Illustration: FT Graphic

because studies suggest it improvesproductivity and helps attract andretain a new generation of so-called“digital natives” as employees. Under-standably perhaps, many of the com-panies in the vanguard of the BYODmovement are technology companiesthemselves.

Some encourage employees to bringto work personal devices and connectthem to corporate IT resources includ-ing the main computer network.

Others, such as Germany’s SAP, theenterprise software market leader,have increased their purchases ofdevices, including iPads and iPhonesinitially targeted at the consumermarket, for employee use.

“The consumerisation of IT is a cor-porate reality,” says OliverBussmann, SAP’s chief informationofficer. Under Mr Bussmann’sguidance, SAP has emerged as one of

Continued on Page 2

services the employee must adopt.“BYOD can’t just mean bring any

device on your own terms,” says MrGeake. “While there are many advan-tage to companies incentivisingemployees to use their own devices,there must be a clearly defined policyin place – for example, restrictions oncertain apps and tools they can use onthe device. It may also mean employ-ees agreeing to give the corporate ITdepartment the ability to manage thedevice remotely, and potentially evenenable ‘remote wipe’ should thedevice be lost while containing valua-ble corporate data.”

The evidence from a broad swath ofcompanies that have already launchedformal BYOD programmes suggeststhe type of policies advocated by MrGeake are indeed being adopted. Mostcompanies embracing BYOD or CYODsay they are doing it not because itsaves money – often it does not – but

determine where policy limits shouldbe set for different user groups.

Just as a corporate car allowancepolicy sets limits on the type of vehi-cles staff can use and requires themto purchase appropriate insurance, MrGeake notes that to be effective aBYOD policy must identify anyrequirements or limitations in deviceuse and set out the split of responsi-bilities between employer andemployee.

For example, although the employeewill provide the device, the employermay need to provide security

added risk in terms of security, pri-vacy, and compliance. “For [corpo-rate] IT, it’s about striking a balancebetween user expectations and [com-pany] requirements,” says Microsoft.

These issues have come to the foreparticularly in companies that haveembraced the BYOD (bring your owndevice) and CYOD (choose your owndevice) trends and allow or activelyencourage employees to bring to workthe devices they use at home – includ-ing smartphones, tablets and light-weight laptops.

Vincent Geake, director of securemobility at BAE Systems Detica,argues that BYOD’s success or failurehinges on a company’s ability todevelop a policy and implement meas-ures properly in advance. The intro-duction of these devices is disruptingestablished security practices andservices, and organisations must startwith a proper risk assessment to

Consumers today have morechoice than ever beforeabout the technology thatthey use – from powerfulsmartphones and ultrabooks

– lightweight, slim computers – to thesocial networks they use to stay intouch with each other, and the cloud-based services on which they increas-ingly rely.

As this technology spills over intotheir professional lives, the linebetween the personal and the profes-sional, the consumer and enterprise,is blurring. Welcome to a process thatis reshaping business computingthrough a process dubbed the con-sumerisation of corporate IT.

“People want to use the same tech-nology at work as they use at home,”says Microsoft, the US software com-pany. But while consumer technologyoffers some important potential bene-fits for the business it also represents

Hybrid handsetsare on the wayThe future is inconvertible unitsfor office and homePage 2

Inside »

Too late to daminformation riverIt is time to acceptthe mix of careerand social usePage 2

Rules for bringyour ownGood ideasneed carefulmanagementPage 3

Pay attentionto social mediaTwo-way dialogueis vital in the ageof FacebookPage 4

Video conferenceto video chatConsumer-focusedequipment isleading the wayPage 4

FT SPECIAL REPORT

The Connected BusinessWednesday 26 September 2012 www.ft.com/connectedbusiness | twitter.com/ftreports

‘People want to use thesame technology at workas they use at home’

Lines blur inera of thedigital native

More companies allow staff to use personaldevices for their work, but they need to haveproper policies in place, reports Paul Taylor

There are cautionary talesfor both employers andemployees when it comes tothe practice of bringingyour own personal device(BYOD) to work.

Take the example of theman who forgot he hadsigned a waiver monthsearlier with his company,allowing it to wipe hispersonal phone of data if heleft the company.

On his last day, the phonewas wiped clean at 5pm ashe left the office. At 5.01pm,he called in to complainthat vital personal datawere missing – photos andtexts he needed for a childcustody battle – only to betold there was no way ofrecovering this. Then therewas the investment bankerwho left his iPhone 4S on atable, allowing someone topick it up and use voicecapabilities on the device todictate an email to make anillicit transaction.

Alan Dabbiere, chairmanof AirWatch, a provider ofmobile device, content andapplications managementservices for businesses,cites both cases as exam-ples of the way in whichconcerns about managingand securing mobile deviceshave escalated well beyondthe requirement to ensurethat corporate email ismade safe with a standardBlackBerry EnterpriseServer (BES). He says:“[BES] was the gold stand-ard in the same way as alockbox in a bank, but inmodern mobile, the task islike trying to secure theOlympics – the BlackBerrymodel has fallen apart andit’s become about securingmuch richer applicationsand wider-use cases.”

AirWatch says it hasgrown from 100 employeesto 750 in the past 18months. The company hasalso been acquiring 500customers a month as thescale of the problem dawnson companies. Mr Dabbierealso quotes research fromMicrosoft’s Trustworthy

Computing Campaign,which says 67 per cent ofemployees use a personaldevice for work whether itis authorised to or not.

Geoff Glave, senior prod-uct manager for endpointsecurity with AbsoluteSoftware, says companieshave to create a policy onusers bringing their owndevices to work, analyse therisks and decide whetherand how to restrict theiruse in the workplace.

“So we have customerswhere the only requirementis you must have up-to-dateanti-malware software onyour device, to the otherend of the spectrum whereyou have customers whoare saying you can bring inyour iPhone but you’ve gotto turn off YouTube and thecamera, using our soft-ware,” he says.

Such third-party softwareis needed when users areshunning corporate-friendlydevices from companiessuch as Lenovo or ResearchIn Motion in favour ofApple’s products.

“There is no means on aniOS [Apple’s operating soft-ware] device to block a userfrom using iTunes andputting what they want onit because Apple’s mantra isthe user is the owner of thedevice, not the corporate ITdepartment, and it’s inApple’s interest to keep eve-ryone within that iTunesworld,” says Mr Glave.

James Alexander, a part-ner in Deloitte’s securityand resilience practice, saysBYOD has put IT depart-ments on the back foot, asit is normally they thatare setting company policyand issuing devices them-selves. “Early adopters oftablets and smartphonestend to be the executivemanagement team, so ITdepartments are having torespond very rapidly.”

Virus attacks and hackersstealing data are stillamong the top concerns,according to Pat Calhoun,

head of network securityfor McAfee, the antivirussoftware and solutions com-pany owned by Intel.

“Hackers are really lever-aging personal devices toget access to informationwithin the enterprise; thisis the weak link in thechain,” he says.

“Sometimes they’ve iden-tified the person within anorganisation that they actu-ally want to go after to getwhat they want, and they

can send a highly targetedpersonal email where anattachment can be openedand create a vulnerability.”

Jason Hart, vice-presidentof Cloud Solutions at dataprotection companySafeNet, says the informa-tion that people provideabout themselves on socialnetworks, and the availabil-ity of such networks onmobile devices, make thehacker’s job easier.

“People are always con-nected to social media viatheir device, so the attackvector is broader and wider.It makes getting an individ-ual’s username and pass-word such an easy target.”

A quarterly McAfeeThreats Report publishedthis month said a mobilemalware explosion recordedin the first quarter showedno signs of slowing down inthe second. Virtually allnew mobile malwaredetected was aimed at theAndroid platform, oftensent through text messages.

“My description ofAndroid is ‘insecure with amultiple-personality disor-der,’ ” says Eric Maiwald,infrastructure security ana-lyst with Gartner, theresearch firm. He refers tothe multiple versions of theoperating system onemployees’ own phones andthe viruses and data-gather-ing trojans spread by appsand other entry methods.

“As a result, most enter-prises are saying they willnot support Android.”

Suppliers of desktop PCsto the corporate market areresponding to the consum-erisation of IT with touch-screen all-in-one PCs, lightultrabook laptops andappealing tablets or hy-brid convertible machines,which will feature the newWindows 8 touch-optimisedoperating system. But MrMaiwald says these devicesare unlikely to reverse thetrend: “Consumers have gota taste for their own choiceof device, and they’re notgoing to give it up.”

The flipside could be anunexpected benefit to busi-ness in reducing costs.“Enterprises have started tosee that, because of thistrend, they don’t have tomanage and maintain allthese devices, and maybewon’t have to refresh alltheir corporate machinesevery three to five years,”Mr Maiwald says.

Increase in handsets raises risksSecurity

The use of personalitems has put ITdepartments on theback foot, reportsChris Nuttall

Alan Dabbiere: ‘Task is like trying to secure the Olympics’

67%Number of staff using apersonal device for work,authorised or not, accordingto Microsoft research

2 ★ FINANCIAL TIMES WEDNESDAY SEPTEMBER 26 2012

the largest buyers of iPads,deploying 18,000 in the com-pany.

It has also provided staffwith 8,000 iPhones and isnow preparing to give outAndroid devices includingSamsung’s Galaxy Note andGalaxy SIII smartphones.

In addition SAP supports10 different CYOD devicesand enables employees tochoose from 50 mobile appsfrom its corporate applica-tion store.

Similarly, Kim Stevenson,Intel’s chief informationofficer, has helped ensurethat the semiconductormaker has embraced BYOD.

“We had provided some

Continued from Page 1 segment of our populationwith cellphones for manyyears, probably since cell-phones were invented,” shesays. “But it never wassomething that was availa-ble to the entire population,very consistent with howother big companies work.As the world changed, ouremployees all have cell-phones as part of their dailylife.”

Next she says, employeeswanted to use their hand-sets not just for voice calls,but to receive data. “Theywanted to get their email,contacts and calendar ontheir device, because evenour office dwellers don’treally sit in our offices. We

go to conference rooms, wego to the cafeteria – we’remobile in the workplace.

“So, we had this push andthen came the richness ofconsumer applications,” sheexplains. Instead of a casual“I’d like to have this if yougot around to it” request tothe IT department, Ms Ste-venson says employeesbegan saying: “I must havethis because I’ve got theserich applications that actu-ally make my work life eas-ier and more productive.”

Intel calculates employeesusing their own devicessave up to 50 minutes a dayand productivity gains willbe worth $177m this year.

To minimise the possibil-

ity of data loss and otherrisks associated withBYOD, Intel asks pro-gramme participants to signan end user agreement thatrequires them to protectcompany data stored on thedevice, report it if it is lostand agree that Intel canremotely wipe the device.

Social media servicessuch as Facebook and Twit-ter have already changedthe lives of consumers,helping them connect witheach other in new ways.Now a shift is under way incompanies as leaders lookto generate real valuethrough the use of socialtechnologies to evolve theiroperations.

As companies begin toadopt versions of socialmedia collaboration andcommunication tools fortheir own use, companysoftware suppliers haveresponded with a series ofkey strategic acquisitionsdesigned to ensure they canmeet customers’ needs.

Microsoft’s recent pur-chases of Skype and Yam-mer, the cloud-based socialmedia service provider, andIBM’s purchase last monthof Kenexa, the recruitmentspecialist, are examples.They reflect an acknowledg-ment among enterprise soft-ware suppliers that theyneed to position themselvesfor this emerging market.

Similarly, employees havebecome familiar with con-sumer-based cloud servicessuch as webmail, storageand streaming music, andare now demanding accessto similar services on theircomputers at work andwhen they are on the road.

Hugh Thompson, a secu-rity expert, says: “As anindustry, our first reactionwas to block unsanctionedconsumerisation.

“We need to rethink ourattitude and look at theshift towards consumerisa-tion as an opportunity todefend these applicationsand devices instead ofmaintaining the illusion ofexclusion.”

The Connected Business

However much we maylove electronic devices, whowants to carry several atonce? “Some organisationshave staff carrying fourmachines,” says CraigParker, head of productmarketing for Fujitsu’sTechnology ProductsGroup. “Personal and busi-ness smartphones, a per-sonal tablet and a businesslaptop.”

While personal smart-phones and tablets are con-venient, people often needbusiness PCs to access cor-porate applications anddata. Now manufacturersare beginning to develophybrids that aim to com-bine the convenience of per-sonal devices with the func-tionality of corporate PCs.

These hybrids have a“Jekyll and Hyde” personathat lets them transformfrom ultra-portable tabletsto a machine that can beused in a different way inthe workplace, says MrParker. “These singledevices, which can beadapted for different situa-tions, appeal to enterprise[corporate] customersbecause they get the best ofboth worlds.”

Fujitsu’s lightweight Sty-listic tablets, for example,come with a range of acces-sories including mouse,keyboard and Bluetoothwireless communicationstechnology to connect to ascreen or projector. Theyalso have a detachable penthat can be used, for exam-ple, to let the person con-firm a delivery or a salescontract with an electronicsignature.

Hardware convertibilityis matched with softwarethat gives people contacts, acalendar, email, apps and awindow on to the corporatenetwork for work-relateddata and applications. Secu-rity is built into the soft-

ware and hardware, andincludes a fingerprint scan-ner. If an employee leaves,company data can beremotely and securelyremoved from the devicewithout touching personalapps and data.

Viruses can also beremotely killed, and if tab-lets are lost or stolen whenemployees are working onimportant documents, theIT department can connectand retrieve them beforewiping the device.

“The hybrid approachcreates a single device thatcan be used in a dualpersonal and business role,so organisations can havetheir cake and eat it,” saysMr Parker. “That is a bighook for the [corporate]market. People get some-thing that is lightweightand small from a physicaland software side, butwhich lets them accesswhat they need and doesn’trequire them to carryaround a lot of unnecessaryinformation when they areon the move.”

People will even be ableto leave battery chargers

and their cables at homethanks to technology thatIntel, the chipmaker, isdeveloping, which lets adevice draw power wire-lessly from another placedalongside it.

Global Positioning Sys-tem technology is alsobeing exploited by manufac-turers to make devicesmore enterprise friendly.On Fujitsu’s Stylistic table,for example, an applicationor file can be set to onlyfunction within a geograph-ical region, time or on aparticular network.

Someone might only beable to access “super secretinternal data and applica-tions” when they are atwork or during office hours;as soon as they leave, or are

in the wrong place, theapplication will not func-tion.

Using GPS, an investmentbank might ensure corpo-rate treasurer clients arelocated with their phonessomewhere they areexpected to be to authorisea large funds transfer, saysTed Bissell, mobile businessexpert at PA Consulting.

Access can even berestricted within a building,depending on whether theemployee is in specificareas such as research anddevelopment, manufactur-ing, storage or administra-tion.

Engineers working in thefield can be equipped withan application thatreads the tab-let compu-ter’s cur-rent loca-tion todeliver just thedetailed installa-tion drawings rele-vant for a particularvalve repair as well asverifying its exact locationon a geographical informa-tion system.

Near-field communica-tions (NFC), the technologyused for contactless travelcards and mobile payments,also has corporate applica-tions, says Mr Bissell. Itcould turn tablets andsmartphones into electronickeys to get people inand out of buildings, oractivate control consoles onequipment they are allowedto operate.

NFC is proving popular asit enables people toexchange business cards

electronically by tappingtwo mobile phonestogether, says Tim

Hodkinson, Research InMotion’s director of enter-prise marketing. WithBlackBerrys, it is as easy as

shaking hands, he says,though industry

s t a n d a r d shave notevolved to

the point whereit works easily for

all phones.RIM is also encourag-

ing companies to use socialnetworking technology toimprove staff collaboration.“With BlackBerry Messen-

ger, people can share ideasand information within acontrolled network of col-leagues on the move,” saysMr Hodkinson.

This can speed up proc-esses such as those ofrecruitment and retentionin human resources depart-ments, for example, by ena-bling managers to sendquick responses at impor-tant stages rather than hav-ing to use classic corporateresource planning applica-tions, he says.

The irony, says SimonRobinson, an expert at PTSConsulting, is that whilemanufacturers are trying torespond to businessdemands by making mobiledevices more business-friendly, small “smart”devices developed specifi-cally for the enterprise mar-ket, such as the Cisco Cius,have failed.

He says: “This happenedbecause they were not ‘con-sumer-friendly’ enough,although they wereattempting to enter a mar-ket already dominated byiPads, Samsung Galaxiesand iPhones.”

Producers try to bring consumer feel to corporate wares

‘Organisations canhave their cakeand eat it, that is abig hook for thecorporate market’

Lines blur in era of the digital native

Manufacturers

Hybrids with a Jekylland Hyde personafor office and privateuse are on the way,writes Jane Bird

New breed: theFujitsu Stylistic Q550

dictate what devices peoplehad. Now it is much lessfortress IT.”

Saying “yes” has broughtin a huge added set of diffi-culties in terms of security,however. “The moreconnected you are, themore risk you have,” saysMr Wright. “How do youmarry the need for peopleto have an iPhone or iPadwith the need for regulatorsto be able to monitor every-thing that employees aredoing on their corporatesupplied devices?”

Richard Absalom, analystat Ovum, a technology con-sultancy, says: “If companydata are lost it is the com-pany’s responsibility, what-ever device they are lost on.But in protecting the datayou can’t breach theemployees’ privacy rights.”

He says CIOs now have adifficult balance betweendata protection rules andemployment law, with theline between personal andcorporate computer usebecoming increasingly diffi-cult to identify.

It has led to companiesalmost panic-buying waysthat allow them to remotelylock down and wipeemployees’ mobile devices.According to Mr Absalom,

companies such as GoodTechnology, AirWatch andZenprise can barely keep upwith demand for the corpo-rate mobile managementsystems. “The role of the ITdepartment now is really torisk manage,” he says.

The strong securityrequirements aside, the CIOrole is becoming less techni-cal. According to Gartner,about 25 per cent of chiefinformation officers nowcome from a non-technicalbackground.

And as tacticians ratherthan technicians, they arehaving a louder say in theboardroom, and increasingthe status of the job. Onlyabout 4 per cent of chiefexecutives were formerlychief information officers,according to a survey lastyear by Vanson Bourne, theresearch company, but thisis slowly changing. Compa-nies such as AmericanExpress and Starbucks havehired Silicon Valley entre-preneurial types and putthem in charge of highlystrategic parts of their busi-nesses, where they are con-ceivably in line for the suc-cession.

“We do see the CIO rolebecoming more of a leader-ship role and part of thefast-track for top-levelexecutives, says Mr Aron.

“It used to be that anexecutive who was beinggroomed for the top wouldhave a posting in marketingand a posting in Asia on hisway. Now it might alsoinclude being CIO.”

Running a company’s com-puter department used tobe about buying a bunch ofservers, putting thembehind a firewall andmaking sure the budget wasnot overspent.

In 2002, the number oneconcern, revealed in anannual survey of chiefinformation officers fromaround the world byGartner, the technologyresearch company, was howto keep the costs of hard-ware down.

Ten years on a lot haschanged. For example, it isno longer necessary to havemuch hardware at all torun a business.

Cloud computing enablescorporate software to behosted on a remote datacentre run by anothercompany. About 37 per centof companies are usingcloud computing, accordingto a survey of US, Europeanand Asian companies lastyear by Advanced MicroDevices, the US chipmaker.

In addition, employeesare bringing their ownhardware into the office inthe form of tablets andsmartphones.

The question of whether achief information officer –in the traditional sense – isneeded any more also keepscropping up from time totime.

“Consumerisation andcloud computing will poten-tially slim down the CIOrole,” says David Aron,analyst at Gartner. “But thedigitisation of the world,and development of theinternet, for example, willcreate opportunities. Whatconsumerisation takesaway, digitisation givesback,” he says.

Mike Wright, head oftechnology at Man Group,the alternative asset man-agement company, says:“The job is fragmenting.There is still the day-to-day,business as usual of keep-ing the company running,but that’s a smaller part –maybe 5 per cent of thejob.”

Instead, CIOs are havingto evolve into businessstrategists who can advisecompanies on how they canbest harness all the newways of reaching custom-ers. These range fromsmartphone applications toensuring that all the com-pany’s systems are benefit-ing from real-time data ana-lytics, the capacity to useall available corporate dataand resources when needed.

“There is more activity inbeing an agent of change,helping deliver programmesthat change the currentbusiness model,” says MrWright. “My job is to getthe computer to say ‘yes’.”

“Before, the IT directorswould secure their bounda-ries with firewalls, and

Hard balancingact for CIOsChallenges ahead

Maija Palmer findsrisk managementand saying ‘yes’ arevital requirementsfor the role today

‘If data are lost itis the company’sresponsibility,whatever devicethey are lost on’

The debate around consumeri-sation and bring your owndevice (BYOD) breaks downinto a series of opposites,such as agility versus control

or security versus flexibility.It is a controversy of the sort that

the IT industry loves to use to drama-tise its products. However, if softwarecompanies are true to their word,these dilemmas should not preventany business from letting employeesmake the most of powerful personaldevices.

Lisa Hammond believes that theline between personal and businessuse of devices is now so hopelesslyblurred as to be a distraction. MsHammond is the chief executive ofCentrix, a UK software house that hasbeen wrestling with the challenge ofhow to create a flexible digital work-space.

Fresh from a US conference address-ing mobile technology she is passion-ate about this question. “There were2,000 senior people in San Diego, allfacing the same problem,” she says.“They were talking about separatingsocial and work use of technology.But it is almost impossible to do this.You cannot stop people sharing infor-mation.”

Ms Hammond sees digital informa-tion as “a river with thousands oftributaries”. This means that trying todisentangle the different ways anemployee might access data are point-less. The trick, she argues, is to createa space where work takes place underagreed rules.

Centrix sells software that consti-tutes a safe environment that letsindividuals log in via an encryptedconnection. They can then accesswhatever applications their workrequires.

The objective, Ms Hammond says,“is to bring everything on to a singlepane of glass for the end-user”.

Centrix aims to create a zone thatkeeps working practices secure whilefreeing staff to employ whatever pieceof equipment suits them.

This approach recognises that peo-ple are increasingly prone to keeptheir digital content in different loca-tions and mix the mobile and office-based domains. Ms Hammonddescribes her company’s product, Cen-trix Workspace, as a secure shell thatstaff can resort to without a sense ofhard barriers.

The Centrix philosophy is torecognise the reality of how peopledip in and out of mobile devices, cloudenvironments and a social media

milieu that mixes work and personalcontacts.

But how can they be preventedfrom removing sensitive work mate-rial from the secure shell of Centrix?The software meters individual usage,flagging up an alarm if someone sud-denly uploads a huge file to anexternal destination such as Dropbox.

The metering and analysis functionis vital, says Ms Hammond, and badbehaviour by one user can rapidlybecome evident.

Each client for Centrix Workspacecan set their own thresholds for

access to – and for extraction of –data.

Extremely sensitive information canbe restricted to a core of appropriatestaff or special conditions of access.This brings the whole area of com-pany policy into focus.

“Accept that you can’t control peo-ple’s own devices.” says MsHammond, “and accept that there hasto be a level of trust here as well.You’ve got to trust employees not toabuse their access and, if they doabuse it, then metering highlights thefailing. You cannot lock people out of

Wrestling withchange: ‘Youcannot stoppeople sharinginformation,’ saysLisa Hammond,CEO of softwarehouse Centrix

Too late to dam river of informationAccess Michael Dempsey says executives need to stop trying to separate workers’ social and career lives

information just because they are ona personal device. End-users will finda way around restrictions unless youhave a sensible policy that creates aworkspace they can get to.”

At Damovo, a UK-based technologygroup that unifies information feedsand telecoms products, there is agree-ment that the argument has movedon.

“Two or three years ago, corporateswanted control of devices they werelooking for a blunt instrument,” saysGlyn Owen, the company’s portfoliomanager.

But it became evident that exces-sive interference and control createdan unwelcoming environment thatdeterred employees from carrying outwork on the road. The fact is that acontrol-driven mobile device policycompletely undermines any productiv-ity gains from staff owning smart-phones and tablet PCs.

Mr Owen says the new approach ismuch more subtle. “Companies wantto control part, not all, of the deviceusage.” He cites a common policywhereby if a mobile device is reportedstolen the company retains the rightto remotely delete only the segmentedcorporate information on that device.This approach fits the client into themobile device management (MDM)arena where tight integration ofmultiple devices is the objective.

Damovo does not restrict itself toMDM operations and has relation-ships with diverse suppliers. It caninstall a Cisco programme known asIdentity Services Engine (ISE). Thisworks from the centre outwards, spot-ting where a user is and what deviceis being used and then allowingaccess that conforms to a policy basedon the status (such as frequency ofantivirus updates) of that device.

Above all, effective device manage-ment starts with accepting reality.“This mass use of mobile devices ishappening so you cannot ignore it,”says Mr Owen. “Employees will beusing their devices either with orwithout the company’s knowledge.”

He warns every business to preparea security policy with provisions forwhat Damovo calls a “jailbreak”.

This lively term describes how staffcan inadvertently damage security bydownloading third-party software thatopens up a vulnerability in the corpo-rate security fence.

So, for example, a good policy mayinvolve spelling out to employeesexactly why downloading an excitingsmartphone app while at work is nota good idea.

FINANCIAL TIMES WEDNESDAY SEPTEMBER 26 2012 ★ 3

For more information abouthow to advertise in thisspecial report, please contactJames Aylott on +44 (0) 207873 3392, or email:james.aylott@ft.comor your usual Financial Timesrepresentative.

All FT Reports are availableon FT.com. Go toft.com/specialreports

Follow us on Twitter attwitter.com/ftreports

All editorial content in thissupplement is produced bythe FT.

Our advertisers haveno influence over, or priorsight of, the articles or onlinematerial.

Paul TaylorThe ConnectedBusiness Editor

Jane BirdJessica TwentymanMichael DempseyStephen PritchardFT Contributors

Richard GibsonDavid ScholefieldElizabeth DurnoSub-editors

Adam JezardCommissioning Editor

Steven BirdChris TosicDesigners

Andy MearsPicture Editor

The Connected Business

At the US-based drinks firmPabst Brewing Company,Ben Haines, the chief infor-mation officer, hasannounced an end to smart-

phones provided by the company.“I’m not going to be buying any newphones for staff and I won’t have myadmins worrying about phone con-tracts, which frankly has become atotal pain for us,” he says.

Such has been the success of thecompany’s BYOD (bring your owndevice) policy, rolled out earlier thisyear, that Mr Haines is now set onmaking employee-owned devices thecompany’s default approach to mobil-ity, rather than an optional employeeperk. Each new staff member will begiven $200 towards the purchase ofthe device of their choice, and allemployees will be paid a subsidytowards their monthly phone bill.

Not every company has embracedthe BYOD trend so enthusiastically,but most are being forced to decidewhether or not to allow employee-owned smartphones and tablets toaccess their enterprise networks andinformation, according to analysts atresearch company Gartner.

The company’s survey of CIOs,conducted at conferences held in theUS and Europe during 2012, suggeststhat, by 2014, 80 per cent of the globalworkforce will be eligible to partici-pate in a BYOD programme.

That figure seems high, but manyCIOs now acknowledge that dictatingto employees what mobile device theymay use no longer works.

The consumerisation of IT, theysay, means staff will probably protestagainst such a policy, and some mayseek to circumvent it, in order to use

their iPhone 5, for example, or theirWindows tablet or Android handset atwork.

Against this backdrop of employeedemand, however, IT teams face therequirement to keep corporate datasafe, even when it is on employee-owned devices, and even if thosedevices are lost or stolen.

Their best hope is probably mobiledevice management (MDM) software,back-end platforms that offer IT teamsa way to secure, manage and monitormobile devices, in much the same waythat they have previously usedResearch In Motion’s BlackBerryEnterprise Server (BES) to managecorporate BlackBerrys.

The difference with MDM softwareis that, unlike BES, these productscan typically support a wide range ofdevices, regardless of manufacturer ormobile operating system.

Such capabilities come at a cost: ina May 2012 evaluation of 20 MDM ven-dors conducted by Gartner, the aver-age price of these platforms workedout at $60 per user per year, althoughthe firm’s analysts expect that priceto drop to $40. What CIOs and theirteams get for that price is securityand peace of mind. These productssupport a number of vital securityfunctions including enforcement ofpasswords, remote wiping of data anddevices locking, and provide a central-ised audit trail for tracking logins andconfiguration changes.

Of the 20 MDM products thatGartner’s analysts evaluated, fivevendors were ranked as leaders:MobileIron, AirWatch, Fiberlink,Zenprise and Good Technology.

For example, at Pabst, Mr Haineshas deployed Fiberlink’s MaaS360

MDM product to support employeedevices.

When his team is presented with anew device to support, he says, theycan get it up and running in about 10minutes and, because MaaS360 is acloud-based platform, they have notneeded to procure and manage hard-ware to host it.

Ojas Rege, vice-president of strategyat MDM company MobileIron, saysdeploying MDM software is perhapsthe easiest challenge faced by compa-nies implementing BYOD, becausethere will be a huge amount of deci-sion-making first. “It’s a question ofphilosophy first, policy second, andonly then technology,” says Mr Rege.

“You’ll need to identify your basicstance as a company on BYOD. You’llneed to identify eligible candidates inthe workforce for BYOD. You’ll needto understand the applications anddata they need to access on the move:is it just email, for example, or docu-ments, or field applications?”

They will also need to establish acost structure, outlining how BYODwill be financed. Some companiesmake employees responsible for all

costs related to devices they own. Oth-ers make a contribution towards ini-tial handset cost or monthly bills.

Paying some sort of stipend, sayGartner analysts, “gives a corporationsome extra control and makes theemployee more beholden to the corpo-ration for a device’s use”.

Graham Hann, head of technologyat law firm Taylor Wessing, says thebiggest hurdle, for multinational com-panies at least, may lie in navigatinga tricky landscape of differing dataprotection and employment laws toimplement BYOD.

Even in Europe, “a confusing patch-work of out-of-date national laws andlack of harmonisation make it verydifficult for businesses to implementpan-European BYOD policies”.

Mr Hann’s view is echoed byQuentyn Taylor, Europe, Middle Eastand Africa director of security, gov-ernance and risk at electronics com-pany Canon. “When someone tells metheir company has a multinationalBYOD policy, my first question tothem is ‘How?’ They’ll often admitthat, in certain countries, it simplywasn’t possible to enforce it.”

Default option:many CIOs admitthey have litlechoice but to letemployees bringin technologyfrom home

Dreamstime

Dictatingto staff nolonger worksChoices Letting workers use their owndevices may seem an easy decision, but itneeds planning, says Jessica Twentyman

‘It’s aquestion ofphilosophyfirst, policysecond,and onlythen,technology’

Contributors »

The advice to other ITleaders from Jay Crotts, vice-president of IT services andoperations at Royal DutchShell, is: “Don’t ignore thebring your own device(BYOD) trend. Embrace it.”Mr Crotts says:

“Consumerisation will forcemore [corporate] changethan any other trend in thecoming few years, andemployees will use their owndevices in the workplace,whether authorised or not.”Security risks aside, he

says: “There are significantbenefits for both thebusiness and employeesto be gained by supportingBYOD – increased flexibility,choice and a more engagedworkforce.”In keeping with that

philosophy, since July thisyear Shell has made BYODavailable to users rightacross the company –including its contractors andemployees in joint ventures –following its six-month rolloutof a mobile devicemanagement (MDM)software-as-a-service (SaaS)platform from AirWatch.The implementation was

preceded by a pilot project,in which corporate email wasextended to around 2,000users to test demand.“It proved extremely

popular, and quickly becameoversubscribed, with awaiting list,” says Mr Crotts.Today, Shell’s AirWatch

MDM platform supports

some 6,000 individualdevices. The companysupports any employee-owned Apple and Androidphones, and tablets thatmeet its minimum operatingsystem requirements.

Meanwhile, Mr Crottsand his team are keepingan eye on the market: “We’llaim to support devices that

are winning in the consumermarket and meet Shell’sminimum security standards.”For example, it is likely thatthey will support WindowsPhone 8 when it is releasedlater this year.Shell’s BYOD model means

that employees bring to workdevices they have purchasedthemselves and they covertheir own mobile bills.With many consumer rate

plans now offering “all youcan eat” data plans, as wellas the ready availability ofWiFi, there should be noincrease in costs for usingthe service. That said, thecompany is improvingin-office WiFi, so employeemobile devices automatically

connect to this, rather thantheir mobile network – abenefit that is particularlyattractive to employeestravelling between Shelloffices, who might otherwiseincur hefty roaming charges.The introduction of

BYOD represented thefirst manifestation ofconsumerisation at Shell,says Mr Crotts, so beyondthe need to introduce anMDM platform, the projectrequired significant non-technical work with otherstakeholders in the businessto ensure the company wasready for a new way ofworking. These includedrepresentatives from the HR,legal and tax departments,among others.“We also engaged with our

employees to get their inputon what they would like tosee in place, and alsoensured we were engagedwith our employee staffcouncils, to address anyconcerns – such as what anew ‘always on’ way ofworking might mean forstaff,” he adds.There are some

restrictions to Shell’s BYODpolicy, based on geographicchallenges, and some legaland regulatory constraints.But, says Mr Crotts: “Wecontinue to review the status[in these territories] and willenable BYOD when andwhere we can.”

Jessica Twentyman

Shell ‘Consumerisation will force more change than any other trend’

At Deloitte, the business advisoryfirm, every member of the company’s1,500-strong UK workforce is entitledto bring two of their own devices towork if they wish.While the company is happy to

provide them with a companyBlackBerry, iPhone, Android orWindows mobile device, about a thirdnow prefer to buy and use their ownhandset, according to Matt Peers,Deloitte chief information officer. Inaddition, all tablet computers used bystaff are self-provided.“We started noticing more and

more requests from employees tobring their own devices to workabout two years ago,” says MrPeers. “And over those two years,demand has grown significantly.When a trend like this gathers somuch pace, so quickly you have tolisten to what users are telling you.”Today, all devices are managed

in exactly the same way, usingan MDM platform from GoodTechnology – with the exceptionof BlackBerrys, which continuedto be managed from Research InMotion BlackBerry Enterprise Server.“What we’re seeing is that, whilesome members of our community arestill really attached to theirBlackBerrys, there’s a shift every yearin favour of other devices when ourgraduate intake joins,” he says.Each Deloitte employee has a

secure, encrypted container on theirdevice, downloaded from the onlineapp store for that particular device.In order to access this container,they must enter a password – andafter five incorrect login attempts,the container is automatically locked.“This gives us the level of controlover data that we need at the backend,” says Mr Peers.Once successfully inside the

container, however, staff can accesscorporate emails and calendars,while a secure browser allows themaccess to various back-office systems,including the time sheets thatconsultants use to log the hours theyspend with different clients, whichreside on their employee record withinDeloitte’s SAP system.“Our people travel a lot. They need

flexibility, but they don’t need multipledevices. That’s too hard to manage,for us and for them,” says Mr Peers.“The beauty of the container

approach is its simplicity foremployees.”

Jessica Twentyman

Deloitte Demand to‘bring your own’ is up

2,000Users in Shell’s pilotcorporate email programme

Life’s a device: consumerisation will force change Dreamstime

On FT.com »

PodcastMarket forcesGartner analyst David Willis, Eversheds’CIO Paul Caris, and Hamilton Bradshaw’sDaniel Steeves talk about theconsumerisation of IThttp://podcast.ft.com

4 ★ FINANCIAL TIMES WEDNESDAY SEPTEMBER 26 2012

Watch this space: advisers say that businesses will do themselves few favours if they cut staff off from using consumer tools such as Twitter, Facebook or LinkedIn PA

The Connected Business

looking for. They don’twant to drive into the officeand book a [video confer-ence] room. So consumersolutions such as Skypeprovide more flexibility.”

The trend, she says, isaway from conferencing ina room towards simpler,more frequent, ad hoc com-munications. This is drivenby consumer rather thancompany services, such asSkype, and unified commu-nications (UC) software –which offers real-time com-munications such as instantmessaging, with supportfor video. There are alsobrowser-based services suchas Google+ Hangouts.

“The nomenclature ischanging from video confer-encing to video chat,” MsNelson says.

In business, the pressureson companies to cut travelcosts and support flexibleworking, underpin the

deployment of fixed-videoand “telepresence” systems– which allow staff to feelas if they are in the office.

But the idea of a singleset-up – with the ease of useand compatibility of a voicecall, on any device from anymanufacturer – remains asfictional as Lang’s vision.

Robert Mason, managingvice-president at Gartner,the market research firm,says: “Travel displacementpoints towards [corporate]video conferencing.”

“But in almost every com-pany, especially the mid-sized firms, there is someuse of consumer technol-ogy, even if that is only forvery distinct-use cases,such as job interviews. For

these one-off situations,ease of use trumps quality.”

Jason Kane, IT operationsmanager at BuroHappold,an engineering consultancy,says: “We use Skype forrecruitment and where theclient or external partyrequires it. We use 3G withour Polycom system on anad hoc basis, where analternative network is notavailable or when we are onthe move.”

The company is lookingat integrating video callsfrom devices such as tab-lets. This is typical of howcompanies use the technol-ogy. Analysts such as MrMason say the market isless about a single technol-ogy or service, but a rangeof tools for different jobs.

“For a three-hour to four-hour meeting, you needhigh-quality video andsound, and that lends itselfto the traditional enterpriseconference technology,” hesays. “Employees on theroad are also likely to useconsumer technology.”

Companies are alsoinvesting in “gateways”,usually hardware, that con-nects consumer video callsfrom services such as Skypeor 3G and 4G mobile net-works to their room-basedvideo conferencing systems.

Mr Mason cautions qual-ity and reliability issuesmean these systems remainsomething of a trade off.

But there is another fac-tor limiting the take up ofeither desktop video phonesor video calling from smart-phones or laptops: band-width. IT managers worrythat unfettered use of video

calling between staff willclog up networks and slowdown access to other busi-ness-critical applications.

Mark Lewis, vice-presi-dent for enterprise solu-tions at Interoute, a net-working services provider,says: “Video has been apush market [where prod-ucts are marketed ratherthan consumers demandthem], a luxury purchasedfor C-level executives, butclients are now saying thisneeds to be controlled.

“But services such asSkype have led the way forconsumers, by using acamera and microphone inthe laptop. Samsung hasTVs with Skype. Theconsumer push makes [useof this type of service]unavoidable.”

Consumer services haveadvantages beyond lowcost. Some companies thathad problems with desktopvideo phones found con-sumer technology –designed for lower-speedbroadband or WiFi net-works – performs better.

The disadvantage is con-sumer technologies lack thesecurity measures and con-trols of business-grade soft-ware. “We tell enterprisecustomers to ‘anchor andextend’: start with highestquality or the mostdemanding users and usethat as the anchor,” saysMr Mason. “But don’t beafraid of having tiers: man-aged services for execs andconsumer or UC serviceslower down is perfectlyacceptable, as long as youunderstand the impact onnetwork resources.”

Video calling has a longhistory – at least, in sciencefiction. Fritz Lang’s 1927film, Metropolis, featured anearly impression of a videophone and was made just ayear after John LogieBaird’s first successful TVtransmission.

But if the notion of videocalls remained a staple offilms and TV, the technol-ogy itself lagged behind.Industry statistics suggestone in four US adults havetried video calls but there isa long way to go.

Technologies such asApple’s FaceTime, 3Gmobile video calls and,especially, Skype, havepopularised the idea ofvideo, but most people stillseem to prefer voice calling.

However, with easier-to-use equipment and betterbandwidth connections, thisis starting to change.

User-friendly options,such as being able to useApple’s FaceTime technol-ogy over cellular networks,and tablets and laptop PCswith video cameras built in,are attracting new users.

Barbara Nelson, chieftechnology officer at iPass,a network services providerfor businesses. says: “We’veseen a significant increasein people using video. Two-thirds are now using videoconferencing or video chat,more than a year ago.

“Before, video conferenc-ing was very scheduled,something that was condu-cive to two or three peopletalking to each other, butthere was not the flexibilitythe mobile workforce was

Conferencingmakes way forvideo chatOnline meetings

Web discussions aremoving out of fixedspaces and becomingmore common, saysStephen Pritchard

Consumerservices haveadvantagesbeyond low cost

Facebook claimed 995m activeusers, as of June 2012. Twitterhas about 500m users, andYouTube, owned by Google,says it has 800m visitors each

month, watching 4bn hours of video.Renren, a Chinese social media site,claims 157m active accounts.

For marketing purposes alone,social media sites – designed for con-sumers to stay in touch with friends,publish photographs or share informa-tion about hobbies and interests – arean attractive platform.

And they are also economical: astandard Facebook page is free, evento the largest businesses.

Companies are also finding thatsocial media services can providemore than just an alternative to astatic web page. Social media, throughservices such as Twitter’s firehose –its full data feed – provide a richsource of information to companiesabout how their brands or productsare perceived.

Handled correctly, social media canserve a valuable customer servicesfunction, and also a way to create and

follow groups of customers, suppliersor “influencers” who might be usefulto the business.

LinkedIn, which styles itself as abusiness social network, is also auseful recruiting tool.

But it is the way in which socialmedia services allow businesses tointeract with their customers, andespecially harder to reach groupssuch as young adults, that appeals tomarketers.

Mark McDonald, head of executiveprogrammes research at Gartner, theresearch company, says: “The econ-omy we are now in places a highervalue on participation, and consumerswant to connect with each other anddemonstrate their knowledge. Thatchanges their association with theproduct, or the brand.”

Used in the right way, Mr McDonaldsays, social media can persuadecustomers to become unpaid advo-cates for a brand.

And research shows that consumerstrust and value recommendations onsocial media more than they doconventional advertising.

At the same time, simply spendingmoney on social media does notalways deliver the right results.

Ford, for example, has run success-ful social media campaigns aroundcar launches such as the latest modelFiesta. Its rival General Motors,though, very publicly pulled advertis-ing worth $10m from Facebook, say-ing they had not seen a sufficientreturn on their investment.

Other smaller-scale projects some-times work better. British Airways,for example, began its recent “Avia-tors” brand advertising campaign, notin the cinemas, but on Facebook.Sony’s broadcast division has also runa series of online chats for film-makers about its latest video camerason the same site.

One advantage of social media overconventional advertising is flexibility.However, Nathan Sage, a social intel-ligence expert at PA ConsultingGroup suggests that very flexibilitycan also be social media’s weakness.

“You can spend quite a lot of timehaving a conversation about whethersocial media is internally or exter-

nally focused, whether it is PR ormarketing or customer service.

He adds: “There is a disconnectbetween brands and their understand-ing of what social is.”

There have been faux pas, such asinterns tweeting office gossip tothousands of followers, or companiesseriously misjudging the mood oftheir customers.

McLaren Formula One driver LewisHamilton is just one celebrity to havefallen foul of Twitter’s ease of use, forsharing a telemetry sheet showingdata of car set-up information thatcould have been useful to rival teams.

Businesses also have to pay moreattention to who uses their social

media tools, especially in regulatedindustries such as financial servicesor legal services.

“We’ve used social media a lot,”says Paul Caris, chief informationofficer at Eversheds, the law firm.“We’ve used Twitter for some of ourvertical specialisms, such as in ourfood practice, and our partners inthose areas have created small butvery active communities.

“Obviously, Twitter is not abrilliant area for collaboration, as it isbasically a broadcast medium. Butwe’ve introduced policies to ensurethat the way we communicate oversocial media platforms is consistentand that we all understand that whatyou put on there is public facing.

“And we do also take activity thatstarts on Twitter offline, either toLinkedIn, or to a private collaborationarea, owned by Eversheds.”

David Hodgkinson, an adviser oncustomer and channel management atKPMG, the professional services firm,agrees that even tightly controlledindustries such as retail banking canuse Twitter, if they do so with care.

“It is a way of capturing customerdissatisfaction that might not bepicked up through person-to-personcontact,” Mr Hodgkinson says.

PA Consulting’s Mr Sage says deal-ing with complaints has to be donecorrectly: social media users wieldenormous collective power.

“Organisations have to have theability to deal with that. If they don’treact, it can damage the brand.

But there is a further, importantelement to how organisations usesocial media. Jason Breed, socialmedia practice lead at Accenture, themanagement consultants, argues thatalthough business-specific tools suchas Yammer – which provides internalsocial networks – businesses will dothemselves few favours if they cutstaff off from consumer tools such asTwitter, Facebook or LinkedIn.

“Used correctly, social media willhelp companies to recruit and retainthe best employees,” says Mr Breed.“For some time, that’s given the bestcompanies an edge over those thatask candidates to fax a résumé. Nocool kid at college wants to do that.”

Pay attention to who is using social mediaNetworking sites Weight of numbers – and the inf luence such services have – make it impossible to ignore them, says Stephen Pritchard

Even tightly controlledindustries such as retailbanking can use Twitter,if they do so with care

Screen test: video conferencing is now more ad hoc Cisco

easy to use as they couldbe. And this is internal, itsits entirely within our net-work. It personalises thecompany.”

He regards popular socialmedia tools with suspicion.“Facebook is a dangerousweapon. We have a strictpolicy about what staff cansay relating to the companywhen they are on Face-book.”

The Social Business envi-ronment is one whereCanford sets the rules andeverything that passesbetween the company’s 170staff is regarded as com-pany confidential.

“We are safe in theknowledge that this infor-mation never leaves ournetwork,” says Mr Hollo-way.

The internal social mediacommunity has uncoveredhidden talents at Canford.“There’s a lot of skill shar-ing going on,” Mr Hollowayobserves. “People shareknowledge on minor PCproblems so they don’t haveto bother the IT departmentwith their questions.”

Mark Thompson, chiefexecutive at m-hence, MarkThompson says SocialBusiness emerged from thecompany’s own needs. “Wegrew by acquiring busi-nesses. We found we hadeight offices and each onehad a different culture.Social Business gave us theability to bring all thesepeople into one place andtell them what was goingon.

“The product name ismisleading. What is rele-vant is not social media,but engagement. It’s allabout communicatingacross the organisation.”

He does warn prospec-tive users that thiskind of application pro-duces a frank picture,and they should beprepared for thenaked truth. “It givesyou a real raw viewof what’s going on in

your business. You may notlike this.”

This degree of honesty isnot something anyonewants to risk sharing withoutside eyes.

So, although Social Busi-ness could be deployed viathe cloud, Mr Thompsonsays there is no appetite forthis. “People are concernedabout privacy. They getnervous about not havingcomplete control, and all ofour users want to keep ithosted on their own sys-tem.”

But this truthful picturecomes at a cost-effectiveprice, £3.50 per user permonth for m-hance’s exist-ing integration clients.

Daniel Kraft, chief execu-tive of Denver-based News-Gator, shares the opinionthat social media tools forbusiness are all about theability to engage employeesand get them opening up toeach other. He talks about“the social workplace” butstresses the workplace com-ponent is the crucial ele-ment in how NewsGator’sclients, including BarclaysBank and JPMorgan Chase,

use its social media tool.“Social is a big competi-

tive advantage,” Mr Kraftsays. “It gives you theability to share critical andconfidential informationwith colleagues.”

Regulatory requirementsensure that theseexchanges are recorded inthe same way as emails orother internal feeds. Thisalso reflects the fact thatinternal social exchangesonly work when set in agenuine business context,including the same rulesand regulations that applyto every other aspect of theorganisation’s work.

Kelly Dempski, researchand development director atbusiness adviser Accen-ture’s Silicon Valley tech-nology lab, has been study-ing how social media isspreading, and he warnsagainst getting too fixatedby a vogue term.

“The word social is likeinnovation, it means what-ever people want it tomean. I don’t get too caughtup in definitions. People usethese internet services indifferent ways, what mat-ters is the influence of

social media.”Mr Dempski reckons

there are some 200social media tools jos-tling for the attention

of tech-savvy custom-ers. With such abewildering choice,what is a business to

do? He says: “Youshould stop and ask

yourself what it is thatyou want to do. What

should the socialmedia product do

for your busi-ness?”

Getting every-one to revealtheir thoughtsmeans con-fronting thebeating heart ofyour company,and also learn-

ing a lot aboutits true purpose.

When Iain Elliott foundedCanford Audio in 1976 hewas determined to retain acollegiate atmosphere, evenas the manufacturer anddistributor of broadcastingequipment expanded anddeveloped an internationalcustomer base.

But Canford’s headquar-ters in the North East ofEngland is bisected by aroad, with administrationon one side of the carriage-way and manufacturingand design on the other sideof the road.

With another UK site atthe far end of the country,and with offices in Franceand Dubai, Canford strug-gled to maintain a sense ofcommon identity.

Technology could providepart of the answer, butDave Holloway, marketingdirector at the company,had no illusions about itslimitations. “We couldshare information acrossthe internet, but thattended to result in some-thing I hate with a passion– a long thread of emails!”

It was Canford’s technol-ogy partner, Manchester ITintegrator m-hence thatsuggested that an internalsocial media product mightopen up new avenues of co-operation.

Social Business, asm-hence calls this product,runs in the background onusers’ PCs or other devices.The user can join a com-mon company group andoffer their experience andadvice when they spot arelevant subject underdiscussion.

But why could Canfordnot use established collabo-rative software tools frombig names such as IBM orMicrosoft to connect itsstaff?

Mr Holloway notes thatease of use and privacy arewhat mark Social Businessout. “To be honest, Ihaven’t come across thoseother products, which indi-cates to me they are not as

Internal systems offer a betterway of managing messagesControl Businesses may need to be in charge, saysMichael Dempsey

Daniel Kraft:‘Social givesyou theability toshare criticalandconfidentialinformationwithcolleagues’