MEANING Bring your own device (BYOD) (also called bring your own technology (BYOT), bring your own phone (BYOP), and bring your own PC (BYOPC)) refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications. The term is also used to describe the same practice applied to students using personally owned devices in education settings. BYOD is making significant inroads in the business world, with about 75% of employees in high growth markets such as Brazil and Russia and 44% in developed markets already using their own technology at work. In most cases, businesses simply can't block the trend. Some
believe that BYOD may help employees be more productive. Others
say it increases employee morale and convenience by using their own devices and makes the company look like a flexible and attractive employer. Many
feel that BYOD can even be a means to attract new hires, pointing to a survey that indicates 44% of job seekers view an organization more positively if it supports their device.
HISTORY BYOD first entered in 2009, courtesy of Intel when it recognized an increasing tendency among its employees to bring their own devices to work and connect them to the corporate network. However, it took until early 2011 before the term achieved any real prominence when IT services provider Unisys and software vendors VMware and Citrix Systems started to share their perceptions of this emergent trend. BYOD has been characterized as a feature of the "consumer enterprise" in which enterprises blend with consumers. In 2012, the U.S.A Equal Employment Opportunity Commission adopted a BYOD policy, but many employees continued to use their government-issued BlackBerrys because of concerns about billing, and the lack of alternative devices.
ORIGINS OF BYOD The popular perception is that the BYOD revolution was sparked by the advent of Apples iPhone. The iPhone, and subsequently the iPad, are certainly catalysts that have contributed to the accelerated adoption of BYOD policies in many organizations, but the concept of users wanting to choose their own devices, or use their own personal PCs to get work done predates these devices it is just that recently, these percentage of these types of devices in use has grown significantly. Corporate philosophy has had much to do with driving BYOD as well. 2
Companies IT support policies have been pushing employees to be more independent and autonomous for decades. For years, IT Pros have opted to upgrade sooner and self-manage to get the benefits of new versions of products. It is frustrating for employees to know that a given task can be accomplished faster or easier using a different Web browser, or operating system, or application, but being handicapped by supported products dictated by the IT department. In the wake of those traditional policies, mobility entered the picture for information workers. Instead of being tethered to a desk sitting in a cubicle, workers increasingly getting work done remotelyfrom home offices, corner coffee shops, airports, and hotel rooms. Users outside of the office dont have the same access to IT resources or support, and that has further fostered the need to be self-reliant. Even in organizations where the IT department still mandates specific operating systems, hardware platforms, and mobile devices, rogue employees have worked around those requirements to get the job done. Nomadic employees embrace the concept of being independent and autonomous, and manifest it by sometimes ignoring company policy and choosing the tools that help them be more effective, and work more efficiently.
PREVALENCE The Middle East has one of the highest adoption rates (about 80%) of the practice worldwide in 2012. According to research by Logicalis, high-growth markets (including Brazil, Russia, India, UAE, and Malaysia) demonstrate a much higher propensity to use their own device at work. Almost 75% of users in these countries did so, compared to 44% in the more mature developed markets.
BYOD VS. CONSUMERIZATION OF IT BYOD is often confused with another trend Consumerization of IT. Though related, these two topics really have a different pivot or focus. Consumerization refers to consumer technology that bridges over into the workplace with the original product features and function being optimized towards consumer needs. Broadly, this means that IT departments must manage devices that were not optimized for enterprise management requirements. BYOD is part of consumerization in that it involves using consumer technologies in a work setting, but the focus is on the employee using devices originally purchased for personal use. Because the devices are not employer purchased or owned, it raises significant questions about maintenance, as well as some tough policy questions concerning data and applications on the device.
3
BENEFITS OF BRING YOUR OWN DEVICE Increased productivity and innovation: Employees are more comfortable with a personal device and become expert using it making them more productive. Personal devices tend to be more cutting-edge, so the enterprise benefits from the latest features. Also users upgrade to the latest hardware more frequently. Employee satisfaction: Your people use the devices they have chosen and invested in rather than what was selected by IT. 83 percent of users considered their mobile device more important than their morning cup of coffee. Allowing employees to use personal devices also helps them avoid carrying multiple devices. Cost savings: BYOD programs sometimes save budget by shifting costs to the user, with employees paying for mobile devices and data services. However, this often results in little to no savings, so do not base your decision primarily on anticipated savings. CONSIDER BEFORE ADOPTING BYOD Personal cost: Some employees will be unwilling to invest their own money. As mobile devices replace company-provided laptops, certain employees will expect the organization to pay for these new devices as well. Enterprise cost: Will you have the resources to manage BYOD safely? Are you willing to set up a private app store for maximum control? Will your service desk be able to handle the inevitable flood of support calls? Enterprise control: Certain job functions require access to very sensitive data, and mobile devices are being embedded into business processes such as manufacturing, transportation and retail transactions. In these roles, IT needs complete control over the mobile devices and applications installed on them.
HOW TO BYOD 4 steps to enjoying the benefits of bring your own device PLAN
Conduct a cost/benefit analysis while deciding how you will enable mobile and who will have access. Not determining a policy is risky: if you don't, BYOD will "just happen" without controls. Decide on the depth of access to be allowed to each segment of users: "mobile optional," "mobile enhanced," or "mobile primary." Determine mobile device funding and security policies for each segment, then estimate the total IT system and support needed. SECURE AND MANAGE 4
71 percent of CEOs and IT managers say that security is their most significant mobile enterprise challenge. Carefully choose which technologies will be used to manage and secure mobile devices. A smartphone containing confidential data can be stolen or lostputting sensitive information in the wrong hands. Your mobile enterprise system must be flexible enough to control connections to an ever-growing variety of devices. COMMUNICATE YOUR POLICY 39 percent of organizations have already had a data breach due to an employee's or contractor's lost or stolen mobile device. Do your people understand the risks? Communicate which data may be accessed and which devices are appropriate. Make rules clear to employees up-front what they may or may not do and provide lessons on how to comply and get the most out of their access.
SUPPORT Guaranteed, there will be many more calls to your Help Desk concerning a wide variety of devices, and the answers will take longer to find. This is where you need to invest up-front to gain the long-term benefit of granting your employees access through personal devices.
ISSUES BYOD security relates strongly to the end node problem, wherein a device is used to access both sensitive and risky networks/services. Because of Internet-based risks, some very risk- averse organizations issue devices specifically for Internet use (this is termed Inverse- BYOD).
BYOD has resulted in data breaches. For example, if an employee uses a smartphone to access the company network and then loses that phone, untrusted parties could retrieve any unsecured data on the phone. Another type of security breach occurs when an employee leaves the company, they do not have to give back the device, so company applications and other data may still be present on their device. A key issue of BYOD which is often overlooked is BYOD's phone number problem, which raises the question of the ownership of the phone number. The issue becomes apparent when employees in sales or other customer-facing roles leave the company and take their phone number with them. Customers calling the number will then potentially be calling competitors which can lead to loss of business for BYOD enterprises. International research reveals that only 20% of employees have signed a BYOD policy. If sensitive, classified, or criminal data lands on a U.S. government employee's device, the device is subject to confiscation. 5
A challenging but important task for companies who utilize BYOD is to develop a policy that defines exactly what sensitive company information needs to be protected and which employees should have access to this information, and then to educate all employees on this policy. The USMC is seeking to outsource the security requirements of their BYOD policy to commercial carriers such as Sprint, Verizon, and AT&T. The Middle East has one of the highest adoption rates (about 80%) of the practice worldwide in 2012. According to research by Logicalis, high-growth markets (including Brazil, Russia, India, UAE, and Malaysia) demonstrate a much higher propensity to use their own device at work. Almost 75% of users in these countries did so, compared to 44% in the more mature developed markets.
DISADVANTAGES Costs for the employee As mentioned before, the costs of BYOD are down to the employee. Not everybody has such a device or even want one. Therefore being told by your company you then need to get one for work is likely to leave them feeling fairly hard done by. Factor in the increased usage and transportation of the device likely leading to quicker depreciation of the device and possible accidents repairs could also prove to be costly for the employee. They may not be happy shouldering this cost.
Device Disparities When a company buys devices for their employees they have the freedom to buy the perfect device for their need. Therefore it will have the correct technological features for the purpose they are serving. However with BYOD, your employees are likely to have a whole plethora of devices however, all with different capabilities and operating systems that run different programmes at different levels of quality. It is hard to get programmes that are of high quality but are also able to cover all platforms and realistic quality of devices, so this could cause issues. You also have to adapt your system to be able to deal with a BYOD policy.
Security Companies all spend a very large amount of money on their security systems as they know that they cant afford for their data to be leaked or viruses to be caught. Employees however are unlikely to have this level of security. Whilst the everyday security software for home use can cover all day to day activities, you might not trust them to be up to the job of protecting your valuable customer data. In addition, how do companies with BYOD stop employees who are leaving the company from walking away with a significant amount of your data, available at a touch of the button on their device? This can also be flipped for the employees they may feel their own privacy is at risk if they do personal web surfing on a device that is linked to their companys systems.
6
BYOD RISKS There are some hurdles that organizations need to cross in order to effectively implement BYOD. The risks associated with allowing users to bring their own computers or mobile devices into the work environment vary depending on geographic region, the industry the company works in, and even the specific job role within a company. Businesses that operate in specific industrieslike healthcare or financefall under strict regulatory compliance mandates. SOX, HIPAA, GLBA, PCI-DSS, and other compliance frameworks outline which data must be protected, and provide basic guidelines for how that data should be protected. The obligation to comply with these directives doesnt change just because the data is moved from company-owned equipment to employee-owned devices in a BYOD situation. There are frequently reports of sensitive customer or employee data being potentially compromised as a result of a laptop being taken from an unlocked car, or company data being compromised by an employee leaving a smartphone in a taxi. IT admins need to have BYOD policies in place to protect data no matter where it resideseven on devices that arent owned or managed by the company. The challenges of BYOD are not necessarily a reason to ban the practice altogether, though. The trend has significant momentum, and there are a number of benefits for both companies and users. The trick is for both to understand the advantages, as well as the issues, and to employ BYOD in a way that works for everyone.
BYOD SECURITY
Today, employees expect to use personal smartphones and mobile devices at work, making BYOD security a concern for IT teams. Many corporations that allow employees to use their own mobile devices at work implement a BYOD security policy that clearly outlines the company's position and governance policy to help IT better manage these devices and ensure network security is not compromised by employees using their own devices at work.
BYOD security can be addressed by having IT provide detailed security requirements for each type of personal device that is used in the workplace and connected to the corporate network. For example, IT may require devices to be configured with passwords, prohibit specific types of applications from being installed on the device or require all data on the device to be encrypted. Other BYOD security policy initiatives may include limiting activities that employees are allowed to perform on these devices at work (e.g. email usage is limited to corporate email accounts only) and periodic IT audits to ensure the device is in compliance with the company's BYOD security policy.
BYOD IN HEALTHCARE
7
The use of smartphones and tablets is rising in healthcare environments because of the productivity and efficiency gains of doctors, nurses, and other health professionals who can communicate with colleagues regardless of their location. Many doctors work in more than one location and need truly mobile solutions (i.e., cellular in addition to Wi-Fi) as they go between clinics and may also work at home after hours. Smart devices can store or provide access to key medical resources including pharmaceutical data, PDRs, and patient records.
Tablets have become very important in healthcare environments due to their portability combined with large high resolution screens on which to view data or images. Due to concerns with respect to the protection of confidential patient data, it is essential to be able to control access carefully. BYOD has risen in healthcare anyway, with many healthcare institutions either using thin clients that cannot store customer data locally, or investing in MDM solutions that limit access to customer data through traditional means such as password authentication and on device and in-transit encryption. The use of dual persona solutions provides a natural resolution to the issue of healthcare professionals that are using their own devices for business use. As the business persona can be locked down very securely, but the personal side will be left alone, both confidential healthcare information and the clinician are protected. This is not to say that healthcare institutions will not also use other MDM and security methods, but dual persona solutions such as Toggle may help greatly with the BYOD aspects of the problem.
BYOD IN EDUCATION
Education is another segment which is starting to benefit from BYOD. Smartphones and tablets are not only beginning to be allowed into high schools and universities, but are being used creatively for in-class Internet research, e-reading, taking tests, communicating with project groups, distributing tablet-based newspapers, asking questions, writing and submitting reports, and taking notes. Lecture podcasts and learning material can also be sent to students and used on tablets as supplements to course books. Budgets for institutions of higher learning are often constrained, however, and many of the one on one computing trials originally envisioned for laptops in the classroom five years ago have been delayed. In high schools, there are often still computing labs or laptops on carts that are shared by different classes. By allowing students to bring in their own devices, with agreed upon rules that prevent them from texting each other answers to tests, randomly communicating, or becoming distracted by games or other entertainment, BYOD solutions like Toggle are ideal to help educational institutions deal more effectively with the high cost of technology subsidization. If a dual persona application is set upon the device, it can serve a similar purpose as it would in the work environment. For example, educators/IT administrators can set up authorized apps to be used on the business side during the school day. Students are also an ideal demographic for the use of mobile technology, especially when they are using the same devices they are using outside the classroom.
BYOD GREW FROM BLACKBERRYS DECLINE 8
BlackBerry was the first device to captivate corporate America. It was the first line of devices designed for corporateas opposed to personaluse. It dominated the market for a significant period of time because it was the only device that delivered email to your hip and allowed for it to be properly, centrally controlled. Business owners and IT teams were in love, and so were all the BlackBerry users who could be more productive. And then Apple revolutionized computing (once again) with the introduction of the iPhone and then the iPad. Several other manufacturers copied to gain market share and BlackBerry failed to innovate at the same pace. CEOs and business leaders were acquiring sophisticated smartphones and tabletsand they wanted them to integrate with their companys network. However, unlike with BlackBerry, there wasnt one clear corporate device winner. Both the Apple and Android operating systems offered a collection of email, calendaring, and other applications, but no device stood out as more secure, easier to integrate, or a productivity enhancer. By default, and the decline of BlackBerry, BYOD is now the pervasive corporate mobile trend.
THE FUTURE OF BYOD BYOD will eventually run its course because, even if you have a strategic BYOD policy in place, data scatter across devices is still risky for corporations. Plus, to be able to actually accomplish work tasks at home and on the road, most employees need specific lines of business applications that currently run only on their office desktops. A tablet that cant run these applications will never be as powerful in the long run as a mobile device that can (think laptop).
The Next Corporate Must-Have? Which company will take BlackBerrys former place as the preferred corporate device? Too soon to tell. Right now, there is no single device that has sufficiently enamored corporate Americabut one will come. Businesses will only be flexible until there is a compelling reason to mandate a particular mobile technology. The Windows 8 Pro Surface tablet is coming to marketplace, and its draw is that it will be the first tablet to run mainstream corporate applications. Lenovo, along with many other tablet vendors, is also coming out with a tablet that will reportedly do the same things. Time will tell and, in the end, unlike with BYOD, the corporationsnot the userswill decide. When the decision is made, there will once again be a clear corporate market share winner and BYOD policies will slowly decline.
9
LAST WORD The origination of BYODand its pervasiveness in corporate Americahas been a very interesting thing to witness. It has raised important questions regarding ownership, data security, and network integrity. It has forced IT teams across the country to analyze data and networks from a variety of perspectives in order to create comprehensive BYOD policies. But, unlike many of my colleagues, I dont think it is here to stay. Ultimately, corporations are smart and will want to once again reign in the data scatter as soon as a clear corporate mobile device winner reveals itself in the marketplace. Stay tuned the race to revolutionize the corporate mobile space like Blackberry did in the 1990s is on.