Everything you need to know about BYOD
BSOD, DRAM, RTFM…
The IT world is full of acronyms, but none so potentially challenging as BYOD.
The term “Bring Your Own Device” (BYOD) was first coined by Intel in 2009, and since then it has become the darling of Gen-Xers and Millennials and a mighty thorn in the side of IT departments everywhere. The voices that call for it get louder as time passes – and with good reason – while those who are tasked with delivering it try to put the brakes on – also with good reason. Let’s look at some of the pros and cons of adopting BYOD.
What, exactly, is BYOD? And why is it popular?
BYOD refers to the practice of allowing employees to use their own devices – typically mobile phones, but also laptops and other devices – within a work environment. The practice has become popular with those generations that have grown up with greater access to high-end technology in the home environment; for these workers, the idea of using antiquated technology is seen as a drain on their productivity and effectiveness. In many cases, this “antiquated” technology may only be a few years old and is not the root cause of the issue; it’s the idea of being forced to work in a certain way and with a predefined set of products and services that is problematic.
BYOD is indicative of, and part of, a larger change in the workplace. In the race to keep hold of top talent, ideas around work/life balance, flexi-working, as well as initiatives like Great Place to Work also play a part. In fact, in some ways it is more about lifestyle than it is about cost savings, as Steve Halliday, a local government CIO in the UK states: “Total spend on desktop computing is only 3%-4% of the IT budget, so saving 12% of that is no great shakes, but it has a massive cultural impact.”
As progressive as BYOD might seem, it’s anathema to the majority of IT departments, being a world away from the structured familiarity of traditional IT hardware policy. So, for IT departments – maybe your IT department – facing up to these challenges, what can you do? Here are the pros and cons of BYOD, and the policy issues you should think about when implementing a BYOD policy.
What are the issues of adopting BYOD?
#1 – Security risks
The perceived number one issue with BYOD is security, and understandably so. Introducing uncontrolled devices onto a corporate network means that you have personal email accounts, cloud services and lengthened software inventory to look after. In this environment, the chances of malware or viruses entering the system are increased, not so much through tablets and phones, but primarily through laptops and netbooks. This can be exacerbated by poor password selection. A study by iPass showed that nearly half of the companies surveyed had experienced a data loss in the last year (although this was mainly caused by lost devices that could not be wiped, rather than malicious behavior from third parties).
#2 – Potential increase in support
IT departments are controlled and process-driven for a reason. By limiting the variability of the infrastructure (in terms of software and hardware), support becomes easier and more predictable. Issues, if found, can be fixed once across a large number of devices. Although BYOD might seem to be a way of reducing costs, it’s not that simple in reality. An increasingly complex IT environment may increase support costs, both in terms of additional staff and troubleshooting time.
#3 – Legalities!
You may have noticed that “Security risks” was labeled the “perceived number one issue” with BYOD. Quite right, because the really big issue is not just IT’s problem, it’s the organization’s. The legal issues that surround BYOD are still about risk, but this time in terms of control of data and the impact on a company involved in legal action. Consider these five examples:
1. In the event that an employee’s personal device gets stolen, can a company remote wipe the device without permission?
2. If the company needs to perform a search on the device, what data, if any, is private?
3. If employees leave the company, what happens to the data on their devices? How is it removed?
4. If employees sell or upgrade their device, what involvement should the company have?
5. If the device contains pirate software, who is liable for that software?
What are the benefits of BYOD?
#1- Save money on purchases – no tie-in on capital expense
It’s a commonly held belief that BYOD will cut costs, but as we’ve seen above, the cost calculations are not as simple as that. There is one thing which is true, though: BYOD does cut the amount of capital expenditure taken on by a business, which makes finance departments happy.
#2 – Better technology in the business – less reliance on cycles of purchasing
Consumer purchase and upgrade cycles are much shorter than those in business, meaning that more up to date technology gets into the business earlier. IT purchasing cycles are typically three or four years in length, most mobile phone contracts top out at 24 months, with some considerably shorter. Consumers are happy to pay the premium for new hardware in a way that businesses won’t, so BYOD is a great way to stay current.
#3 – Happier and harder-working employees
Companies that have embraced BYOD are finding that employees are working longer and more productively. Personal devices are kept close and, as a result, the gap between business and personal life closes. It’s been shown to be especially effective for those in creative tasks (although not so much for repetitive tasks).
#4 – Impact on office space
Finally, BYOD can have an impact on the way office space is used. The flexibility imposed by BYOD – and the fact that mobiles and laptops are portable and wireless – reduces the need for fixed desk and wired internet within an office environment. Companies such as Vodafone operate massive hot desk facilities where you can turn up and work where you want, dropping the footprint required per person and using space more efficiently. The result? Savings on the bottom line (and increased productivity to boot).
What should you think about when creating a policy?
With those pros and cons in mind, there are a number of questions you should ask yourself when setting up a BYOD policy for your business.
What will I allow?
Make it clear what the minimum requirements are for any device used for BYOD. This should include anti-virus, but should also include whitelisted and blacklisted software. If you know a piece of software will cause an issue, make sure you set this expectation upfront with users. This extends to devices as well. Don’t want to support Android but happy with iOS? State it and enforce it.
What will I support? What won’t I support?
Again, providing clarity to users upfront will help smooth the transition into BYOD. You’re still giving the user choices about what they use, but you’re not taking responsibility for everything on the device. Key items to define are the main productivity suites, including email clients and office software.
What rights do I have to an employee’s device? Can I remote wipe it? Can I remove content? What happens when an employee leaves? Or changes device?
Defining how you handle these issues should be your number one priority when setting up your BYOD policy. Make sure that all employees in the scheme sign a BYOD agreement that sets out your rights as well as theirs. The agreement should mirror your legal responsibilities; remember, the data on a BYOD device is your responsibility as it is being used for corporate purposes. If you need access to that data for any reason, whether to wipe it in the event of a data breach, or freeze it in the case of a legal hold, you need to have this ability set out in writing. Also be clear on ownership and responsibility around the software installed.
What do I expect of my employees?
Set up an Acceptable Use Policy to guide behavior, or extend your existing AUP to cover the use of personal devices used within the BYOD framework. Make sure that the standards that you would expect in a work environment are carried through; this might include browsing standards, such as controlling the use of social networking, and storing confidential data insecurely (on cloud services or other personal storage mediums). Setting expectations early makes it easier to police an agreement and strengthens your hand in the event of a breach occurring.
All sound too much? Introducing…
…the third way
A toss-up between happy employees and lack of control is a tough choice for any business, certainly large businesses and those within highly regulated industries. So it’s a good thing that there is a third way. In the middle of traditional IT setups and BYOD lies CYOD – Choose Your Own Device. Within a Choose Your Own Device scenario, an IT department will provide a selection of predefined device types and software solutions, from which a user can select. It has benefits for both sides, giving IT more control over the hardware and software footprint, and enabling the employee to select devices that suit their working style, lifestyle and consumer affiliations. For those organizations that are uncomfortable with BYOD, CYOD is a perfect first step.
Stepping into the known
BYOD can bring benefits to a business, but its introduction has to be controlled in the right way. It’s not something to fear, even though the challenges may seem to be daunting at first. The key is in the preparation. Take a step into the known.