Organisations seem to be tripping over themselves trying to sort out strategies for bring your own device (BYOD), now that they realise employees expect to use their favourite consumer gadgets for work.
The impetus for many appears to be more about not wanting to be left behind, or appearing old-fashioned or unappealing to the generation Ys and digital natives heading into the workforce. This is the latest business trend. The Californians are doing it, the media has been talking about and it features in nearly every IT supplier’s marketing messages – whether relevant or not. So everyone wants to be seen to be doing something.
Of course under-pressure CIOs and IT managers want to be seen as supportive too, especially when the demands come from iPad-toting execs, and having a BYOD strategy goes down well. The questions IT needs to answer come thick and fast. Which devices? Do we include tablets? Fully employee owned or on some sort of company car-like lease with employee contributions?
All good questions, but they largely miss the point. BYOD isn’t really about devices, but something much more important – their use. Sure, employees will argue that one type of hardware makes them more productive than another, and perhaps to a certain extent it might.
Meeting personal preferences generally leads to faster adoption or acceptance of any tool, especially when it involves the user interface. Some individuals get on better with real keyboards, while others need large screens.
The real payback for BYOD
However the real payback to the employer comes from how the device interfaces not just to the individual carrying it, but to everything and everyone else in the organisation. This issue is about connection and communication, not the hardware itself. The benefits that arise from getting this point right all arise from the standard considerations – reduction of cost and risk plus value creation.
Organisations that believe they have saved money just by saying, “BYOD? We’re cool with that”, are really setting themselves up for a fall. The risks and potential savings are in the BYOCs – contract, content, cloud and collaboration – and the impact these have on cost, interoperability, security and productivity.
First, contracts. This is a difficult one, which most keenly affects devices connected to the cellular networks, especially if they are going to be used to make phone calls. The reasons are simple: unlicensed networks tend to have all-you-can-eat models and all traffic is seen as just data. But cellular networks discriminate by the minute and megabyte and the discrimination is worse when roaming or going off net to communicate with a different carrier.
Enterprises get big benefits from going to a single carrier – in plan calls, large discounts and support. All these advantages disappear if employees’ mobile contracts fragment into individual tariffs. Issues relating to content are better understood but still rightly feared. Rogue applications, insecure data, and devices vulnerable to loss or theft send shivers down the spine of CIOs.
If employees use their own devices, what safeguards does the organisation have for the sensitive data that might end up on that personal hardware and what can it do to ensure that personal device choices will support all the business apps that staff need to do their job?
Using the same end-point protection software on employee-owned devices that is used on corporate hardware is fraught with issues. For example, what happens when a remote lock and wipe destroys, say, personal photos?
Better approaches are to project a virtual business presence that disappears after use or to deploy the business into its own insulated sandbox. The advantage of both is that they also work well for contract employees and third-party partner companies, both of which are integral to the way many organisations work.
Beyond the device and into the cloud
The increasing use of cloud-based storage for file-sharing and convenience extends the content issue beyond the device and into the public internet or cloud, even further from the control of the IT department.
This practice is impossible to stop, and it is no longer realistic to assume employees can be educated to behave more responsibly. The safest approach is to try to stem the use of wide-open consumer tools with business alternatives that are still flexible and easy for the employee, but provide enterprise controls.
Employees now have more collaboration options than ever before, but unlike the formal, enterprise-deployed unified communications tools, these options are informal and social. Just as many security and compliance issues were caused by the early adoption of instant messaging. Now a similar risk comes from employee use of public social media for sharing business information.
Individuals have grown accustomed to using it online, but are now increasingly taking advantage of access on their mobile devices. Sharing information has never been easier, increasing the risks to the organisation.
Organisations are right to plan for and adapt to the change in working practices that consumer technologies and BYOD bring, but strategies that do little to encompass the wider BYOC issues will fail to deliver on the expected benefits. Worse still, they will introduce unanticipated costs and risks, which with a bit more planning and effort could have been avoided.