Enterprises are embracing BYOD, despite security risks and support costs

Q&A with David Lowe of Samsung
Tools

While BYOD was originally viewed as a cost saver for enterprises, it has often resulted in greater expenses--particularly from the added management, support and security required.

Gartner forecasts that supporting BYOD will cost enterprises $300 per employee annually by 2016.

Despite these additional costs and security risks, many enterprises are "embracing" BYOD, observes David Lowe, vice president for enterprise sales at Samsung Telecommunications America. In an exclusive interview with FierceMobileIT, Lowe relates how many of Samsung's enterprises customers have gone 100 percent BYOD.

Samsung has introduced a number of security measures to reassure customer concerns about BYOD, particularly given the dodgy security reputation of the Android platform. Some see these products as part of Samsung's effort to gain advantage over Apple in the race to replace BlackBerry in the enterprise.

FierceMobileIT: How do you see BYOD impacting the enterprise in the next couple of years?

Lowe: I'm out talking to customers every day ... A pretty consistent theme is BYOD is growing much faster than corporate liable. Customers that historically have never had BYOD before are now embracing it. We are seeing customers moving completely away from corporate liable and legacy devices into 100 percent BYOD. We are also seeing hybrid models. It runs the gamut. The enterprise challenge for BYOD is what do you support? Do you just open the doors wide open and support everything? Do you let in only a small number of devices? Do you have a hybrid model? Enterprises are embracing BYOD very differently.

Samsung's SAFE platform has had a huge impact on BYOD. It has enabled enterprises to embrace Android much more confidently than they have in the past. The problem with the Android operating system is that it is fragmented; there are so many different versions of Android; each device is different. How do I create a BYOD policy around that without having to certify every single device when it comes out? SAFE gives them a way to do that. If I certify on SAFE one time, I can support any device that comes out after that ... Knox makes that even stronger.

So now if I support Knox I can tell my users to go purchase a Knox-enabled device. Knox works for the IT organization who now says, "I can put all of my corporate data inside that Knox container and I can manage that data effectively and deeply. So I can have complete confidence in that. Then, I can leave all the personal stuff alone." It works the same way on the other side. If I am the person using the device, I can now have confidence that I can do whatever I want on the personal side and I'm not subject to the prying eyes of my IT organization. So it feels more like two devices on one. I know that my personal photos, text, whatever websites I visit, can't be seen by IT. The stuff in the secure container is all corporate stuff.

Another thing that is important is the experience. Part of the problem with the containers on the market today is the user experience. It's not seamless. The experience inside the container is very different from the native experience on the device. By creating a container solution that is built natively on the device, the Knox experience is exactly the same whether inside or outside the secure container--that means adoption is going to be easier and better and satisfaction on the user side is going to be much higher as well.

FierceMobileIT: What is the essential difference between SAFE and Knox?

Lowe: SAFE was essentially our first step into enterprise security management. It was a designation that the device you are holding is enterprise grade. It addressed the fundamental table stake requirement that an enterprise needed to feel confident that that device was supported in the enterprise. So that included things like Exchange ActiveSync support integration. We support 100 percent of all the Exchange IT policies, so you can have a much better email experience, MDM integration, so I can integrate well with all the MDM products. In addition, device encryption is supported so that any data on the device is encrypted and lastly it could support VPNs [virtual private networks]. So that was good for most of the market.

But for our most regulated customers in financial services, government and military, they needed a more robust security solution. So Knox is a complete holistic security framework that is built from the hardware level all the way up through the user experience. It starts at the hardware level where the certification key is burned into the device, tying that device at a hardware level to a Samsung operating system. When you boot up the device, it's looking for that key. If it doesn't find it, the device won't boot. So you know at the basic level, the device cannot be rooted. From there, it goes up through the kernel using TIMA, which stands for TrustZone-based Integrity Measurement Architecture, which is constantly monitoring the kernel for any malicious activity.

On top of that there is the operating system level, where we have used SE [security enhancement] for Android, which protects the operating system against any malicious activity. Then you work your way up to the user experience where you have the container. So where SAFE was a designation, Knox is truly a solution that is built into the device.

FierceMobileIT: Has there been any rethinking among CIOs and IT departments regarding BYOD, given the costs of security systems and IT support?

Lowe: Actually, I've seen them embracing it more. I see them recognizing that there are enough tools out there that allow them to manage the devices. At the end of the day, the IT organization wants to manage the mobile devices the way they manage all the other IT assets in their organization. So to the extent that they can utilize existing tools and extend those to mobile devices, that is enabling them to embrace BYOD.

FierceMobileIT: Are your efforts with SAFE and Knox an effort to translate Android's popularity with consumers to the enterprise?

Lowe: Yes, absolutely. Android is the most popular operating system on the planet. It is the operating system that we have invested in very heavily. The challenge that I have even today with enterprise customers is getting them to recognize that all Androids are not created equal. If you look at our implementation of Android via SAFE and Knox, that is much different than the generic Android. You can't lump all Androids together. You have to look at what we've done to extend enterprise-grade security onto our devices.

When they see that we can support twice as many IT policies as our nearest competitor, that we have tools, APIs and SDKs, that allow them to write their applications to our security framework, then they understand that there is a real differentiation there. At the end of the day, the consumers are going to determine which devices will be used in the enterprise, so you've got to have highly desirable devices at the very foundation of your offering and Samsung is leading the way on that. We have a device portfolio that is second to none with more form factors in every category. We are creating new categories like Note that appeal to different segments of the market. Depending on which vertical we are talking about, we have a device that can support that particular use case. And that's what is driving it right now.

More and more I am having conversations with the line of business owners rather than the IT organizations. Now that we've provided the tools for the IT organization to support these devices, we can start to have a conversation around how we can use the devices, how can we maximize the value of the devices, how can we address whatever challenges your line of business confronts. For example, trucking companies are being mandated by the Department of Transportation to implement mobile solutions in all trucks. Their requirements are very different in terms of what the device form factor needs to look like than say the utilities worker using a tablet out in the field to search for gas line leaks. It is driven by the use case.

FierceMobileIT: You said the consumers are going to determine what devices are used in the enterprise, but those use cases that you cited sound more like they are enterprise driven. Could you explain that discrepancy?

Lowe: There is a mix. It depends on whether we are talking about pure BYOD or whether we are talking about corporate liable for particular use cases. Here's a good example: American Airlines wanted to deploy a mobile solution on board their planes for all the flight attendants. They wanted a mobile solution that the flight attendants would use while on board that would give them access to all kinds of real-time data--passenger manifest data, gate change information, delay information, stuff like that. They wanted it to be a device that the flight attendants would keep and use as personal device as well. Well, that is a corporate liable application, but what they realized was that the flight attendants had a lot to say about what device they wanted to use. What they found was the flight attendants wanted to be able to use it as their personal device too. They were forced to open up more capabilities on the device so the flight attendants could use it as a personal device. There are certain corporate liable applications that are going to be very prescriptive because of the nature of whatever they're doing. On the other end of the spectrum, you have pure BYOD and you want to build support for devices that people want to use.

FierceMobileIT: Do you see a security risk from employees downloading third-party apps onto their mobile devices and bringing malware into the network or resulting in data loss?

Lowe: That's where Knox really shines. You can lock down your corporate applications, you can lock down your corporate environment inside the Knox container. Within that container, employees can't download games from app stores, and they can't side-load applications on the devices. You can lock down the corporate side as strong as you want. On the personal side, you can say to the employee, "You can do whatever you want because even if you do something that corrupts the device, it's not going to penetrate the Knox container." So the integrity of the corporate data is maintained no matter what. That's really been an enabler for BYOD and taken a lot of the concerns off the table for customers that are handling sensitive financial information or secure government data.

FierceMobileIT: How do see enterprise mobility evolving over the next 10 years?

Lowe: We are now entering a period of transformation. It started out with customers being very reluctant to support mobility in their enterprise, trying to figure a way to keep it out. We are now in the transformation stage where enterprises are finally embracing it. That's where the real innovation is going to come ... Pick any vertical, for example, financial services. The banking industry is looking at ways to transform. The CIO of one of the largest financial firms in the world recently said to me, "Give me a way to transform the user experience for my end customer." He sees mobility as a way to do that. Even the banking experience in the branches is changing.

You're also going to see that transformation in the transportation industry. The airlines are looking at how to transform the passenger experience from the moment they arrive at the airport to when they board the plane and when they get off the plane using mobile devices. The technology now exists--whether it's communications capability like NFC [near-field communications] or whether it's wearable devices that allow you to do things that you couldn't do before. You are going to see mobility penetrate areas that it was never in before and transform the experiences. That's what I believe and that's what our customers are telling us they want. I think it's going to be a very exciting few years.

Related Articles:
BYOD users hide security incidents
No one-size-fits-all solution for BYOD policies, panel reveals
BYOD security: Not my job, say many employees
Apple keeps pace with Samsung in enterprise mobility initiatives
Samsung ramps up efforts to gain enterprise mobility market share