Mobile device strategy bypassed as enterprises face tablet invasion
The tablet invasion has many enterprises rushing to accommodate end-user demand and bypassing a mobile device strategy to deal with mobile security and policies on an ad hoc basis.
Unless you live in a cave, you and your company are likely being impacted by the massive tablet invasion—be it with the iPad, Xoom, PlayBook or the many other tablet devices becoming available. Some end users obtain their own tablet device and then demand to bring it to work and use it with corporate apps. Others, especially higher-ranking executives, can demand that IT furnish them with a connected device to supplement—or in some cases replace—their laptops. But our research at J. Gold Associates indicates that most enterprises are dealing with the tablet invasion on an ad hoc basis. Indeed, few companies we have spoken to currently have a mobile device strategy in place to deal with this massive influx of non-standard, and often non-protected, tablet devices.
Companies should examine multiple issues when evaluating what to do about the growing demand and installed base of tablets. We are seeing a rapidly increasing number of companies that allow user-obtained devices—tablets and smartphones, but usually not laptops—to be brought into the organization. In fact, about 25% to 35% of enterprises currently have a "bring your own device" (BYOD) policy in place, and we expect that to grow to over 50% in the next one to two years.
As a consequence of the tablet invasion, corporate-sensitive data assets are being put under increased security risk. In fact, most tablets (and many smartphones) currently have the processing power and memory storage capability of PCs that were put out just a few years ago. Subsequently, a significant amount of sensitive corporate data—such as business email, customer databases, corporate presentations and business plans—is making its way onto these devices. And this is often taking place without oversight and/or without implementation of the inherent protection levels we have come to expect on PCs, including complex passwords and user authentication, encrypted data files and VPN connectivity.
At this point the only clear winner in the enterprise tablet space is theiPad. That said, the battle is not yet over. Both Android tablets—particularly the Moto Xoom and the Samsung Galaxy—have a shot now that the newer devices with Honeycomb are on the market, and both are adding enterprise-specific capabilities beyond base-level Android. The BlackBerry PlayBook is also getting interest from RIM shops where the advantage of having a uniform mobile device platform is attractive.
In the short term, momentum is clearly with iPad, but PlayBook—which is outselling Xoom—and the other Android tablets are nipping at iPad’s heels. In the longer term, I think the market will be more diverse, possibly making room for marginal players like Microsoft and its Windows 8 tablet.
It is quite common for users to lose their mobile devices. In fact, we know of one corporate executive who went through three iPads in six months and another who had six different iPhones within a one-year period. While these may be extreme examples, imagine the type and amount of sensitive data contained on these devices. With 32 GB to 64 GB of storage now commonplace on these devices, just how much of your sensitive data can be downloaded and lost?
The Ponemon Institute estimates that each exposed personal data record on a lost or stolen mobile device costs a company $258 to remediate. So someone losing 10,000 records will cost a company $2.58 million, not to mention any additional penalties that a regulatory agency might impose due to lack of compliance (regulated industries take note).
Based on the numbers of laptops lost each year (5% to 10%), and the number of smartphones lost each year (15% to 25%), we estimate that most organizations will see tablets go missing—either lost or stolen—at a rate of 10% to 15% each year. For example, a company with 5,000 users will lose 250 to 500 laptops per year, and once tablets are widely deployed, as many as 500 to 750 tablet devices could go missing each year. In the wake of this tablet invasion, it is imperative that companies create a tablet security strategy that protects the most valuable asset—no, not the tablet device, but the data residing on the tablet. While the device may cost several hundred dollars, the data could be worth millions.
What should a company do to accommodate user choice while protecting its data assets and preventing potentially costly and damaging losses? First, it must create a detailed mobile device strategy that addresses the various mobile device types, the individual capabilities and functions of the respective device types, the ability (or inability) to secure the devices, and the user classes that are permitted access to various devices, apps and corporate data.
This becomes the basis for an enterprise's mobile strategy that will maximize the security of corporate assets while minimizing the total cost of ownership (TCO). Indeed, while overlooked by many organizations, the actual cost of the mobile device is only 15% to 25% of the TCO, which can often reach $2,000 to $3,000 per user/per year for many smart devices. Creating a mobile device strategy should be mandatory for all organizations, especially in the wake of the tablet invasion. A mobile device strategy is not just about security, it's also about operational excellence and cost containment.
In part two of this series, read how to create a fluid mobile platform strategy to manage the growing diversity of smart devices including tablets.
About the author: Jack E. Gold is founder and principal analyst at J. Gold Associates. Gold is a leading authority on mobile, wireless and pervasive computing. He advises clients on business analysis, strategic planning, architecture, product evaluation/selection and enterprise application strategies. Before founding J. Gold Associates, Gold was a vice president of Technology Research Services with Meta Group, and also held positions in technical and marketing management at Digital Equipment Corporation and Xerox. He can be reached at [email protected].