Examining Different Approaches to BYOD

BYOD "Bring Your Own Device" has become a very popular industry term in the last couple of years.  The core concept of BYOD is pretty simple and straightforward; allow users to use their own personal devices for corporate use.  The most common devices end users are interesting in using are mobile phones and tablets.

Enterprises have attempted to enable BYOD using several different types of technologies with varying degrees of success.  Let's take a quick run through of the different technologies that have been available and that enterprises have tried to leverage.

MDM - Mobile Device Management

Mobile device management has been synonymous with the term BYOD in the past, but has been focused more around corporate devices than end user's personal devices.

MDM's primary use case is to provide policy and control for corporate-owned assets.  This can be for simple logging and auditing purposes, or for other purposes such as telcom expense management.  The whole premise behind MDM is that the MDM gateway has taken the device under management.  Once this happens, the enterprise (and MDM gateway) has full control over the device.  This works for corporate-owned devices, but doesn't fit well for personal devices as the enterprise takes over management of those devices.


Onboarding is a way to provide unmanaged configuration to connecting mobile devices and tablets.  Onboarding is typically tied to a network workflow, something like a captive portal, and serves as an aid to give the device credentials or configuration so that it can connect to the network.  There are predominantly two types of onboarding solutions: simple solutions, which provide toolkits for enterprises to push very simple configuration, and complex, fully featured onboarding solutions that tie into Active Directory and provide  full-blown certificate management solutions for mobile devices. Onboarding is great for getting devices on the network by bootstrapping them with the configuration and credentials that they need to be able to function on the network.  Onboarding is usually a one time event, but is not a managed configuration so if, for example, the network configuration changes, the mobile device would have to go through the onboarding process again.  Onboarding fits well with BYOD as it does not require device management and does not blur the device ownership boundaries.

VDI – Virtual Desktop Infrastructure

Most enterprises have some sort of a VDI deployment in their network.  VDI provides a remote desktop to a user's device.  This has typically been for PCs or thin computing appliances, but with the explosion of mobile devices, enterprises have investigated leveraging their VDI deployments to support BYOD.  What is great about VDI is that it can give the end user a full-blown PC experience that they can manipulate on their mobile devices.  End users typically choose a mobile device or tablet based on the end user experience.  VDI forces the user to have a totally different user experience compared to their native mobile device.  This end user experience is typically very clumsy; for example, desktop interfaces were not designed for touch input  On top of this, VDI is typically very expensive compared to other BYOD solutions, as all of the applications and desktops need to have server based compute power somewhere in the network.

With the explosion of the use of personal mobile devices and tablets, enterprises have investigated or deployed technologies that allow them to control the use of these devices in the enterprise network.  Network Access Control is one of the technologies that enterprises have deployed to control this use.  NAC gives an enterprise the ability to set network policy for different types of devices on their network.  These policies range from a complete blocking of unknown devices (ie. personal BYOD devices) to quarantined or restricted network access.  Most NAC solutions can also provide a captive portal-based user experience that can allow a user to register their personal device for use on the corporate network.  The whole concept behind using NAC for BYOD is for the enterprise to make a decision whether or not they want the personally owned device on their network, and what resources that device should have access to.

MAM – Mobile Application Management

Most enterprises have a set of enterprise applications that they would like to provide to their end user's personal device.  MAM is a solution that is born from trying to solve this problem.  MAM solutions focus on the enterprise applications and data that need to be delivered to the end user's personal mobile device.  More advanced MAM solutions can isolate enterprise applications and content and give the enterprise full policy and control over the applications and content.  With MAM, this can be done without giving the enterprise and management control of the user's whole device; the control is strictly for the business content on the mobile device.   For BYOD, MAM typically makes the enterprise happy as they have control over their content, and makes the end user happy as they can use their own personal device for business.

Those are several of the approaches that have been used by people to solve BYOD.  We would love to share how you plan to support BYOD in your environment.  Are there other technologies that you have seen used?  Are there other BYOD problems or challenges that you are faced with that you would like to share?