BYOD is a Business Strategy, not a Technology Decision
Too often, the adoption of technology is predicated on whether a company can do it, rather than should they do it. While understanding the current technical capabilities of the company must influence any decision, many decisions are not technology decisions. This is true for an emerging trend in business today – Bring-Your-Own-Device, BYOD. The premise behind BYOD is employees, instead of employers, have the option of purchasing a computer system or electronic device to their preferences and not the standard build of the company. While several benefits exist in this approach, there are some considerations and risks that must be addressed for the strategy to use BYOD as a key enabler of a successful business environment, while also improving the technical infrastructure and capabilities of the organization.
Understanding BYOD Better
BYOD programs are a byproduct of the massive consumerism of IT. In a 2011 survey, 13% of full time employees believed they had better hardware and software at work compared to their home systems. The IT requirements between work and home use are similar compared to a few years ago, as employees and their families are accessing the Internet, doing school work and playing games. More employees are started to desire similar systems at work that they use at home. The use of tablets and smartphones is increasing the demand. McKinsey reported in their 2012 report, titled “The mobility disruption The next enterprise IT shake-up”, that 75% of the workforce is using a single device for both personal and business use. The same report states that CIOs are looking to leverage this trend as 77% surveyed are planning to allow employees to use personal mobile devices to access company data and applications. As companies determine their mobile strategy, they will likely consider the possibility of adopting a BYOD strategy.
One benefit of BYOD is the familiarity of the employee with the device they own. As a result, they are likely best able to navigate smoothly within an application and between multiple applications on the device. The disadvantage arises in application architecture and design where business applications are not natively mobile. Likely several changes need to be made to many legacy-based applications before they are accessible through a mobile device. Like any major improvement, the decision becomes a business decision because of broad issues, accounting of investment costs and project alignment, as well as the individual strategy for each application impacted.
Even when converting applications is not an issue, companies must determine what cloud-based or mobile applications will be included in the list of acceptable applications. Traditionally, companies had strict controls on what applications were in their standard build to ensure compatibility and productivity. When any application can be downloaded at the push of a button, the need for control becomes even greater. Google Apps for Work understands this issue as it allows companies to isolated approved applications for download from their general store. While these decisions may touch on technical capabilities, what applications will be used and how is a business decision.
The key word in ‘Bring Your Own Device’ is bring, not device. Such programs support a behavior for the workforce. In context, companies must determine if they can and will support the behavior. In some instances, they may have no choice: Hewlett Packard estimates that by 2020 every professional will use more than six mobile devices. Similar studies show that more people will rely on mobile devices over desktop PCs. A couple of decades ago, most security policies addressed unauthorized access to systems using stolen employee information. Today, mobile devices are an easy means of accessing company data as unsuspecting employees are working through the front door with the hacker’s access point in hand. The initiation of BYOD programs provides an opportunity to train these employees in properly securing their mobile devices and how to protect the company’s data: training which they won’t get anywhere else. Another opportunity is the permissible authority to monitor usage of the device and access to company data to maintain business integrity and security of the infrastructure.
The Urgency of Deciding
Companies do not have the luxury of waiting to see how things work out. Mobile devices are commonplace and, by definition, easily concealable. An employee with a personal smartphone is a potential security risk the minute they step through the front door. That risk increases as they use the device on the premise throughout the day and even further if they send or access company data through the device. Though companies may require employees to leave personal belongings out of the work area, enforcement is an issue and problems will ensue. Ultimately, the decision must come from the business, not IT as to whether a BYOD program is advantageous and acceptable. 80% of enterprise currently lack any form of MDM policy or platform. Making the decision today is paramount for controlling the situation later.