BYOD OK?

We have recently completed a survey of IT decision makers that are knowledgeable about security issues in their organizations, and we found something surprising: the concern about “shadow IT” — employee use of unauthorized cloud apps or services — is significantly lower in this year’s survey than it was just over a year ago. While there can be variability between surveys because of sampling and other issues, the difference we found is not explained by sampling variability, but instead represents a significant shift of concern away from the problem of shadow IT and BYOD/C/A (Bring Your Own Devices/Cloud/Applications).

Why?

Three theories:

  • First, we have not seen big, headline-grabbing data breaches result from the use of personally owned smartphones, tablets, laptops and other employee-owned and managed devices, cloud applications and mobile applications. While these breaches occur and clearly are a problem, the horror stories that were anticipated from the use of these devices have been few and far between.
  • Second, senior management — both in IT and in lines of business — have seemingly acquiesced to the notion of employees using their own devices. They realize that stopping employees from using their own devices to access work-related resources is a bit like controlling ocean surf with a broom.
  • Third, there are some advantages that businesses can realize from employees using their own devices. While lower business costs are an important advantage because IT doesn’t have to purchase devices for some employees, another important benefit is that IT doesn’t have to manage them either. For example, when an employee leaves a company and company-supplied devices need to be deactivated, some organizations aren’t exactly sure who’s responsible for doing so — IT, the employee’s manager, HR or someone else. A survey we conducted some time back asked, “when an employee who had a company-supplied mobile phone leaves your employment, how confident are you that you are not still paying for their mobile service?” We found that only 43 percent of respondents were “completely confident” that the mobile service was deactivated, and 11 percent either were “not really sure” or just didn’t know. Employees using their own devices and plans gets around this problem nicely.

To be sure, unfettered and unmanaged use of employee devices in the workplace is not a good idea. It can lead to a number of problems, such as the inability for IT to know where all of a company’s data is stored, the inability to properly archive that data, the inability to produce all of it during an eDiscovery effort or a regulatory audit, lots of duplicate data, a failure to establish an authoritative record for corporate data, a greater likelihood of data breaches if a device is lost, and the potential for not being able to satisfy regulatory obligations.

That last point is particularly important, especially in the context of the European Union’s General Data Protection Regulation (GDPR). A key element of the GDPR is a data subject’s “right to be forgotten”, which translates to a data holder’s obligation to find and expunge all data it has on a data subject. If an organization cannot first determine all of the data it holds on a data subject and then cannot find all of that data, it runs the risk of violating the GDPR and can pay an enormous penalty as a result.

In short, BYOD/C/A offers a number of important advantages, but it carries with it some serious risks and should be addressed as a high priority issue in any organization.

 

Is BlackBerry Dead in the Water?

A blog post from yesterday asks the question, “Would you say that BlackBerry is pretty much dead in the water at this point or is there hope left for the struggling Canadian company?”

The question is a good one. In the first quarter of 2009, BlackBerry had  55.3 percent of the US smartphone market and 20.1 percent of the global smartphone OS market; as of the last quarter of 2016, BlackBerry’s share of global smartphone sales had fallen to 0.048 percent. The company’s revenues fell from a peak of $19.91 billion in FY2011 to $2.16 billion in FY2016. It’s operating income and net income have been in negative territory since FY2013. It’s stock price went from $138.87 on April 30, 2008 to $7.45 as of today. In September of last year, BlackBerry stopped making its own phones.

So, yes, a case can be made that BlackBerry is “dead in the water” or very nearly so.

However, I believe that 2017 and 2018 will see a modest resurgence of the company, albeit not to levels that we saw before the iPhone and Android devices began eating BlackBerrys for lunch. Here’s why:

  • BlackBerry isn’t really a smartphone company anymore, but is transforming itself into a software and cyber security company. If they’re successful in doing so, that will turn their 30-something margins into 70-something margins. The company’s financial results are at least hinting that margins are going in the right direction.
  • BlackBerry still has a very good security architecture for mobile devices, one that many decision makers should (and, I believe, will) seriously consider as mobile devices increasingly access sensitive corporate applications and data repositories. BlackBerry’s DTEK technology offers robust user control over privacy and that’s going to be important for many enterprise decision makers.
  • While BlackBerry’s market share in the US and many other markets is really, really poor, the company is still doing reasonably well in places like Indonesia and in some key verticals, such as financial services. For example, a major US bank is standardized on BlackBerry mobile technology, as is HSBC, among others.
  • BlackBerry is increasingly focused on markets that are quite far afield from its traditional phone business. For example, BlackBerry Radar is the company’s first IoT application and is designed for asset tracking, currently in use by a major Canadian trucking firm. BlackBerry QNX, a real-time operating system focused on the embedded systems market, is currently used in 60 million cars worldwide (and replaced Microsoft Sync at Ford). BlackBerry has some interesting and innovative solutions focused on addressing enterprise BYOD/C/A concerns.

The bottom line is that BlackBerry is nowhere near out of the woods, but is definitely showing signs of life. John Chen has done a good job at starting to turn the company around, there is promise in several of BlackBerry’s key markets, and the company has a decent base of working capital. I have some confidence that in a couple of years BlackBerry will see something of a resurgence.

Do We Suffer from Email Information Overload?

Is “information overload” a problem in email? Yes:

  • Brits (and, presumably, most every other information-focused worker) spend 36 days each work year composing emails.
  • Seventy-two percent of email users experience “some”, “quite a bit” or “a great deal” of information overload in email according to a current study being conducted by Osterman Research. Plus, the survey is discovering that 50% of respondents are using email more than they were 12 months ago, and that only 3% are using it less.

Add to this the information overload we experience in other areas: in 2013, broadcast networks showed an average of 14 minutes 15 seconds of commercials during each of the five hours of television we watch each day; cable networks showed 15 minutes 38 seconds. Twenty-eight percent (1.72 hours) of all time spent online is focused on social media. The average user sees 1,707 banner ads per month. The typical mobile user spends 90 minutes per day on his or her phone.

What’s the problem with information overload in just email, let alone in other areas?

  • We end up missing important messages. Most of us have experienced a situation in which we missed an important email from a co-worker, customer, prospect or someone else simply because it got lost in the flood of emails with which we must contend on a daily basis.
  • We miss deadlines. Missing emails means that we miss meetings, customer deadlines and other time-sensitive events.
  • Potentially, we can lose revenue. If a customer or prospect asks a question and we either don’t answer or answer in a timely way, that can result in lost business opportunities and damage to our personal and/or corporate reputation.

So, we have two primary issues with which to contend:

  • We need to manage our information management more effectively. We deal with enormous amounts of information – so much so that we simply cannot process all of it effectively. While some may put a pleasant spin on this overload (for example, some have referred to “information overload” as “information abundance”), the fact is that we have only a fixed amount of time each day and a fixed amount of attention we can devote to important content. Much of what we encounter, particularly from social media, for example, is more drivel than meaningful information, and so placing personal limits on what we pay attention to is essential.
  • Perhaps more realistically, however, we need better tools to help us manage information more efficiently and effectively. This is particularly true for email, given that the typical information worker spends about 150 minutes per day doing work in their email system. Many vendors have attempted to manage this overload with varying degrees of success, but some of the newer tools are making good headway in actually doing something about information overload.

In short, the amount of information is growing, but the time and attention we can devote to it is not – we need better tools, particularly email tools, to address this growing mismatch.