My colleague Torsten Boch wrote a great post recently about how companies can ensure license compliance when adopting workplace virtualization. Naturally, my mind started immediately racing to how the issue of compliance is complicated by mobile devices (I’m the MDM guy, after all). With the mobile workforce expected to grow to more than 1.2 billion by 2013, iPhones, BlackBerrys, Windows Phones and the like will continue to add complexity to the already complex issue of license compliance.
It’s not just the mobile devices, though – it’s the apps. The sheer number of apps/services developed on a regular basis means more complexity and potential headaches for IT – because most if not all have license agreements users must agree to use. A good example is Dropbox, a storage service with 45 million users (and with a recent funding round of $250M, they’re probably not going anywhere, IT admins). When users download Dropbox, they must agree to a licensing agreement. None of this is news to you, but consider the following common circumstance: an employee using his/her Dropbox for business-related purposes.
If your employees are using Dropbox for work-related purposes, they should probably be using Dropbox for Teams, which requires a different licensing agreement and purchase. If they’re not using Dropbox for Teams and instead using the free version, your company is likely not compliant unless your legal department has agreed to it. Here’s where it gets scarier: When your employees use free Dropbox services on behalf of the company, they are agreeing to the Dropbox terms for the company and promising that they have the authority to bind your company to the Dropbox terms. This compliance issue is not limited just to Dropbox; different versions of applications have different licensing agreements. This is the main reason companies aren’t compliant, and many don’t realize it.
This brings up a larger issue now beginning to permeate throughout the corporate world: If an employee brings his own device and downloads his own business apps, whose device is it, anyway? The employee’s or the employer’s? What if a company gives a user an iPad and allows personal apps – whose iPad is it?
I advise customers to enter into agreements with end-users that are suitable to their situation. If an employee brings an iPad into work and wants to use corporate software, that’s fine – but IT must be allowed to manage and control that section of the device. Should the user lose the device, there must be a contingency plan in place the user agrees to beforehand. In cases like these, the most prudent option oftentimes is completely erase the device to protect corporate data.
Further complicating matters is that different countries have different laws surrounding compliance. If you’re a global organization, you must understand which rules apply to which of your users and implement your own organizational rules accordingly.
Compliance issues will only increase as more and more mobile devices proliferate the enterprise. Companies would do well to put in place licensing guidelines that tackle issues arising from Bring Your Own Device (BYOD) initiatives.