Barry Porozni, CIO of The Reinvestment Fund in Philadelphia, recently spoke with SearchCIO-Midmarket Editorial Director Christina Torode about TRF's bring your own device (BYOD) program. Here, in part 1, he discusses the surprises he encountered and how he prepared the infrastructure for mobile devices. TRF is a community development financial institution that manages more than $700 million in capital and has made more than $1.2 billion in community investments, financing more than 2,750 projects since it was founded in 1985.
What route did you take with your BYOD program? An employee-owned BYOD program, for example, or a corporate-owned device program, and why?
Barry Porozni: The employees buy and own all their own devices, and the investment fund provides them with the calling plan or the data plan, if you will, and we decided to let the employees choose the device -- because one of the rationales behind the program is they should use whatever they feel is most productive. So, if they like what an iPhone does for them or they like what an Android does for them or various tablets, we felt they should have that choice, and that's why we went the route of employee-owned.
What have you learned so far, and how has the BYOD program changed as a result since it was launched?
We did a really rough estimate of two devices per person -- well, we're averaging almost three devices per person at a time.
Porozni: So, there were a couple things that I wouldn't say were surprises, but I wouldn't have predicted to be as impactful as they were. One is just the frequency of device turnover. We've had people in the three-and-a-half years that have gone through three phones in that length of time, yet some people have just bought their phone for the first time this very week. So, the frequency of people acquiring and adding devices was somewhat of a surprise.
The other thing of a more technical nature is just address space. I mean TCP/IP address space on our local area network. When we did our subnetting, we provided address space for servers and desktops and printers and so on. We did a really rough estimate of two devices per person -- well, we're averaging almost three devices per person at a time. One day, we ran out of address space and someone couldn't get connected with their device. After a little bit of troubleshooting, we saw why, and then after fixing and going back and doing the analysis, we said, 'People carry a smartphone and a tablet with them now when they work.'
Did you underestimate the impact that BYOD and mobile devices would have on your infrastructure and how it might have to change?
Porozni: Certainly, the address space was an impact on infrastructure, although it wasn't [the] typical capacity-type of impact where we had to add bigger servers or different routers or different switches to our network; it was almost with administrative-type of issues. We anticipated that people would connect more and connect more often and, in fact, if anything overbuilt the network to be able to handle remote connectivity because we expected people to pick up their iPad or pick up whatever tablet they liked and check their email on their way home on the train or waiting at an airport. So, infrastructure-wise, I think we were in pretty good shape and even are today having anticipated heavier utilization. But you definitely have to go into this anticipating that people will be using their devices more and checking their email more and downloading more files and data.
How much capacity did you end up adding?
Porozni: We've probably got double the capacity today that we had two years ago. We've got [a] 25 megabit Internet connection spread across two providers, but I wouldn't attribute that all to the BYOD factor -- we have more online services and we're using more cloud-based applications. I wish I could give you a rule of thumb to say that for every employee you need to count on adding X megabits capacity, but the thing you can count on is more connections. So, in a connection-based network, say, for the wireless access points, for the address space, you do have to plan that for every employee in the office, you'll probably have two to three connections for that particular employee: his desktop, his phone or one of desktop, phone and/or a tablet.
What were your top priorities when you went to develop your BYOD policies, and have these changed since you initially put these policies in place?
More on BYOD programs
BYOD and privacy concerns
BYOD security complicated compliance
Mobility management: Planning for the BYOD factor
Porozni: One of the most important things was freedom of choice, for lack of a better word. We were 100% BlackBerry shops. We had a [BlackBerry Enterprise Server] and everybody was carrying a BlackBerry and people genuinely weren't satisfied and this was even before the downturn of RIM [Research in Motion] and the immense popularity of iPhones and Androids. You couldn't do Web browsing and have a touch keypad -- it just wasn't as robust and easy to use as other devices of the era.
So, if we were going to do this and let people bring what they wanted, we had to make sure they could go get the device they wanted and didn't feel constrained by anything we were going to implement. And of course we wanted it to be secure. You worry about the loss, you worry about theft, you worry about date leakage -- more so every day, a little less back then because they weren't as prominent issues, but we wanted to give users choice and we wanted to make sure we could secure that choice.
What would you say is the most difficult BYOD policy to enforce?
Porozni: I think the ownership aspect of it. Before, when TRF supplied the BlackBerrys we bought in bulk, we had a standard pricing and we also insured them. Now, when people go and buy their own, if they lose it, that's their loss. We don't provide any additional insurance or coverage, so it becomes your own personal device truly, which is a quite a bit of a mindset change. When you come to work and your laptop or desktop isn't working, you can call the help desk and we'll fix it. If you lose your iPad on the way to work, we'll turn off access, but we can't help you replace it.
Read the transcript for part 2 of this podcast, where Porozni addresses how to manage mobile devices and whether mobile device virtualization is ready for prime time.
This was first published in October 2013