1

BRING YOUR OWN DEVICE

MEANING
Bring your own device (BYOD) (also called bring your own technology (BYOT), bring
your own phone (BYOP), and bring your own PC (BYOPC)) refers to the policy of
permitting employees to bring personally owned mobile devices (laptops, tablets, and smart
phones) to their workplace, and to use those devices to access privileged company
information and applications. The term is also used to describe the same practice applied to
students using personally owned devices in education settings.
BYOD is making significant inroads in the business world, with about 75% of employees in
high growth markets such as Brazil and Russia and 44% in developed markets already using
their own technology at work. In most cases, businesses simply can't block the trend. Some

believe that BYOD may help employees be more productive. Others

say it increases
employee morale and convenience by using their own devices and makes the company look
like a flexible and attractive employer. Many

feel that BYOD can even be a means to attract
new hires, pointing to a survey that indicates 44% of job seekers view an organization more
positively if it supports their device.


HISTORY
BYOD first entered in 2009, courtesy of Intel when it recognized an increasing tendency
among its employees to bring their own devices to work and connect them to the corporate
network. However, it took until early 2011 before the term achieved any real prominence
when IT services provider Unisys and software vendors VMware and Citrix Systems started
to share their perceptions of this emergent trend. BYOD has been characterized as a feature
of the "consumer enterprise" in which enterprises blend with consumers.
In 2012, the U.S.A Equal Employment Opportunity Commission adopted a BYOD policy,
but many employees continued to use their government-issued BlackBerrys because of
concerns about billing, and the lack of alternative devices.


ORIGINS OF BYOD
The popular perception is that the BYOD revolution was sparked by the advent of Apples
iPhone. The iPhone, and subsequently the iPad, are certainly catalysts that have contributed
to the accelerated adoption of BYOD policies in many organizations, but the concept of users
wanting to choose their own devices, or use their own personal PCs to get work done
predates these devices it is just that recently, these percentage of these types of devices in
use has grown significantly. Corporate philosophy has had much to do with driving BYOD as
well.
2

Companies IT support policies have been pushing employees to be more independent and
autonomous for decades. For years, IT Pros have opted to upgrade sooner and self-manage to
get the benefits of new versions of products. It is frustrating for employees to know that a
given task can be accomplished faster or easier using a different Web browser, or operating
system, or application, but being handicapped by supported products dictated by the IT
department.
In the wake of those traditional policies, mobility entered the picture for information workers.
Instead of being tethered to a desk sitting in a cubicle, workers increasingly getting work
done remotelyfrom home offices, corner coffee shops, airports, and hotel rooms. Users
outside of the office dont have the same access to IT resources or support, and that has
further fostered the need to be self-reliant.
Even in organizations where the IT department still mandates specific operating systems,
hardware platforms, and mobile devices, rogue employees have worked around those
requirements to get the job done. Nomadic employees embrace the concept of being
independent and autonomous, and manifest it by sometimes ignoring company policy and
choosing the tools that help them be more effective, and work more efficiently.

PREVALENCE
The Middle East has one of the highest adoption rates (about 80%) of the practice worldwide
in 2012.
According to research by Logicalis, high-growth markets (including Brazil, Russia, India,
UAE, and Malaysia) demonstrate a much higher propensity to use their own device at work.
Almost 75% of users in these countries did so, compared to 44% in the more mature
developed markets.

BYOD VS. CONSUMERIZATION OF IT
BYOD is often confused with another trend Consumerization of IT. Though related, these
two topics really have a different pivot or focus. Consumerization refers to consumer
technology that bridges over into the workplace with the original product features and
function being optimized towards consumer needs. Broadly, this means that IT departments
must manage devices that were not optimized for enterprise management requirements.
BYOD is part of consumerization in that it involves using consumer technologies in a work
setting, but the focus is on the employee using devices originally purchased for personal use.
Because the devices are not employer purchased or owned, it raises significant questions
about maintenance, as well as some tough policy questions concerning data and applications
on the device.


3

BENEFITS OF BRING YOUR OWN DEVICE
Increased productivity and innovation: Employees are more comfortable with a personal
device and become expert using it making them more productive. Personal devices tend to
be more cutting-edge, so the enterprise benefits from the latest features. Also users upgrade to
the latest hardware more frequently.
Employee satisfaction: Your people use the devices they have chosen and invested in
rather than what was selected by IT. 83 percent of users considered their mobile device more
important than their morning cup of coffee. Allowing employees to use personal devices also
helps them avoid carrying multiple devices.
Cost savings: BYOD programs sometimes save budget by shifting costs to the user, with
employees paying for mobile devices and data services. However, this often results in little to
no savings, so do not base your decision primarily on anticipated savings.
CONSIDER BEFORE ADOPTING BYOD
Personal cost: Some employees will be unwilling to invest their own money. As mobile
devices replace company-provided laptops, certain employees will expect the organization to
pay for these new devices as well.
Enterprise cost: Will you have the resources to manage BYOD safely? Are you willing to
set up a private app store for maximum control? Will your service desk be able to handle the
inevitable flood of support calls?
Enterprise control: Certain job functions require access to very sensitive data, and mobile
devices are being embedded into business processes such as manufacturing, transportation
and retail transactions. In these roles, IT needs complete control over the mobile devices and
applications installed on them.

HOW TO BYOD
4 steps to enjoying the benefits of bring your own device
PLAN

Conduct a cost/benefit analysis while deciding how you will enable mobile and who will
have access. Not determining a policy is risky: if you don't, BYOD will "just happen" without
controls. Decide on the depth of access to be allowed to each segment of users: "mobile
optional," "mobile enhanced," or "mobile primary." Determine mobile device funding and
security policies for each segment, then estimate the total IT system and support needed.
SECURE AND MANAGE
4

71 percent of CEOs and IT managers say that security is their most significant mobile
enterprise challenge. Carefully choose which technologies will be used to manage and secure
mobile devices. A smartphone containing confidential data can be stolen or lostputting
sensitive information in the wrong hands. Your mobile enterprise system must be flexible
enough to control connections to an ever-growing variety of devices.
COMMUNICATE YOUR POLICY
39 percent of organizations have already had a data breach due to an employee's or
contractor's lost or stolen mobile device. Do your people understand the risks? Communicate
which data may be accessed and which devices are appropriate. Make rules clear to
employees up-front what they may or may not do and provide lessons on how to comply and
get the most out of their access.

SUPPORT
Guaranteed, there will be many more calls to your Help Desk concerning a wide variety of
devices, and the answers will take longer to find. This is where you need to invest up-front to
gain the long-term benefit of granting your employees access through personal devices.

ISSUES
BYOD security relates strongly to the end node problem, wherein a device is used to access
both sensitive and risky networks/services. Because of Internet-based risks, some very risk-
averse organizations issue devices specifically for Internet use (this is termed Inverse-
BYOD).

BYOD has resulted in data breaches. For example, if an employee uses a smartphone to
access the company network and then loses that phone, untrusted parties could retrieve any
unsecured data on the phone. Another type of security breach occurs when an employee
leaves the company, they do not have to give back the device, so company applications and
other data may still be present on their device.
A key issue of BYOD which is often overlooked is BYOD's phone number problem, which
raises the question of the ownership of the phone number. The issue becomes apparent when
employees in sales or other customer-facing roles leave the company and take their phone
number with them. Customers calling the number will then potentially be calling competitors
which can lead to loss of business for BYOD enterprises.
International research reveals that only 20% of employees have signed a BYOD policy.
If sensitive, classified, or criminal data lands on a U.S. government employee's device, the
device is subject to confiscation.
5

A challenging but important task for companies who utilize BYOD is to develop a policy that
defines exactly what sensitive company information needs to be protected and which
employees should have access to this information, and then to educate all employees on this
policy.
The USMC is seeking to outsource the security requirements of their BYOD policy to
commercial carriers such as Sprint, Verizon, and AT&T.
The Middle East has one of the highest adoption rates (about 80%) of the practice worldwide
in 2012.
According to research by Logicalis, high-growth markets (including Brazil, Russia, India,
UAE, and Malaysia) demonstrate a much higher propensity to use their own device at work.
Almost 75% of users in these countries did so, compared to 44% in the more mature
developed markets.

DISADVANTAGES
Costs for the employee As mentioned before, the costs of BYOD are down to the
employee. Not everybody has such a device or even want one. Therefore being told by your
company you then need to get one for work is likely to leave them feeling fairly hard done
by. Factor in the increased usage and transportation of the device likely leading to quicker
depreciation of the device and possible accidents repairs could also prove to be costly for
the employee. They may not be happy shouldering this cost.

Device Disparities When a company buys devices for their employees they have the
freedom to buy the perfect device for their need. Therefore it will have the correct
technological features for the purpose they are serving. However with BYOD, your
employees are likely to have a whole plethora of devices however, all with different
capabilities and operating systems that run different programmes at different levels of quality.
It is hard to get programmes that are of high quality but are also able to cover all platforms
and realistic quality of devices, so this could cause issues. You also have to adapt your
system to be able to deal with a BYOD policy.

Security Companies all spend a very large amount of money on their security systems as
they know that they cant afford for their data to be leaked or viruses to be caught. Employees
however are unlikely to have this level of security. Whilst the everyday security software for
home use can cover all day to day activities, you might not trust them to be up to the job of
protecting your valuable customer data. In addition, how do companies with BYOD stop
employees who are leaving the company from walking away with a significant amount of
your data, available at a touch of the button on their device? This can also be flipped for the
employees they may feel their own privacy is at risk if they do personal web surfing on a
device that is linked to their companys systems.


6

BYOD RISKS
There are some hurdles that organizations need to cross in order to effectively implement
BYOD. The risks associated with allowing users to bring their own computers or mobile
devices into the work environment vary depending on geographic region, the industry the
company works in, and even the specific job role within a company.
Businesses that operate in specific industrieslike healthcare or financefall under strict
regulatory compliance mandates. SOX, HIPAA, GLBA, PCI-DSS, and other compliance
frameworks outline which data must be protected, and provide basic guidelines for how that
data should be protected. The obligation to comply with these directives doesnt change just
because the data is moved from company-owned equipment to employee-owned devices in a
BYOD situation.
There are frequently reports of sensitive customer or employee data being potentially
compromised as a result of a laptop being taken from an unlocked car, or company data being
compromised by an employee leaving a smartphone in a taxi. IT admins need to have BYOD
policies in place to protect data no matter where it resideseven on devices that arent
owned or managed by the company.
The challenges of BYOD are not necessarily a reason to ban the practice altogether, though.
The trend has significant momentum, and there are a number of benefits for both companies
and users. The trick is for both to understand the advantages, as well as the issues, and to
employ BYOD in a way that works for everyone.

BYOD SECURITY

Today, employees expect to use personal smartphones and mobile devices at work, making
BYOD security a concern for IT teams. Many corporations that allow employees to use their
own mobile devices at work implement a BYOD security policy that clearly outlines the
company's position and governance policy to help IT better manage these devices and ensure
network security is not compromised by employees using their own devices at work.

BYOD security can be addressed by having IT provide detailed security requirements for
each type of personal device that is used in the workplace and connected to the corporate
network. For example, IT may require devices to be configured with passwords, prohibit
specific types of applications from being installed on the device or require all data on the
device to be encrypted.
Other BYOD security policy initiatives may include limiting activities that employees are
allowed to perform on these devices at work (e.g. email usage is limited to corporate email
accounts only) and periodic IT audits to ensure the device is in compliance with the
company's BYOD security policy.

BYOD IN HEALTHCARE

7

The use of smartphones and tablets is rising in healthcare environments because of the
productivity and efficiency gains of doctors, nurses, and other health professionals who can
communicate with colleagues regardless of their location. Many doctors work in more than
one location and need truly mobile solutions (i.e., cellular in addition to Wi-Fi) as they go
between clinics and may also work at home after hours. Smart devices can store or provide
access to key medical resources including pharmaceutical data, PDRs, and patient records.

Tablets have become very important in healthcare environments due to their portability
combined with large high resolution screens on which to view data or images. Due to
concerns with respect to the protection of confidential patient data, it is essential to be able to
control access carefully.
BYOD has risen in healthcare anyway, with many healthcare institutions either using thin
clients that cannot store customer data locally, or investing in MDM solutions that limit
access to customer data through traditional means such as password authentication and on
device and in-transit encryption. The use of dual persona solutions provides a natural
resolution to the issue of healthcare professionals that are using their own devices for
business use. As the business persona can be locked down very securely, but the personal
side will be left alone, both confidential healthcare information and the clinician are
protected. This is not to say that healthcare institutions will not also use other MDM and
security methods, but dual persona solutions such as Toggle may help greatly with the BYOD
aspects of the problem.


BYOD IN EDUCATION

Education is another segment which is starting to benefit from BYOD. Smartphones and
tablets are not only beginning to be allowed into high schools and universities, but are being
used creatively for in-class Internet research, e-reading, taking tests, communicating with
project groups, distributing tablet-based newspapers, asking questions, writing and submitting
reports, and taking notes. Lecture podcasts and learning material can also be sent to students
and used on tablets as supplements to course books. Budgets for institutions of higher
learning are often constrained, however, and many of the one on one computing trials
originally envisioned for laptops in the classroom five years ago have been delayed. In high
schools, there are often still computing labs or laptops on carts that are shared by different
classes. By allowing students to bring in their own devices, with agreed upon rules that
prevent them from texting each other answers to tests, randomly communicating, or
becoming distracted by games or other entertainment, BYOD solutions like Toggle are ideal
to help educational institutions deal more effectively with the high cost of technology
subsidization. If a dual persona application is set upon the device, it can serve a similar
purpose as it would in the work environment. For example, educators/IT administrators can
set up authorized apps to be used on the business side during the school day. Students are
also an ideal demographic for the use of mobile technology, especially when they are using
the same devices they are using outside the classroom.

BYOD GREW FROM BLACKBERRYS DECLINE
8

BlackBerry was the first device to captivate corporate America. It was the first line of devices
designed for corporateas opposed to personaluse. It dominated the market for a
significant period of time because it was the only device that delivered email to your hip and
allowed for it to be properly, centrally controlled. Business owners and IT teams were in
love, and so were all the BlackBerry users who could be more productive. And then Apple
revolutionized computing (once again) with the introduction of the iPhone and then the iPad.
Several other manufacturers copied to gain market share and BlackBerry failed to innovate at
the same pace. CEOs and business leaders were acquiring sophisticated smartphones and
tabletsand they wanted them to integrate with their companys network.
However, unlike with BlackBerry, there wasnt one clear corporate device winner. Both the
Apple and Android operating systems offered a collection of email, calendaring, and other
applications, but no device stood out as more secure, easier to integrate, or a productivity
enhancer. By default, and the decline of BlackBerry, BYOD is now the pervasive corporate
mobile trend.


THE FUTURE OF BYOD
BYOD will eventually run its course because, even if you have a strategic BYOD policy in
place, data scatter across devices is still risky for corporations. Plus, to be able to actually
accomplish work tasks at home and on the road, most employees need specific lines of
business applications that currently run only on their office desktops. A tablet that cant run
these applications will never be as powerful in the long run as a mobile device that can (think
laptop).

The Next Corporate Must-Have?
Which company will take BlackBerrys former place as the preferred corporate device? Too
soon to tell. Right now, there is no single device that has sufficiently enamored corporate
Americabut one will come. Businesses will only be flexible until there is a compelling
reason to mandate a particular mobile technology. The Windows 8 Pro Surface tablet is
coming to marketplace, and its draw is that it will be the first tablet to run mainstream
corporate applications. Lenovo, along with many other tablet vendors, is also coming out
with a tablet that will reportedly do the same things. Time will tell and, in the end, unlike
with BYOD, the corporationsnot the userswill decide. When the decision is made, there
will once again be a clear corporate market share winner and BYOD policies will slowly
decline.



9

LAST WORD
The origination of BYODand its pervasiveness in corporate Americahas been a very
interesting thing to witness. It has raised important questions regarding ownership, data
security, and network integrity. It has forced IT teams across the country to analyze data and
networks from a variety of perspectives in order to create comprehensive BYOD policies.
But, unlike many of my colleagues, I dont think it is here to stay. Ultimately, corporations
are smart and will want to once again reign in the data scatter as soon as a clear corporate
mobile device winner reveals itself in the marketplace. Stay tuned the race to revolutionize
the corporate mobile space like Blackberry did in the 1990s is on.