BYOD worries drove Apple-IBM deal — and a huge win for Apple originally published by Gigaom, © copyright 2014.
Employees who use their own electronic devices at work under a Bring Your Own Device (BYOD) arrangement may have unwittingly authorised their employer to remotely wipe their device when they leave the company, reports the WSJ.
In early October, Michael Irvin stood up to leave a New York City restaurant when he glanced at his iPhone and noticed it was powering off. When he turned it back on again, all of his information—email programs, contacts, family photos, apps and music he had downloaded—had vanished [...]
It wasn’t a malfunction. The device had been wiped clean by AlphaCare of New York, the client he had been working for full-time since April. Mr. Irvin received an email from his AlphaCare address that day confirming the phone had been remotely erased.
A survey found that 21 percent of companies perform a remote wipe of employee-owned devices registered on the company network, with employees ostensibly agreeing to this when they connect to the company network.
Many employers have a pro forma user agreement that pops up when employees connect to an email or network server via a personal device, he added. But even if these documents explicitly state that the company may perform remote wipes, workers often don’t take the time to read it before clicking the “I agree” button.
The legality of the practice has reportedly not yet been tested in court.
In principle, an iCloud or iTunes backup should allow wiped iPhones to be restored, but you may want to pay a little more attention to the small-print next time one of those corporate messages pops up on your screen, to find out what it is you’ve been agreeing to …
Update: Several readers have pointed out that the remote wipe would be performed via the company’s Exchange servers, so removing the Exchange account the day before you leave would be a good precaution.
Filed under: iOS Devices Tagged: Apple, business, BYOD, company, corporate, enterprise, icloud, iPad, iPhone, iPhone wiped, iTunes, Smartphone, tablet, Wiped iPhone
FreedomPop, the wireless service provider offering free and cheap no-contract plans on Sprint’s network, today announced it’s now allowing customers to bring their old Sprint phones to activate on its $0/month wireless plans. We’ve confirmed with the company that will also soon include iPhones.
The company has been around since 2011 with various hotspot products and recently launched its first smartphone direct to customers alongside the world’s first completely free mobile service. A guaranteed 500 MBs of data, 500 text messages, and 200 anytime voice minutes for free each month would sound enticing to anyone, but previously customers would have to pay $99 for an almost two-year old HTC Evo Design to get it. Despite that, FreedomPop says it “immediately sold out” of stock when it launched last month.
That’s about to change today as FreedomPop will now let Sprint customers bring their own device to activate on its free and cheap plans. Although there is no mention of it in the carrier’s press release and some are reporting iPhones aren’t supported, we’ve confirmed FreedomPop will support the iPhone 4 and 4S as well as 20 other Sprint devices initially. Stephen Stokols, FreedomPop’s CEO, tells us it will be another few weeks before the iPhone is compatible, and eventually all Sprint smartphones will be supported. Around 600 devices, including iPhones, will be supported by the end of the month.
While T-Mobile’s new Uncarrier strategy has been getting a lot of attention as a more transparent way of offering wireless service to consumers, FreedomPop is truly attempting to change the face of the industry by offering 100% free mobile and internet services. The strategy isn’t completely lost on the big carriers– T-Mobile just started offering 200MB of free data for iPad and tablet users. That compares to 500MB, 500 texts, and 200 voice minutes Freedompop offers for all of its users. The problem up until now has been lack of devices, but it will be interesting to see how many customers it can attract when it starts supporting the iPhone and Sprint’s line up of Android devices. We also confirmed earlier this year it will soon be supporting iPads via an LTE accessory for tablets.
FreedomPop will also start offering the HTC Evo 4G for $99 off contract today, an even older device than the Evo Design it first launched, but the real news here is clearly the bring your own device support for Sprint phones. A deal with another carrier partner in the future could give FreedomPop the ability to offer the BYOD option for devices other than Sprint smartphones.
FreedomPop claims its free plan will save consumers around $1,000 a year, while those that step up to its paid plans will save 80 to 90 percent compared to other carriers on average.
A list of compatible devices starting today include:
- HTC EVO 4G
- HTC EVO 3D
- Samsung Epic 4G
- Samsung Epic 4G Touch
- Samsung Galaxy S III 16GB
- Boost Prevail by Samsung
- Galaxy Nexus by Samsung
- Nexus S 4G by Samsung
- LG Optimus S
- Motorola Photon 4G
Filed under: iOS Devices Tagged: $0/month, 4, activate, bring your own, BYOD, free, FreedomPop, iPhone, iPhone 4S, Sprint, support
Apple will launch the next iPhone (presumably named the iPhone 5) along with iOS 6 tomorrow. The new iPhone is expected to pack a range of updates that will make it a much more significant release than last year’s iPhone 4S. The biggest expectation is that the iPhone will include 4G LTE support and that, unlike the new iPad, it will support LTE bands used outside of North America.
We won’t know all the details of the iPhone 5 until Apple’s unveiling at the Yerba Buena Center. There are, however, three important issues that business users and IT managers will need to in mind during and after following tomorrow’s launch event – all three of which could have a significant impact on bring your own device (BYOD) programs that encourage users to bring their personal mobile devices into the office.
LTE Is Great For Business, But Bad For Expense Management
LTE’s big boost for mobile professionals may come with big bills.
Apple is rather late to the 4G party, having launched its first LTE device a year or more after most other mobile device makers had begun to establish themselves in the 4G market. Now that the mobile industry has largely standardized on LTE as the future of mobile broadband, Apple has joined the party.
LTE is a significant boost for mobile professionals. The data transfer speeds are more than a simple order of magnitude better than those offer by 3G standards. That means that professionals on the go will be able to access Internet, cloud, and remote network resources at speeds comparable to or better than their home Wi-Fi network and, in some cases, their employer’s corporate Wi-Fi network. That’s a big boost in mobile productivity, particularly if carriers offer that offer tethering of other devices like Wi-Fi iPads, MacBooks, and PC notebooks at no additional cost.
That big boost, however, may also mean big bills. Although most carriers offer LTE plans comparable in price to their 3G data plans, LTE’s performance makes it easy to blow through data caps on those plans much more quickly. It also discourages the use of public Wi-Fi networks, particularly in locations where Wi-Fi coverage is spotty or slow. Why pay for or put up with a hotel’s sluggish connection when your LTE connection is five times as fast?
Those expenses pose challenges in business contexts. How can businesses manage corporate-owned iPhones in such a way that they allow LTE use when needed but curtail it when there are other alternatives? The current mobile device management (MDM) capabilities in iOS don’t offer a real solution. IT can disable voice and data roaming as well as disable some services while roaming like automatic sync with iCloud.
That’s a positive, but it doesn’t address the real problem – companies may want to limit LTE use when users are not roaming.
Similarly, MDM can configure multiple Wi-Fi networks and force a device to join those networks automatically when available, but that only works for setting up known networks. One option is to use a service like iPass that provides enterprise Wi-Fi at thousands of locations around the world, but even that may not be an available or effective solution all of the time.
LTE can discourage the use of public Wi-Fi by mobile employees on the go, which can drive mobile costs higher.
The picture gets even murkier with BYOD iPhones, particularly if there is cost sharing for data service. Employees may rack up overages primarily by using their devices for work, but personal use almost certainly contributes to those overages. Voice calls can be itemized expenses because the numbers for outgoing and incoming calls can be used to identify business calls. Data plans don’t present a way to do the same thing – after all, if you’re in New York for work and use LTE service for both work and personal tasks, there’s no easy way to separate the two, particularly if they happen simultaneously like checking work and personal email accounts at the same time.
Mobile Commerce Blurs The Line Between Personal and Professional
Mixing the personal and professional, Passbook raises questions about data sprawl and security.
There’s plenty of discussion around how and when Apple might enter the mobile payments market with an iPhone-based iWallet. Passbook in iOS 6 is definitely a step in this direction. Whether Apple will use NFC as its mobile payment technology like Google does isn’t certain. Apple could use scannable onscreen codes, location-based payments in the model of Square and Tabbedout, or even develop a payment system around existing technologies like Bluetooth.
Apple probably won’t introduce an iWallet feature tomorrow, but that doesn’t mean mobile commerce is off the table. After all, Passbook lets you manage a range of physical and electronic commerce features – boarding passes, coupons, movie tickets, reloadable gift/payment cards, merchant loyalty program cards and so forth.
Passbook presents an interesting conundrum for devices that bridge our personal and professional worlds. Most of the items stored in Passbook will be personal, at least initially, but Passbook does have some business uses – airline boarding passes for business travel being the most obvious. Membership in a loyalty program for employers, like those provided by some office supply stores, is another one. Rewards programs that are personal but get used in association with business tasks like frequent flyer programs or gas station loyalty programs used with a company-owned (or rented) car are two other examples where there isn’t a clear personal/professional separation.
In mixing personal and professional programs in a single app, Passbook presents questions about what data is appropriate for a company to wipe on a lost iPhone or when an employee leaves the company. If Apple unveils a true digital wallet that can include credit and debit cards, that question and concern will be even greater if employees with company cards put them into their iPhone – not to mention if they accidentally use a company card to pay for a personal item.
Passbook data stored outside the company firewall is also a concern, be it through iCloud or backup of a device to a home computer. In fact, this could be one of the more serious implications of the phenomenon known as data sprawl in which mobile devices and cloud services lead to business data being stored across different devices and services with no central point of document or permissions management.
The Business Upgrade Cycle – Will Employees Get An iPhone 5?
Apple’s annual update cycle could fragment a company’s mobile security and management capabilities.
Apple has established a pretty predictable upgrade cycle for iOS. We can expect to see a new iPhone, iPad, and iOS version each year. Carriers, on the other hand, don’t offer a one-year cycle for subsidized devices. That means most iPhone users in the U.S. upgrade their iPhone every other year. Businesses, schools, and other organizations typically have slower upgrade cycles that often involves replacing technology every three or more years.
These out-of-sync upgrade cycles and Apple’s decision to offer older iPhones as entry-level models presents two potential issues in the workplace.
The first issue is one of employee morale. If employees are stuck with an iPhone 4 (or even an iPhone 3GS) and/or a first generation iPad while their coworkers are using an iPhone 5 and new iPad, there’s the potential for tension, hurt feelings, and employees questioning of why they didn’t get the newest work device. That doesn’t mean someone will go postal as a result of not getting a new iPhone. However, in today’s economy where raises are few and far between, perks like technology upgrades are one way that managers can show appreciation and build morale – and that shouldn’t be overlooked.
In today’s economy perks like new mobile devices can be an effective a way to build morale.
Obviously, offices with BYOD programs aren’t likely to have those same morale issues since employees can choose their own devices. That doesn’t mean that everything is rosy in the BYOD world.
Apple is notorious for cutting support for older devices in new OS and app releases – both in the desktop and mobile spaces. iOS 6 drops support for the original iPad and iOS 5 dropped support for the iPhone 3G. Even the devices that iOS 6 support won’t get all of the iOS 6 features. The iPhone 4 won’t get FaceTime over 3G or turn-by-turn navigation, for example.
This becomes an issue for businesses in both BYOD and traditional corporate-owned environments because it fragments the features available to employees. More important, it fragments the security and device management capabilities. If Apple includes a range of new security and management capabilities in iOS 6, companies with a large population of original iPads won’t have access to those improvements.
Obviously, this issue is more about iOS than the iPhone 5, but it becomes an issue for companies (or individuals) choosing entry level or mid-range iPhones rather than more expensive brand-new models. If Apple drops the iPhone 4 to free with contract, as it did last year with the iPhone 3GS, a business user or company might see that as a great bargain – and it will be one, but one that may pose challenges a year or two from now.
Ultimately, these issues are part of the broader questions and concerns posed by the continuing consumerization of workplace technologies and the BYOD movement and, like many questions posed by those trends, there aren’t solid one size fits all answers.
At VMWorld, this week VMWare showed of Horizon Mobile for iOS – an enterprise solution that separates business apps and content on an iOS device from a user’s personal apps, documents, and data. It’s an iOS version of a tool that VMWare previously demoed, but hasn’t yet shipped, for Android devices. While the name and the goal of Horizon mobile is essentially the same on both platforms, the company is taking a vastly different approach for iPhones and iPads.
Not only is the iOS approach different, it’s also nowhere near as revolutionary – other mobile enterprise companies have using similar approaches for a while and the one truly distinctive feature is one that Apple might not approve for distribution.
Horizon Mobile for Android is designed around the concept of virtualizing Android. The virtual instance of Android on a mobile phone (or other device) is configured and loaded with Android apps by a company’s IT department. The virtual instance of Android operates independently of the Android instance that is actually installed on the phone – different set of contacts, different apps, different files and documents – even a different phone number. The result is a completely separate and secure user experience – one that can be managed by IT and wiped off the device without touching personal content. The catch, VMWare announced Horizon Mobile for Android last year, but still hasn’t shipped it.
The iOS version uses completely different approach – one that is partly borne out of necessity. A swarm of flying pigs over every major city is, after all, far more likely than Apple letting VMWare virtualize iOS. Another reason for the different tactic that Ben Goodman, VMware’s Horizon evangelist, described to ConsumerizeIT’s Colin Steele is that creating an Android solution required finding a way to handle the fragmentation of Android devices and versions. Virtualizing Android and giving IT a consistent OS to manage seemed the logical approach.
How does the iOS version work? It creates an encrypted on-device storage area or workspace. Good Technology and Bitzer Mobile already use the approach to create secure storage on iOS devices. Both companies also provide secure apps as part of their solutions and Good has developed its own SDK that allows other iOS developers to integrate their apps into its secure storage model. Both companies also prevent data from being accessible outside the secure workspace and disable the ability to copy and paste into external apps.
It’s also worth mentioning that Apple actually introduced developer APIs related to security and encryption for on-device secure storage in iOS 4 a little over two years ago.
That’s why VMWare’s approach seems a little stale as an iOS solution. It almost seems like the company is playing catch-up to a certain extent.
The one feature that VMWare has created that does seem unique is the ability to install iOS apps, including apps from the App Store, into the secure workspace. According to Goodman, iOS doesn’t even see these apps.
That’s a pretty incredible feat, but it raises a big question that no one seems to have answered yet – what will Apple think of it? This certainly seems like something that Apple wouldn’t approve for release in the App Store because of the way that the secure workspace handles apps and that it requires installation apart from the App Store and possibly outside of Apple’s Volume Purchase Program.
Overall it’s hard to judge the impact VMWare might have with Horizon Mobile at this point, but as the demo video below illustrates, it could solve a lot of problems associated with BYOD (bring your own device) programs.
At this time, neither Horizon Mobile for iOS or Android are shipping products. More information can be found on the VMWare Office of the CTO blog.
With the release of iOS 6, Apple will offer business users a range of new features. A few of which are VIP email filtering (already in Mountain Lion) with custom notifications, more options when declining a phone call on the iPhone, much-needed privacy options, and Apple’s new Do Not Disturb feature – which should help some mobile professionals to “switch off” after work and maybe even get a good night’s sleep.
iOS updates are generally designed to be user-friendly and easy enough that anyone can manage to install them. As with any major OS or business critical software upgrade, however, there may be unforeseen issues with iOS 6 – particularly when it comes to internal iOS apps and iOS access to enterprise systems.
An iOS 6 upgrade policy and strategy is something that every IT department should have in place before Apple releases iOS 6. For businesses that actively support user devices in the workplace through a BYOD (bring your own device) program, that upgrade strategy is even more critical.
Test Developer Previews and GM Seed When It’s Released
The most important build to test with the GM build.
The easiest way to prepare for iOS 6 is to use it. Check out its new features, see how well various apps run, and connect it to your corporate network. Joining Apple’s iOS developer program provides you with access to the iOS 6 preview builds (along with the preview builds of Apple’s Xcode – the development environment for creating Mac and iOS apps). Enterprise organizations and business that are thinking about developing custom iOS apps for internal use will definitely want to join the $299 enterprise version of Apple’s developer program. Smaller organizations in which a single person handles all the mobile or iOS solutions and will be responsible for pre-release testing can probably manage with a $99 individual membership.
In addition access to iOS preview builds, the iOS developer program provides a wide range of resources for anyone (or any company) that wants to get started with iOS development including hundreds of training videos and WWDC sessions (2010 – 2012). Apple also offers its Safari developer program, which is free and, among other advantages, provides a range of resources for creating HTML 5 web apps for the iPhone and iPad.
Testing with the various preview builds will give you a good sense of how iOS 6 will function and how it will interact with enterprise systems and various apps. If additional preview builds are released, however, you’ll likely see changes to features and compatibility issues. Keeping track of those changes will help you get a clearer idea of how iOS will impact you and your users. Ultimately, the most important build to test with the GM (golden master) build since that’s the final build that Apple will release to the public.
Make A List Of Common Apps And Test Them
As part of your testing process, you’ll obviously want to test all the apps frequently used by employees in your company. If you use mobile app management (MAM) tools, offer an enterprise app store, or make use of Apple’s Volume Purchase Program (VPP), you’ll probably have a list of commonly used apps and/or required apps already.
If you don’t use such a system, you can use your mobile management solution to query any or all managed iOS devices for a list of installed apps. Your mobile management system may even be able to generate a report of the most used apps. If not, you can put the individual lists of apps into spreadsheet or database tool and use that to determine the most frequently used apps. You may also want to consider investing in a MAM solution as part of your mobile management strategy going forward.
Plan For App Updates
Keep in mind that many developers are already testing their apps and making updates in anticipation of iOS 6. Those updates may fix problems and improve how the apps run under iOS 6 and they will likely add support for new iOS 6 features. You generally won’t be able to test these apps until iOS 6 and the various updates go live. Many developers will have their apps ready to go the day iOS 6 launches. At that point, you should to do a final check with the updated apps.
You may want to consider MAM tools that can help you get those updates out to users more efficiently and ensure users get any critical updates. Alternatively, you could use a system like Apple Configurator to do mass deployment of iOS 6 and various apps (more on this in a bit).
Thoroughly Test Internal And Business-to-Business Apps
In addition to public apps, you’ll need to vet any internal apps that in-house or contract developers have created for your company. If updates needs to be made, you’ll need to determine if can be finished before iOS 6 launches. If not, you may want to postpone your internal roll out of iOS 6 if the apps are mission-critical tools. Likewise, if your company uses business-to-business (B2B) apps created by one or more of your partners, you’ll want to test the version that you have in use and reach out to the companies that created the app so that you know their update and support plans.
Test iPhone/iPad/iPod touch Accessories
If you have wide deployments of accessories that connect to iOS devices, you’ll to check those as well as apps. There are a range of accessories on the market for business use – everything from mass iPad storage and charging carts to Bluetooth headsets and keyboards to AirPrint printers (or print servers) to profession-specific devices. You’ll want to test them (and companion apps if they have them) with iOS 6 and reach out to the manufacturer if you find issues.
Make A List Of All Enterprise Systems iOS Device Users Access And Test Them
Along with testing iOS 6 with apps and accessories, you’ll want to test any enterprise systems that iPhone and iPad users may access. That includes your Wi-Fi network, Exchange server, VPN services, intranet site, cloud solutions, virtual desktop infrastructure (VDI), and any other systems or resources that you allow or support uses accessing from their devices.
It’s vital to test apps, business accessories, and enterprise systems with iOS 6.
Check With Your Mobile Management Vendor
Mobile management suites will almost certainly receive updates to iOS 6. They will be needed to support any changes Apple makes to its mobile management framework as part of iOS 6. You’ll want to check with your mobile management vendor(s) to see when they expect to release an update along with the changes that will be part of the update. Keep in mind that some changes may be things that Apple requires these companies to keep under wraps until iOS 6 ships, but your vendor should still be able to offer some details and help you plan an upgrade.
Consider An iOS 6 Pilot Group
A pilot project helps you plan support procedures and training documents.
One useful testing option is to do a short iOS 6 pilot project. Select a handful of tech-savvy users and update their iOS devices to iOS 6 once the GM build is released (you’ll need to have an enterprise developer membership to do this). Have them use it for a few days or a couple of weeks and report feedback about issues and feature changes. Not only does help you vet iOS 6, it also helps you plan support procedures and training documents.
You should use corporate-owned devices for a pilot. Once devices are upgraded to iOS 6 or the iOS 6 preview builds, they cannot be downgraded to iOS 5. As such, the process is making a permanent change to a device – you don’t really want to do that to something your business doesn’t own. If you do choose to use BYOD devices in the pilot, you should ensure that their owners understand this issue and have a record that shows they have chosen to accept any risks.
Decide Whether To Do Managed Upgrades Or Let Users Upgrade On Their Own
The big decision about a major upgrade like iOS 6 is whether you’ll let employees manage the upgrade on their own or whether you’ll have IT staff perform the upgrade for them. As I noted earlier, iOS updates are easy to perform and most users can manage that process on their own.
You can, however, use a managed upgrade process to deliver more than just iOS 6. You can include app updates (internal, B2B, or public) as part of the upgrade. You can introduce any new mobility policies as part of the process and use it as an education opportunity to explain those policies and the importance of mobile and data security. Given that many workers deliberately bypass IT policies and mechanisms, this opportunity has the potential to pay dividends of better compliance and understanding. Along the same concept, such upgrades can be mini-training sessions for users and can also be a good chance to get feedback about how IT is doing in supporting users.
You can also use a managed upgrade to do some spring cleaning of company-owned iOS devices. Rather than simply backing up a device and then updating it, you could use a tool like Apple Configurator to backup the device, wipe it, update it to iOS 6, and install a fresh set of apps (including new iOS 6 versions of them). Configurator, despite the fact that it requires some hands-on action, is a good choice because it allows you to install apps without associating them with a user’s Apple ID. As such, it can reclaim volume purchased app licenses if the user leaves the company.
On the other hand, a managed upgrade is resource intensive. The advantages may be worth it or the sheer staff and time requirements may simply be too much. In that case, you may want to let users upgrade devices on their own. If you go that route, you should develop a training/support document that tells people how to perform the upgrade – including backup the device (ideally to a work computer rather than a personal one or iCloud). You can also tell them to delay upgrading if you’ve discovered any issues with iOS 6.
Challenges With BYOD Devices
BYOD devices represent a unique challenge. They are a user’s personal device, so the decision to upgrade to iOS 6, when to do it, and how to do it are user prerogatives. That said, your BYOD policies may state that they should not do so without checking with IT staff first. Ultimately, the big concerns with BYOD users managing the upgrade on their own are whether or not they back the devices to a personal computer (or iCloud) and whether they will do it before you’ve ensured iOS 6 functions properly in your environment (or corrected any issues you find). You also don’t want to do any spring cleaning as you might with company-owned devices.
Policies, Training, and Support
Several iOS 6 features may require updates to existing IT policies governing iOS devices. Acceptable use policies, employee availability requirements, liability issues associated with upgrading employee-owned devices, and overall BYOD policies may all need changes. In the process of determining what, if any, changes need to be made, you may want to review the existing policies and make updates that aren’t directly related to iOS 6.
You’ll also want to develop training resources that introduce users to the new features of iOS, how those features impact their devices at work, and note any issues or potential issues you’ve discovered (and possibly work around solutions for them). It’s also a good idea to provide some general iOS 6 support documents for common problems and how to handle them.
Finally, you’ll want to ensure there’s plenty of support available around the iOS 6 launch to handle questions from users as well as problems they come across. This could mean having upgrade events, doing managed upgrades, offering a walk-in support clinic modeled after the Genius Bar in Apple retail stores, and ensuring help desk agents are on hand to meet the demand and are prepped to handle iOS issues.