How a Big Financial Services Firm Faced BYOD iPads
With BYOD iPad security under control, financial services firm Blackstone looks toward tough challenges ahead, including the possibility of company-owned iPads and opening up its BYOD program to Android and Windows 8 devices.
By Tom Kaneshige
Some heady confidential financial documents get passed around on iPads at Blackstone Group, a publicly traded alternative investment and financial services firm based in New York City managing over $200 billion in largely private equity and real estate.
“The iPad is really the most convenient way to consume these documents,” says Bill Murphy, CTO and managing director at Blackstone.
At Blackstone, iPads began arriving on the enterprise scene 18 months ago. Today, there are some 600 iPads among nearly 2,000 employees that tap the corporate network for confidential documents and emails. Most of them are privately owned BYOD, or bring your own, devices.
“The percentage of iPads to employees will continue to go up, based on the number of iPads we’re adding each month,” Murphy says. “My gut is that it will go from 600 to more than 1,000 in the next year.”
Blackstone spent a lot of time and energy finding ways to secure confidential documents on BYOD iPads, even looking at possibly purchasing iPads for employees. The company leveraged two main technologies—MobileIron and WatchDox—to solve the security problem.
But Blackstone isn’t out of the woods yet. With Android and Microsoft Windows 8 and Windows RT tablets bearing down on the market, Murphy faces the daunting challenge of opening up BYOD beyond iPads. His IT team isn’t staffed to handle an increasing number of different devices with the same level of customer service.
And then there’s the idea of just buying iPads for everyone. Can Murphy find a way to justify it?
CIO.com talked with Murphy about his iPad in the enterprise experience, tablet security and the future of tablet computing at Blackstone.
What kick-started iPads at Blackstone?
Murphy: We’re BYOAD right now, or bring your own Apple device. The iPad was the driving factor in wanting to increase the flexibility at the enterprise level, with people saying, “This is a new tool for work, and I want to use it.” They immediately saw the value of not bringing their laptops when traveling and having all their documents with them at all times.
The firm was unwilling to buy iPads, but we couldn’t say no to those who brought their own.
How important was iPad security? Is today’s technology up to the task?
Murphy: Putting confidential information on unmanaged mobile devices was obviously something we didn’t want to do. How do we secure the device in a way where we can feel comfortable that the device can be blown up and secured in the event of being lost, stolen or if the employee was let go? This was the gating factor to getting going at all.
How did you overcome this challenge?
Murphy: We restricted the use until we solved that problem with mobile device management. We implemented MobileIron and enabled applications such as email—still far and away the heaviest trafficked work application for mobile devices.
Now we have the ability to control centrally. MobileIron enforces a password, and we have relatively complex password requirements. We can track the device and expire it from afar when it connects to the Internet. This really shrinks down the ability for someone to attack that device to a very small window. We feel comfortable that no company confidential information is going to get stolen.
Then we implemented WatchDox to secure documents even further. WatchDox embeds digital rights management in the document itself. Unlike Dropbox, Box or any of these file sharing systems that give access to a document, WatchDox requires an authentication on top of the download. The stuff on the device is also encrypted. There’s no chance of someone forwarding the document and being able to open it without being authenticated to the secure WatchDox repository.
[Disclosure: Blackstone is a minority investor in WatchDox.]
Any blind spots with BYOD security?
Murphy: Nothing that keeps me up at night.
Android and other types of tablets are something we haven’t allowed in the environment. On the Android front, the ability to do whatever you want as a manufacturer or a hacker doesn’t make us feel overly comfortable. Also, the enormity of the different types of devices would put a significant strain on our IT staff.
Do you have plans to move from BYOD to company-owned iPads?
Murphy: There are lots of huge benefits going to an iPad. We’ve bought a few iPads and are trying to figure out if we can generate the ROI [return on investment] to justify issuing company-owned iPads. It’s still inconclusive whether or not you can cut paper costs and other things enough to justify the full cost of the device. The jury is still out.
We’ve loaned iPads and offered WorkDox documents at our investor conferences instead of handing out enormous paper books, which are costly to print. People like it because iPads are lighter to carry around. They can try out new technology that enables annotation and different types of note-taking. We’ve seen major savings: 80 to 90 percent of our printing costs have gone away.
For conferences, we’ve totally justified iPads.
But on the day to day, can you really go paperless? If you go paperless, can you quantify the dollars saved? There are other obvious benefits, in terms of speed and having everything with you all the time. We’re trying to better quantify the benefits of tablets. It’s not an absolute slam dunk where we want to issue them to everybody in our firm.
We do have the benefit of spending a lot in the past on messengering documents around, printing books and Fedex-ing materials to our board members. For certain people, there is a clear iPad ROI. If you send four major Fedex [packages] a year to various places around the globe, you can pay for an iPad pretty quickly.
Are you going to crack that ROI this year?
Murphy: We looked at it quickly, hoping it would be extremely easy to justify. We found it wasn’t a slam dunk, where you’d go to the hoop, get the funding and make it happen. So we de-prioritized it in favor of other more clear-cut projects. If we focused on it, I would give it a 50-50 chance of getting to justification.
I’d say the odds are pretty low because both those things would have to come to together.
With BYOD, you said you’re an Apple-only shop. How much longer can you hold on to this position?
Murphy: I don’t know, probably for a while at Blackstone.
Of course, the minute someone comes out with the latest, greatest thing that trumps Apple will probably be the point where we will start to succumb to some of those problems. The audience is very fickle. They’ll dump you and move to the next cool thing if it solves use cases better than the predecessor.
We’ve purchased a number of other tablets, testing them to see how we feel about it. We want to stay a step ahead of our users. We’ve tried Microsoft Surface and feel the Surface Pro has a chance to be interesting because of the ability to run full Office. However, the usability in my view still isn’t close to the iPad. Until [Microsoft] can skin that cat, I think we’ll have relatively few problems.
Are you dreading the day a top executive comes to work with a new Android tablet?
Murphy: A little bit. I think the mobile device management companies and WatchDox are working on [support] across all different types of devices. We have put a few foundational pieces in place and can expand relatively easily.
The biggest change that we’ll have to make at that point is to change the expectations of our users, in terms of support.
The main reasons we’re Apple-only is: one, the lockdown nature of the Apple devices make us feel better about security. But I think we can get over that security hurdle. The bigger thing is the assumption of enterprise support. As we proliferate new devices, we’ll need to change the culture in order to make that something we can support economically.
Right now, the amount we do for our users as it relates to mobile devices is vast. If we had to support 15 types of devices, we wouldn’t have the staff to be able to handle it. If we change expectations to, “hey, listen, you’re on your own,” then it wouldn’t be that bad technically to support them all.