16 comments

[ 2.4 ms ] story [ 49.2 ms ] thread
Sad, but my company just took a step back ten years this week. We were a small company originally, very mobile IT engIneering and sales teams. If you ever came to our offices it would be a ghost town during the day if everyone was busy out on client sites. We had Citrix for access back to the office, an allowance to get whatever data plan we wanted, provided light weight laptops, and all our apps were available by remote. Then we got bought by a much bigger company. Easier to kill of our systems and move us into the collective. Now my laptop is a shitty dell that weighs a ton, and our time sheet system now only works with IE, so my iPad now can no longer work seamlessly, so I HAVE to take my laptop with me, and our office communicator system now only works on the corporate network. No companies have to support BYOD, but it does make it feel like ten years ago with out it. 8(
Hey, at least you got a laptop -- 10 years ago, everyone was still tied to desktops and laptops were the iPad-like flexibly-mobile novelty back then. (And you brought one to a coffeeshop, everyone stared at you like you're a Mad Professor. Well, outside the Valley, I suppose.)
Laptops were already pretty ubiquitous at coffee shops around Cambridge, MA ten years ago. Longer than that actually. But I guess we weren't exactly representative of the nation.
Can you leave the laptop at home and talk to it with VNC? The iPad is God's own VNC client.
Unless this is your dream job I would start putting your resume together, that sounds like a tech ghetto red flag.
I'm usually one saying weird things like, "why do you say 'Post PC Revolution' when PC's are here to stay and still vitally important?"

This article answers that question -

BYOD, Bring Your Own Device, is unstoppable. Let the user choose. Let them use their laptop when that's the most convenient, or their mobile devices at a whim.

Do what Dropbox does.

I agree that new input methods (including touch and Kinect's inputs) represent a dramatic shift in hardware capabilities, and software UI's need to adapt.

I disagree that any of these changes make the PC less relevant or valuable.

Is it just me, or am I the only one who enjoys having two separate devices; one for work and one for personal use? This way I can set up two separate environments and optimize for purpose. For example, my work computer can be setup to maximize for coding, and my personal computer for gaming.

Perhaps the bigger issue is the lack of device choice for the company-issued devices?

Size and weight are an issue. I don't want to have two phones in my pockets. I have separate work and personal laptops, but I don't bring both into the office.

I agree that low-quality devices are probably also behind it. Many people would probably prefer to use their iPhone for work instead of the company-issued Blackberry.

"The value proposition of the API proxy increases dramatically if it is able to map between the security protocol of choice in the mobile world, OAuth, and the existing security infrastructure in the enterprise."

The problem is that OAuth is only Authorization - you still need Authentication. It seems to me you'd want to use SASL with mobile devices so that your mobile clients can connect to your enterprise's Kerberos or Active Directory Server. Haven't tried this, but maybe this would be a good start for Android devices: https://github.com/koterpillar/android-sasl

(seen here: http://stackoverflow.com/questions/3327615/is-there-sasl-imp...)

There are some unnecessary technical problems.

Android's native Exchange integration requires you to give up "remote administrator" access to your device; that means that the Exchange administrator can, at their whim, wipe your device and all your data. (There are other requirements around needing to enter a PIN each time you active your device, etc.) I don't know if or how this can be configured at the Exchange server end (and have been unable to sufficiently motivate corporate IT to find out), but the upshot is if you don't want to give up this remote access, you probably have to forego Android's Exchange integration.

There's TouchDown, a one-stop-shop for Exchange integration which keeps Exchange-related data in its own little silo, so when the remote kill order comes in, it only kills off the silo. At 20 USD it's not cheap as apps go, and AFAIK it needs you to enter a password to log in in order to be compliant etc. I have not used it.

Instead, I just use IMAP to access Exchange email, forego calendar integration, and blame IT when I turn up late for meetings.

Every Exchange install comes with a default ActiveSync policy and Android (along with iPhone, Windows Phone, and any other ActiveSync-capable client) will alert you to its existence and prompt you to accept that fact. This is a feature, not a bug. Your employer or Exchange provider can configure these however they like. Your IT admins may have the security policies locked down because of a requirement from "on high." The default policy is wide open and doesn't require a PIN or password lock nor does it wipe your device if you do set a security lock and get it incorrect.

Both you, as the Exchange user, and the Exchange administrator can perform a remote wipe on your device. If you don't like this level of access, as you said, you can simply not sync your personal device. At my employer, huge swaths of people don't sync work mail with personal devices for this and other reasons.

I think it's a bug that Android's integration requires you to accept a complete remote wipe, rather than just Exchange data. "Simply" not syncing has only one downside in my practical experience: no calendar integration. The "security" doesn't protect much when there's also IMAP access.
Every non-app ActiveSync implementation I'm aware of requires a full device wipe. iPhone goes one further and busts you down to boot loader (or did when I had an iPhone 3G and tried it out) so that it requires assistance from iTunes to get moving again. Windows Phone and Android will just reboot to stock.

Having IMAP access enabled means that your IT department didn't think ahead, they got overruled on having IMAP shut off, since it comes disabled by default, or they are using the default ActiveSync policy which will generate the security prompts as well.

The topic is BYOD. "Requiring" a full device wipe is a problem here then, I hope you can see - the remote server has no authority to require such a thing. That's a bug, whether it's a bug with institutions and software licensing, or with implementations, it's still a bug for proper BYOD support.
There is no way I am using a personal device for work. You think 'we demand your facebook password' was bad? Any big company is going to want root on any device that is in their network, period. Sure, most bosses wouldn't want to poke around, but if HR or Legal think that they need to search your computer to cover their asses, they're gonna do it. And you'll have signed an agreement giving them permission.
Multiple accounts / personnas on mobile devices is coming soon. Your work will not need root access, they simply get an "account" on your phone, with separate email, file system, web browser history, etc. I wouldn't be surprised if Android and iOS implemented this in the OS even.