Business Issues -> Costs
By: Rob Bamforth, Principal Analyst, Quocirca
Published: 5th July 2012
Copyright Quocirca © 2012
Organisations seem to be tripping over themselves trying to sort out strategies for bring your own device (BYOD), now that they realise employees expect to use their favourite consumer gadgets for work.
The impetus for many appears to be more about not wanting to be left behind, or appearing old-fashioned or unappealing to the generation Ys and digital natives heading into the workforce.
This is the latest business trend. The Californians are doing it, the media has been talking about and it features in nearly every IT supplier’s marketing messages - whether relevant or not. So everyone wants to be seen to be doing something.
Of course under-pressure CIOs and IT managers want to be seen as supportive too, especially when the demands come from iPad-toting execs, and having a BYOD strategy goes down well.
The questions IT needs to answer come thick and fast. Which devices? Do we include tablets? Fully employee owned or on some sort of company car-like lease with employee contributions?
All good questions, but they largely miss the point. BYOD isn’t really about devices, but something much more important - their use.
Sure, employees will argue that one type of hardware makes them more productive than another, and perhaps to a certain extent it might. Meeting personal preferences generally leads to faster adoption or acceptance of any tool, especially when it involves the user interface. Some individuals get on better with real keyboards, while others need large screens.
The real payback for BYOD
However the real payback to the employer comes from how the device interfaces not just to the individual carrying it, but to everything and everyone else in the organisation.
This issue is about connection and communication, not the hardware itself. The benefits that arise from getting this point right all arise from the standard considerations - reduction of cost and risk plus value creation.
Organisations that believe they have saved money just by saying, “BYOD? We’re cool with that”, are really setting themselves up for a fall. The risks and potential savings are in the BYOCs - contract, content, cloud and collaboration - and the impact these have on cost, interoperability, security and productivity.
First, contracts. This is a difficult one, which most keenly affects devices connected to the cellular networks, especially if they are going to be used to make phone calls.
The reasons are simple: unlicensed networks tend to have all-you-can-eat models and all traffic is seen as just data. But cellular networks discriminate by the minute and megabyte and the discrimination is worse when roaming or going off net to communicate with a different carrier.
Enterprises get big benefits from going to a single carrier - in plan calls, large discounts and support. All these advantages disappear if employees’ mobile contracts fragment into individual tariffs.
Issues relating to content are better understood but still rightly feared. Rogue applications, insecure data, and devices vulnerable to loss or theft send shivers down the spine of CIOs.
If employees use their own devices, what safeguards does the organisation have for the sensitive data that might end up on that personal hardware and what can it do to ensure that personal device choices will support all the business apps that staff need to do their job?
Using the same end-point protection software on employee-owned devices that is used on corporate hardware is fraught with issues. For example, what happens when a remote lock and wipe destroys, say, personal photos?
Better approaches are to project a virtual business presence that disappears after use or to deploy the business into its own insulated sandbox. The advantage of both is that they also work well for contract employees and third-party partner companies, both of which are integral to the way many organisations work.
Beyond the device and into the cloud
The increasing use of cloud-based storage for file-sharing and convenience extends the content issue beyond the device and into the public internet or cloud, even further from the control of the IT department.
This practice is impossible to stop, and it is no longer realistic to assume employees can be educated to behave more responsibly. The safest approach is to try to stem the use of wide-open consumer tools with business alternatives that are still flexible and easy for the employee, but provide enterprise controls.
Employees now have more collaboration options than ever before, but unlike the formal, enterprise-deployed unified communications tools, these options are informal and social.
Just as many security and compliance issues were caused by the early adoption of instant messaging. Now a similar risk comes from employee use of public social media for sharing business information.
Individuals have grown accustomed to using it online, but are now increasingly taking advantage of access on their mobile devices. Sharing information has never been easier, increasing the risks to the organisation.
Organisations are right to plan for and adapt to the change in working practices that consumer technologies and BYOD bring, but strategies that do little to encompass the wider BYOC issues will fail to deliver on the expected benefits.
Worse still, they will introduce unanticipated costs and risks, which, with a bit more planning and effort, could have been avoided.
This article first appeared on http://www.techrepublic.com
Posted: 11th July 2012 | By David Topping :
I'm not sure that organisations are "tripping over themselves to sort out strategies" for BYOD. Most organisations seem to be trying to sort out tactics for BYOD and your examples are all spot on. This is especially important now that the users are no longer a few Gen Y's but Gen X Chief * Officers who aren't asking if they can use the device, they're just using it.
The most important thing seems to be whether a company takes a structural approach or a mechanistic approach to BYOD. That is, do they ask how they can fix the problem of the device itself or do they ask how they can manage the risks and costs of the devicesâ actual use.
Support for devices seems to be less of an issue, their popularity is based on their simplicity and ease of use; most users appear to manage the device itself quite happily. As stated costs can be mitigated by inclusion of enterprise âall you can eatâ data contracts.
The big issue is ensuring content security while maintaining the ease of use and collaborative aspect of the device. This is where a structural approach is important. The organisations identify what content needs to be secure, put it in an âinsulated sandboxâ that has its own security and compliance management, simply don't have the problem - on any device, including the PC, on the desk, inside the enterprise firewall, or even the 3rd party PC, outside the firewall.
Posted: 11th July 2012 | By Tony Young :
Rob - I'm the CIO for Informatica and I appreciate your article. Many organizations are grappling with what to do. It's a complicated issue, as you've articulated. From my perspective, the first thing that needs to be done is understand the reason WHY you need to build a BYOD policy. (we also include personal laptops as devices) You need to define the business driver. Secondly, you need to determine the cost and whether or not the rationale/benefits outweigh the costs. To me, one of the biggest costs is security/loss of information. It's not just technology that address these concerns, it's also policy. As you highlighted, there's lots of ways to leak data, and you can't fully control everything.
Posted: 12th July 2012 | By RobB :
Thanks Tony - I think you're spot on with the start point of 'why' and the importance of policy. Individuals need to understand that personal responsibility goes alongside the flexibility they are hoping to enjoy.
Some organisations treat BYOD as part of broader change in working practices which might also include mobile/home working, flexible/hot desking etc and the shift in management style and policies that all these changes require. It might not make the task any easier, but it may help the justification to be based on a wider set of business issues and needs than simply 'I want one of those'.
The messages above were all contributed by IT-Director.com readers. Whilst we take care to remove any posts deemed inappropriate, we can take no responsibility for these comments. If you would like a comment removed please contact our editorial team.
We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761