Mobile Computing: Are BYOD Policies Even Worth It?July 16, 2013 1 Comment
It’s no use even trying to control it. BYOD (Bring Your Own Device) is here to stay. Everyone is bringing in their own devices to help at work, and trying to fight this trend is like trying to stop the tides from coming in. Some organizations, it is reported, are even mandating that employees bring in their own smartphones for work.
But should IT managers and executives attempt to rein in BYOD, at least for security purposes? It appears those that put such policies in place are swimming against the stream.
A new survey by Ovum, for example, finds seven out of ten employees use their own smartphones or tablets to do their jobs, and 56 percent admit to accessing corporate data with their devices. Not only that, but 15 percent admit they are doing it without the consent of IT. One out of five even do it, even though they are aware of company policies against it.
To make matters more challenging, BYOD isn’t just an issue among the rank-and-file. It’s the senior executives who are the biggest mobile device users. In a survey of 511 I recently conducted as part of my work with Forbes Insights, we found that multi-screen access is now commonplace in the executive suite – nine out of ten senior executives use their smartphones for business on a day-to-day basis, and also are increasingly migrating to tablets. A majority even say they now prefer to use mobile devices over their PCs to get things done.
So, you can see any attempt to institute a “BYOD policy” could be a very sensitive issue. Last year, I attended a seminar on mobile device management, or MDM, led by Michael Dortch, a highly regarded IT analyst. Michael emphasized the point that MDM actually should actually stand for “My Device Matters,” and that it is IT’s job to accommodate whatever type of access business users prefer or demand, versus attempting to dictate hardware choices.
Ultimately, BYOD policies end up, at best, being unenforceable, and at its worst, an impediment to productivity and innovation.
So any BYOD policy needs to respect that end-users know best what types of devices they need to get their jobs done. Still, guidelines are helpful. Last year, the federal government published a set of BYOD guidelines for its agencies, and these policies also are helpful in helping private-sector organizations manage the process as well.
As the government’s BYOD policy recommendations point out, IT departments need to work on accommodating the new devices and front-end clients, rather than attempting to restrain usage. “We must now integrate new technologies in a rapid, iterative, agile, interoperable, and secure method to meet changing market and customer needs,” the report states. “Device agnosticism is more important than ever. Our software, hardware, and applications must be compatible across common systems and personal devices.”
The government’s BYOD Working Group made the following key observations about the role of employee-owned devices in the workplace – again, private-sector organizations can benefit from these guidelines as well:
BYOD is about offering choice to customers. “By embracing the consumerization of IT, the government can address the personal preferences of its employees, offering them increased mobility and better integration of their personal and work lives. It also enables employees the flexibility to work in a way that optimizes their productivity.”
BYOD can and should be cost-effective, so a cost-benefit analysis is essential as the policy is deployed. “Such a cost-benefit analysis should take into account both potential increases in employee productivity and potential cost shifts. For example, providing employees access to government services on their personal devices should help reduce the number of government devices that are provided to staff as well as the life-cycle asset management costs associated with these devices. BYOD programs may, however, necessitate government reimbursement for voice/data costs incurred when employees use their personal mobile devices instead of government-issued mobile devices and additional enterprise infrastructure costs in handling the support of BYOD users. Additionally, overall costs may significantly increase for personnel who frequently communicate outside of the coverage area of their primary service provider and incur roaming charges.”
Implementation of a BYOD program presents agencies with a myriad of security, policy, technical, and legal challenges not only to internal communications, but also to relationships and trust with business and government partners. “The magnitude of the issues is a function of both the sensitivity of the underlying data and the amount of processing and data storage allowed on the personal device based on the technical approach adopted.
“Generally speaking, there are three high-level means of implementing a BYOD program: Virtualization, to provide remote access to computing resources so that no data or corporate application processing is stored or conducted on the personal device; walled garden, to contain data or corporate application processing within a secure application on the personal device so that it is segregated from personal data, and limited separation, to allow co-mingled corporate and personal data and/or application processing on the personal device with policies enacted to ensure minimum security controls are still satisfied.”
Joe McKendrick is an author and independent researcher, covering innovation, information technology trends and markets. Much of his research work is in conjunction with Unisphere Research/ Information Today, Inc. for user groups including SHARE, Oracle Applications Users Group, Independent Oracle Users Group and International DB2 Users Group. He is also research analyst with GigaOM Pro Research.
He is a regular contributor to Forbes.com, and well as a contributor to CBS interactive, authoring the ZDNet “Service Oriented” site, and CBS interactive’s SmartPlanet site.
Joe is a co-author of the SOA Manifesto, which outlines the values and guiding principles of service orientation in business and IT.
In a previous life, he served as communications and research manager of the Administrative Management Society (AMS), an international professional association dedicated to advancing knowledge within the IT and business management fields. He is a graduate of Temple University.Analyst Blog, CLOUD DATA, DATA and ANALYTICS , DATA SECURITY, MOBILE DATA