Business Issues -> Security & Risk
By: Rob Bamforth, Principal Analyst, Quocirca
Published: 17th April 2013
Copyright Quocirca © 2013
Having seen so many vendors talking about it and so many articles written about it, may make it seem like it has been around forever, but the bring your own device (BYOD) trend has only really been ‘crossing the chasm’ of wider adoption in the last 6–12months.
Quocirca started widely referring to BYOD over two years ago, but it first cropped up when employees in certain companies, mainly in the IT industry, perhaps most notably Intel in 2010, brought their own smartphones into the office, mostly to access email. Since then it has become a byword for anybody wanting to appear that they are up to date with mobile thinking—hence its presence in so much marketing material.
All too often BYOD is conflated with ‘consumerisation’, which it is an element of, but there is much more to using a personal networked device for work than the fact that it was procured as a consumer purchase. Which is why organisations need to understand what they are getting into, and why, when they rush to adopt BYOD.
Unfortunately the focus simply on devices, shiny and attractive though they are, misses the point. Whilst these are expensive tools and organisations might like to outsource the cost of them to the eager employee, it is the purposes that employees put devices to that matters. The hope is that these tools make employees more productive and at a manageable cost to the business, without introducing it to unacceptable risks. For an IT manager, saying this and then ‘crossing fingers’ or ‘touching wood’ while they do, will not be sufficient.
A BYOD strategy is required, but as part of a wider IT strategy, encompassing remote working, corporate communications etiquette and standards etc. The most important thing to get to grips with is the ‘work/lifecycle’ of any and all personal technology used for work.
Anyone thinking, “we stop supplying phones and save money by letting users choose and bring their own” is being wildly over-simplistic. There are security and data protection risks with their associated costs, even if all that is being delivered is email on the move. For more complex or integrated IT applications, there may be architectural changes and this is where use of the cloud can be useful, but still requires a big shift in thinking and infrastructure.
As these are typically devices with networks and usage based contracts attached, there are direct operational, as well as capital, costs, which may be less transparent or easy to manage with BYOD. For example, what were once ‘on net’ calls within an enterprise contract, may now be between different carriers. The economies of scale of shared large data bundles could be haphazardly and uneconomically split across employees, mobile operators and Wi-Fi providers.
The worst of it is, no one will really know the true costs for some time as the lifecycle of device procurement, use, replacement and retirement is also completely fractured by BYOD. Software and firmware upgrade cycles will not be uniform across employees, who will also change, upgrade and add to their portfolio of device hardware at their own whim as finances allow.
Moving between departments or locations within an organisation might create additional strains, as the practices, hardware and applications suitable for one role may differ significantly for another. Finally when each employee leaves an organisation, the process of disentangling enterprise supported BYOD purchases, operator contracts and payments, and who has rights to which applications and data will not necessarily be easy.
‘Who is liable for what’, for many, will not be a black or white ‘corporate liable’ vs ‘employee liable’ and it is the grey area in between that will catch out or cost organisations dearly, unless they plan ‘exit strategies’ for BYOD as well as adoption strategies. For more thoughts on what this might involve, Quocirca has updated and re-published its report “BYOD – who carries the can” which is available for free download.
Posted: 30th April 2013 | By sherekaharver :
I agree that the lifecycle of device procurement and lifetime is a major cost and concern to IT departments, and the solution of letting employees use thier own phones has it's own issues, but I feel it is the apps and data that need to be the main focus of IT concerning BYOD. The large MDM and MAM systems are very costly as well, but I like the trend of using various apps to provide flexability, security and affordability to IT departments. Cutting edge IT departments are even going a step further using various BYOD orientated API's like the Tigertext Tigerconnect API for HIPAA compliant texting and Dropbox integration to develop thier own apps that they give to the employees. The future for BYOD looks very interesting.
The messages above were all contributed by IT-Director.com readers. Whilst we take care to remove any posts deemed inappropriate, we can take no responsibility for these comments. If you would like a comment removed please contact our editorial team.
We automatically stop accepting comments 180 days after a post is published. If you would like to know more about this subject, please contact us and we'll try to help.
Published by: IT Analysis Communications Ltd.
T: +44 (0)190 888 0760 | F: +44 (0)190 888 0761