve been responsible for.
That being said I’m not one to stand in the way of inevitable change and every day it’s looking more and more like the BYOD movement is something that I’d rather embrace than struggle against. It’s still a nascent movement, with all the associated problems, but thankfully we have many companies that are taking notice of this movement and ensuring that these devices can be integrated seamlessly into corporate environments. The next version of Windows has some provisions in it for supporting BYOD but there’s an interesting delineation between those devices and your traditional corporate computing device.
Windows 8 brings with it a new control panel option that allows users to connect to the corporate network using their email address and a password. Once they’re authenticated their device then downloads a series of approved apps from the corporate network like the one shown in the picture above. You can also provide access to applications in the Microsoft Marketplace through an on-site cache. What’s missing here however is any control over the end device; you can’t enforce things like a password policy or on-device encryption should you use this method. Additionally Windows 8 devices on the ARM architecture are not able to be members of an Active Directory domain, a critical feature for most large enterprises.
What this means is that Microsoft, whilst embracing the BYOD movement with one hand, is drawing a clear line in the sand between where traditional corporate computing resources lie and what untrusted and unvetted have access to. It may seem like an odd line to draw as you’re basically relegating BYOD users to be second class citizens on your network but in reality granting users the ability to control the platform means you can’t trust it in the same way you trust something that’s under your control. This is probably the most happy compromise that Microsoft could come up with and to be honest it’s actually not that bad.
This kind of interoperability between unknown Windows 8 devices and trusted networks provides a lot of opportunities for innovation in the corporate app space. The applications delivered with the initial app package can be highly tailored towards a streamlined user experience, one that could be unique to the user’s requirements. Take for example the HR app, you could have different versions for HR staff, management and end users all available through the access portal. Reworking the interface to be friendly to these (most likely) touch centric devices would go a long way to improving the current state of corporate applications which most users loathe to use.
Microsoft had to draw the line somewhere and realistically I’m surprised at the level of functionality that they’re granting BYOD users. The traditional approach has been to provide a secure container on top of the device and then enabling full access to the corporate environment. Whilst this works in theory Windows 8, especially on ARM devices, was designed with a different user interface paradigm in mind, one that centers around user experience rather than iterating on the current desktop. Corporations will have to embrace this if they want to take BYOD seriously and I believe that those who don’t will have their (rather irate) users to contend with.