BYOD: Inevitable Evolution in Workplace Technology, or Avoidable IT/Security Nightmare?
By 2017, half of employers will require employees to supply their own device for work purposes
As enterprise bring-your-own-device (BYOD) programs continue to become more commonplace, 38% of companies expect to stop providing devices to workers by 2016, according to a global survey of CIOs by IT research and advisory firm Gartner, Inc.
“BYOD strategies are the most radical change to the economics and the culture of client computing in business in decades,” said David Willis, vice president and distinguished analyst at Gartner. “The benefits of BYOD include creating new mobile workforce opportunities, increasing employee satisfaction, and reducing or avoiding costs.”
Gartner defines a BYOD strategy as an alternative strategy that allows employees, business partners, and other users to use a personally selected and purchased client device to execute enterprise applications and access data. It typically spans smartphones and tablets, but the strategy may also be used for PCs. It may or may not include a subsidy.
BYOD drives innovation for CIOs and the business by increasing the number of mobile application users in the workforce. Rolling out applications throughout the workforce presents myriad new opportunities beyond traditional mobile email and communications. Applications such as time sheets, punch lists, site check-in/check-out, and employee self-service HR applications are just a few examples. Expanding access and driving innovation will ultimately be the legacy of the BYOD phenomenon.
While BYOD is occurring in companies and governments of all sizes, it is most prevalent in midsize and large organizations ($500 million to $5 billion in revenue, with 2,500 to 5,000 employees). BYOD also permits smaller companies to go mobile without a huge device and service investment. Adoption varies widely across the globe. Companies in the United States are twice as likely to allow BYOD as those in Europe, where BYOD has the lowest adoption of all the regions. In contrast, employees in India, China and Brazil are most likely to be using a personal device, typically a standard mobile phone, at work.
How a well-managed BYOD program subsidizes the use of a personal device is critical and can dramatically change the economics. Today, roughly half of BYOD programs provide a partial reimbursement, and full reimbursement for all costs will become rare. Gartner believes that coupling the effect of mass market adoption with the steady declines in carrier fees will allow employers to gradually reduce their subsidies, and as the number of workers using mobile devices expands, those who receive no subsidy whatsoever will grow.
“The enterprise should subsidize only the service plan on a smartphone,” said Willis. “What happens if you buy a device for an employee and they leave the job a month later? How are you going to settle up? Better to keep it simple. The employee owns the device, and the company helps to cover usage costs.
Risks of BYOD
BYOD does increase risks and changes expectations for CIOs. Unsurprisingly, security is the top concern for BYOD. The risk of data leakage on mobile platforms is particularly acute. Some mobile devices are designed to share data in the cloud and have no general purpose file system for applications to share, increasing the potential for data to be easily duplicated between applications and moved between applications and the cloud.
However, in general, IT is catching up to the phenomenon of BYOD. More than half of organizations rate themselves high in security of corporate data for enterprise-owned mobile devices. This new confidence in the security posture to support BYOD is a reflection of more-mature tools and processes that address myriad needs in the security area.
“We’re finally reaching the point where IT officially recognizes what has always been going on: People use their business device for nonwork purposes,” said Willis. “They often use a personal device in business. Once you realize that, you’ll understand you need to protect data in another way besides locking down the full device. It is essential that IT specify which platforms will be supported and how; what service levels a user should expect; what the user’s own responsibilities and risks are; who qualifies; and that IT provides guidelines for employees purchasing a personal device for use at work, such as minimum requirements for operating systems.”
More detailed analysis is available in the report Bring Your Own Device: The Facts and the Future.
RELATED
EXPLORE BY CATEGORY
Stay Connected with CBIA News Digests
The latest news and information delivered directly to your inbox.