The Bring-Your-Own-Device (BYOD) phenomenon has been steadily gaining traction in the enterprise, following on several years of this trend in the SMB space. Put simply, BYOD means that employees provide and use their own personal technology to do their jobs. Though people typically think of smartphones and tablets as the main tools of BYOD, many companies include laptops and even home PCs in this category.
BYOD is a result of the “consumerization of IT” trend — that is, consumer technology has caught up with and surpassed the capabilities and flexibility of traditional corporate technology solutions. As companies become more mobile, adopt flexible work arrangements and as mobile security and management matures, employees — especially executives — are finding ways around corporate restrictions and, often despite security policies, using their own consumer devices to be productive outside of and even in the office. Smartphones and tablets are powerful and integrated computing/communication/collaboration platforms that enable employees to work on the go and often more efficiently than lugging heavy and slow laptops from place to place.
The benefits of BYOD include employee productivity and efficiency gains, reduced technology spend, and employee retention and attraction (particularly for Millenials). For the past few years corporate IT has carefully watched this trend, and has taken cautious steps along a path that includes observation, acceptance, support, and adoption. Along the way, many organizations encounter stumbling blocks, especially when moving from support to adoption. Here are some considerations that most mid-large companies must evaluate when choosing to move down the BYOD path. All of these can be potential roadblocks for companies hoping to realize the full benefits of BYOD:
1. Security and Privacy
Although mobile device and software makers are continuously increasing the security and management capabilities of their products, companies will struggle with ways to ensure sensitive company data stays secure. Strong mobile device management (MDM) and Mobile Application Management (MAM) solutions provide IT with the means to control devices with security policies, create “sandboxed” environments for employees to work in on their devices, or in the event of loss, remotely wipe data. Companies have to decide the lengths they need to go to not only secure their data but also comply with industry regulations such as GLBA or HIPAA. Companies in the financial or healthcare industries have some unique challenges when it comes to securing data in the BYOD world.
Remember, BYOD means that employees will be using their own personal hardware to do work, which presents opportunities for co-mingling of personal and corporate data. Examples include employees mixing personal and business contacts in their address books, or using their own personal mail accounts to send corporate mail, potentially bypassing compliance checks or virus scanners. For businesses which push security policies to mobile devices, this means that the employee’s personal device is somewhat in control of corporate IT. Many people don’t like the idea that the folks in IT may have access to personal data such as browsing history or e-mail. Unlike in the US, many European countries have very strong employee privacy regulations, which create additional challenges for countries with international offices.
When an employee’s BYOD tablet doesn’t work right, who fixes it? If it breaks, who fixes it? If it gets lost, who replaces it? These are important questions that need to be answered and communicated up front to employees participating in BYOD. Some companies take a hands-off approach to support, placing the responsibility on the employee for the cost and effort of keeping their device up and running. Even then, support considerations have to be made if employees are running company apps and are having problems.
In the support category is the notion of consistency in a BYOD program. There are literally hundreds of different mobile devices on the market, resulting in a mixed bag of operating systems, apps and device capabilities. This can result in headaches for the user and IT and especially those non-BYOD employees having to deal with incompatible files or employees using whatever app solutions they want, resulting in a Tower-of-Babel-style communication problem. Many employees will look to IT to provision business apps on their devices, and these apps will need to be supported (and paid for) to some extent, if only to keep track of licenses and versions.
3. True cost
Most of the considerations mentioned for security and support will impact the true cost of adopting BYOD. Your company may save a couple hundred dollars per device, and maybe even save some money on support. There are other costs that need to be factored into the equation, including the internal cost of securing devices, MDM and MAM licenses, and app licenses (which are usually not re-issued when employees leave). Some companies will agree to provide some kind of reimbursement for monthly phone and data charges, and these costs pare down savings significantly.
The main point of all this is that organizations need to walk down the BYOD path with their eyes wide open to all the possibilities and challenges that will face them. One of the most important things a company can do is make sure that device cost/reimbursement, security policies, governance and support procedures are well documented and applied consistently even before BYOD starts to take off. Once key decisions are made, the next step is to put together an ROI analysis to determine if the benefits of BYOD outweigh the risks for your company. It’s no fun trying to manage expectations after months of setting precedent of lax or non-existent policy, but if there is a BYOD on-boarding process with everything laid out up front, employees can make an educated decision to participate without any surprises on either side.