Most enterprise CIOs are facing an unusual dilemma. There is a considerable push from employee-end to support the use of personal devices in workspaces for work-related tasks. But there is resistance to the idea from IT departments, which are of the general opinion that risks often outweigh the benefits. So the question remains, ‘To BYOD or Not?’. Tech magazines have a lot to say, and you hope for solutions that satisfy the needs of both users and IT admins. But your hopes are dashed, confusion prevails. Why?
It is because the surveys carry conflicting reports on BYOD. According to one, it’s a fad that is fading, while another finds that the trend towards personal device use for work is rising.
CompTIA survey finds 53% of private companies ban BYOD
An online survey conducted among U.S. IT professionals in various private businesses found that 53% allowed no BYOD, up significantly from 34% in 2013.
Meanwhile, the folks at Gartner paint a different picture –
Through 2017, Gartner said that 90 percent of organisations would support some aspect of BYOD. By 2018 there will be twice as many employee-owned devices used for work than enterprise-owned devices
Confusing? Not If You Look Closer…
The IT management perspective
BYOD is a contentious issue for IT managers. It sparks fears of loss of control, security breaches and compliance and compatibility nightmares for IT departments. Where compliance to BYOD is hard to achieve, IT managers often turn a blind-eye to user practices that are not harmful. The official line remains unfavourable to BYOD, while the actual practice may be different leading surveys reporting false-truths.
The user perspective
Users are more comfortable working on devices they are familiar with. Companies tolerate the use of personal devices and may even encourage it if it increases productivity, job satisfaction and cost savings on hardware purchases. A mobile workforce can result in significant productivity gains in some industries like healthcare and insurance to quote two examples.
What will future workplaces look like?
If you pause and look around your office, you will perhaps notice people furiously typing away at their workstations or on their handheld devices (tablets, smartphones). Well, the future will develop along those lines.
BYOD trend is set to grow and has already seen adoption at all levels, including SMBs.
In the U.S., 61% of small businesses allow their employees to bring their own devices to work, according to research from global SMB IT market research firm, Techaisle.
SMBs stand to gain significant business value from the BYOD trend but are the least equipped to handle its risks.
Drivers For BYOD Adoption?
1. Consumerization of IT and IT Self-Sufficiency at employee-level
Employees find it cumbersome to work on traditional corporate devices like Blackberrys when their personal devices deliver superior user experience and performance. This is what is primarily fueling the BYOD trend, and having a policy can help mitigate risks by ensuring safe use. Which is why BYOD will happen whether a company plans for it or not.
2. Remote Working trend is set to boom.
Future workplaces will be a mix of the traditional approaches—offices and hubs and a relatively large remote-worker ecosystem.
3. Enterprise Mobility Will Generate Business Value.
Consider the healthcare industry, consumers, providers and payors are all looking for the same thing: More value Per Dollar Spend. The easiest way to increase value without compromising on quality of care is to introduce workforce mobility.
BYOD: A Double-Edged Sword
BYOD presents a classic dilemma for enterprise CIOs who are hard pressed to choose between its apparent success at productivity enhancement and the very real danger of data loss or leakage. Weighing the pros and cons will illustrate the difficulties and opportunities inherent in the BYOD dilemma perfectly.
1. Data Security
The foremost challenge is data security. The magnitude of the problem is revealed if you consider these figures:
A survey by Mobile security provider AdaptiveMobile found that of the 500 companies surveyed almost half had experienced a security breach within the last 12 months. 80% of these companies were in support of BYOD. One company in the study lost $80,000 when its financial database was hacked last year via a mobile device.
2. Lack of control.
With hundreds of devices in play, the susceptibility of both personal devices and corporate devices to viruses and hacking increases. Firms have to make sure all their devices are up to date with reliable security programs, on an ongoing basis. This can turn into a costly and time-consuming exercise.
News of malware attacks channelled through Google Play store some of which gave themselves root privileges have scared companies with BYOD policies. Brain Test malware, and Android.Bankosy have renewed concerns on risks in BYOD adoption. An employee could inadvertently download an app that contains malware, and that app could compromise the data on the device.
3. IT administration becomes difficult.
Imagine hundreds of different devices, from different manufacturers, running on different platforms and using different versions of the OS interacting with company networks and devices. Managing enterprise file mobility and security becomes complicated in such a context.
4. Compatibility and interoperability issues.
These arise due to diversity in device usage and preference. With so many different devices and operating systems in play, IT procurement is complicated. CIOs struggle to identify and purchase programs that work for everyone
5. May run afoul of data protection and compliance laws.
Take the case of an Insurance company which failed the compliance audit due to inadequate security and management of emails enabled on the employee-owned devices.
Similarly, in Europe, privacy issues are paramount, and there are a lot of restrictions on corporate access to personal data, making the task of enterprise security management tougher.
6. Heavy on Employee Pocket.
Employees may not be willing to invest their money in purchasing the latest devices. They may expect employers to pay for certain technologies either through stipends or by subsidising the cost of upgrading to new devices.
7. Costs of Adoption
Organizations have to put separate policies and processes in place to support the BYOD concept at work. Employee training programs and incentive programs add significant costs to BYOD adoption. Additional budget and personnel required to support enterprise mobility management solutions.
8. BYOD brings legal risks.
If an employee had used his/her personal device to do any official work, the company might be liable for any laws broken using the device.
Coca-Cola learned that lesson the hard way: Last year the soda maker was hit with a $21 million court judgment after a Coca-Cola truck driver who was talking on her cell phone while driving struck a Texas woman. Sexting and related forms of sexual harassment, Distracted driving and posting abusive or objectionable social media content by your employees can cost you top dollar, both in legal fees and in damages paid.
9. IP theft
Intellectual Property of the company may be leaked outside intentionally or unintentionally (Misplaced/stolen/hacked on unsecured networks). This can seriously harm their business competitiveness with million/billion dollar losses in play. A survey points out how real the problem is –
A Centrify survey of more than 500 employees at mid-to-large companies showed that 43 percent had accessed sensitive corporate data while on an unsecured public network, 15 percent have had their personal account or password compromised.
1. Lower IT costs
Reduces expenditure on purchasing company-owned devices, as it shifts most of the cost to users. This is especially beneficial for smaller companies and startups. For services companies with low data security needs, BYOD can be a key differentiator that improves business competitiveness.
2. Improves Employee Satisfaction
Employees get the freedom to choose their devices and to carry fewer devices. Being able to work with devices they are already familiar with saves time and effort needed to get familiar with a new device.
3. Faster technology upgrades
As people upgrade their personal devices fairly often new technology comes to workplace environments sooner. These technology innovations help improve workplace productivity and efficiencies quickly. If organisations pay a part of the cost, employees make even become early adopters of latest tech.
There are also other advantages like
- Increased employee productivity and engagement.
- Collaborative learning with dynamic peer to peer engagement.
- Increased employee participation and motivation.
CIOs are often looking for potential solutions that can help reap the benefits of BYOD while mitigating its risks
1. Comprehensive BYOD policy and EMM solutions to assist its implementation.
Example – Ingram Micro’s robust program for supporting BYOD. Ingram Micro rolled out a BYOD policy globally. The policy was put together by HR, IT and Legal teams working together and taking regional regulations into consideration. Ingram Micro uses MobileIron’s mobile device management software to handle remote deployment and configuration and security policies. Ingram Micro retains the right to wipe corporate data from a personal while ensuring the IT department has no access to personal data.
2. Implement alternative ownership models
Restricting BYOD choice to certain approved devices. This approach does not pose problems if the device being offered is something that employees prefer too. iPad and iPhone adoption is high among corporate users. iOS is also more secure than Android and Windows system.
Example – Blackstone, a global investment and advisory firm responsible for $210 billion in assets adopted a BYOA policy (Bring Your Own Apple Policy). BYOA is a limited version BYOD, which supports Apple devices only.
3. Trust and Communication centric BYOD policy
This approach is popular with SMBs too which rely on having a BYOD policy that clearly communicated risks and best practices to employees and relies on incentivizing adherence through awareness.
Example – Intel’s policy clarifies the level of access and control IT has to personal data and company data on personal devices. It containerizes company applications and data and controls only the those. It introduces an element of choice for employees in the implementation process by letting them choose the level of BYOD support they require and their responsibilities.
4. Informal BYOD policies
Perceived risks of BYOD aren’t that high for some firms, especially in service-oriented businesses. Such companies are investing in increasing in employee training and awareness of risks supported by incentive programs in place of formal BYOD policies and Mobility Management Solutions. Also, arrival of cloud-supported enterprise applications means, the task of access control and authentication is managed by the cloud provider.
Solutions to implement BYOD strategies
When BYOD first arrived Mobile Device Management (MDM) solutions were put in place to mitigate security risks. But privacy issues and bad user experiences associated with MDM solutions led to the emergence of Enterprise mobility management (EMM) solutions. EMM solutions take a data-centric approach to enterprise security management. EMM solutions allow employees to access work-related apps and data through their devices without losing control over personal data. Most EMM solutions have the following core features:
- Mobile Application Management (MAM) – management of devices from application level, like configuring how applications access information
- Mobile Identity Management (MIM) – functions like role-based access. These use geofencing technology to ascertain who is using the device and the location of its user.
- Mobile Content Management (MCM) – allows control over content, like restricting the ability to copy-paste, etc.
A Good EMM solution will also simplify an admin’s user experience making it easier for them to manage enterprise mobility.
Companies are able to plug gaps in the enterprise security armour that personal devices may create through effective BYOD policies supplemented by mobility management solutions. The security aspect has dominated the conversation around BYOD until recently. But lately, IT departments and CIOs are looking around the security wall to discover the benefits it brings, i.e., greater enterprise agility and better employee engagement. BYOD may well be the necessary evil of our times.