The latest IT trend in town, BYOD or Bring Your Own Device, is a practice where employees are encouraged to make use of their personal devices to access enterprise systems and data. Being a small part of the larger trend of ‘IT consumerization’ – where hardware and software of the customer are allowed into organizational premises – BYOD is a movement that affects each individual in the company, from the CEO to the hourly worker.
The struggle of IT departments to stay on top of constant technological changes continues even to this day. With this struggle has emerged an increasing desire among employees to carry their own devices for corporate data access. The umbrella-term ‘Bring Your Own Device (BYOD) has also come to refer to several other initiatives such as Bring Your Own Technology (BYOT), Bring Your Own Phone (BYOP), and Bring Your Own PC (BYOPC). These initiatives have emerged to empower workforces and to align them with the concept of ‘IT consumerization’.
As part of this, the BYOD initiative encourages employees working on their own device at the workplace– accessing their corporate email or viewing text documents through phones and tabs. However, there does exist a dark side to the BYOD phenomenon. When not completely understood, it can threaten the very foundations of IT security and risk a company’s business systems.
Why turn to BYOD (Bring your own device)?
1. Employee Satisfaction:
When you allow employees to bring their own set of devices they may have invested in rather than the ones chosen by the IT department, they are satisfied at some level – and you know how important it is to keep employees satisfied. 60% of users are said to give more importance to their mobile phones than even to a cup of coffee.
2. Cost Savings:
Cost cutting is a major consideration for most enterprises. With a BYOD policy in place, there is a shift of costs from employers to employees, resulting in savings.
3. Increased Productivity and Innovation:
There is a positive correleation between the comfort-level of employees and their productivity. With their own devices, employees get comfortable and master their use. These devices are usually equipped with the latest technologies, thus proving to be beneficial to the enterprise. In addition, it is quite likely that the hardware would be upgraded on a frequent basis.
The Pros and Cons to a BYOD policy
As mentioned above, BYOD has a number of benefits:
1. Ensures employee satisfaction
2. Reduces technology costs for field service firms
3. Improves user engagement
4. Takes advantage of newer devices and their cutting-edge features
1. No uniform end-user support: No matter the situation or the background, problems will always arise. With BYOD, there may not be a uniform support system in place for any issues that may arise, since most employees will be working on different types and makes of devices. It is important to understand and be aware of this.
2. Security: Security is a concern across all platforms today, and this holds true for a BYOD policy as well, but it is not impossible to overcome this challenge. All it requires is for the IT departments to be prepared. Password-protection and antivirus programs need to be installed to separate work-deck and apps from personal information.
3. Retrieving data: What happens to the company data when an employee leaves the organization? Who will discontinue their access to your company data? Do they have their own phone number? What if clients were calling that number directly? For an employee in the sales environment, this becomes extremely risky, and BYOD policies need to address this issue. Otherwise, an ex-employee may suddenly turn into a competitor with easy access to client information.
How to BYOD
There are four steps to bask in the benefits of the ‘Bring Your Own Device’ phenomenon:
Step 1: Plan
First, a cost/benefit analysis is in order! Conduct the analysis when deciding how you’ll be enabling the mobile and who will be using it. Avoiding the determination of a policy is dicey – if there isn’t a policy, BYOD will only lead to chaos. The depth of access that will be allowed for each user segment needs to be decided – ‘Mobile enhance’, ‘mobile optional’, or ‘mobile primary’. Apart from this, security policies and mobile device funding for each segment needs to be determined, after which an estimate of the entire IT support must be conducted.
Step 2: Secure and Manage
It is said that 71% of IT managers and CEOs state security as being one of their most significant and compelling mobile enterprise challenges. It is important to carefully choose the technologies to use for the management and security of mobile devices so things don't go awry. For instance, a smartphone with large amounts of sensitive data may be stolen, putting the information in the wrong hands and putting the company at risk. The enterprise system that will be planned needs to be flexible enoughto control and monitor the connections to a growing number of devices.
Step 3: Communication of the BYOD policy
Around 39% of organizations have had security breaches due to the loss of a mobile device. Do employees understand the risks? Clear, unambiguous communication on the types of data that may be accessed on which type of device needs to be shared with all employees to ensure seamless implementation.
Step 4: Support
As with any other newly-implemented policy, instituting BYOD is almost surely going to result in an initial surge of support requests\calls – and the answer to these cries of help will take longer to find than usual. This is where up-front investment to gain long term benefits of granting employees access through personal devices becomes important.
The Tips to establishing a successful BYOD policy
If you are still in the process of developing a corporate Bring Your Own Device policy, or have one that is outdated, or still haven’t gotten around to creating a policy yet, here are few tips that will help in addressing IT service, security, application use, and various other components:
1. Specify the devices that will be permitted.
The old days were clear and simple. You had a blackberry that you used for work and nothing else. Today, employees are pampered with choices, with a whole spectrum of devices from iOS-based mobiles to Android phones.
Remember that it is important to specify what exactly is meant by ‘bring your own device’. Should you instead be saying bring your own Android device and not an iOS? Or should you be saying bring your own iPad but not other gadgets? You need to clarify what devices are acceptable by the enterprise, and what devices can be used.
2. Establish a strict security policy for all devices that enter the premises.
Device users generally refuse to move to lock screens and passwords on their personal devices. They hurdle towards the ease of access to the functions and the content on their device. This, however, is not a very valid complaint. Once phones and other devices are connected to the corporate servers, a lot of sensitive information can be accessed.
If employees wish to adopt the BYOD initiative, they need to be willing to configure their devices with complex passwords for protection. A strong, lengthy alphabetical password needs to be placed – not a simple four-digit one.
3. Define a clear service policy for devices under BYOD criteria
There are boundaries that the management needs to set when it comes to resolving problems and questions about employees’ personal devices. To be able to implement this, policy-makers will need to answer the following questions:
What support will be provided for damaged devices? What will be the policies for support on personally owned applications? Will you limit Helpdesk to ticketing problems with email, calendaring and other personal information management-type applications?
4. Clear communication needs to be given on who owns what apps and data.
While it may seem logical for the organization to have sole rights on the personal information that is stored on the servers, problems are bound to arise when wiping the device in case of theft. Conventionally, when a device is wiped, all files on the device are erased as well, which may include personal items that the individual may have paid for. Sometimes, these items may be irreplaceable.
Thus, questions must be asked as to whether the BYOD policy that is created will allow the wiping of the entire device that is brought into the network. If so, employees need to be provided with clear guidance on how they can secure their devices and back up the information to restore it once the device is retrieved or replaced.
5. What apps will be allowed and what banned?
This rule must apply to any device that can connect to organization servers, corporate or personal. The major considerations will include the application for replacement email applications, social media browsing, and VPNs or other remote access software.
The question that will arise is whether users will be able to download, install, and make use of applications that may cause security issues or legal risks on the device that has access to sensitive corporate resources.
6. Integrate the BYOD plan with the acceptable use policy.
Most companies have corporatephones that are treated like desktop computers, notebooks, and other equipment on the network. However, the questions as to whether allowing personal devices to connect to the network will expose the VPN to sites that may or may not be safe. Discussions about the acceptable use policy may be required.
7. Setting up an employee exit strategy
Lastly, consider what is going to happen when an employee leaves the organization with a device permitted under the BYOD policy. How will management enforce the removal of all access token, data, email accesses, and other proprietary information and applications?
It isn’t simple. Employees cannot just return a corporate issued phone. Many companies solve this issue by disabling access to corporate emails or to synchronization access as part of an exit interview and checklists of the HR. Heavily security-conscious ones, however, tend to perform a BYOD-enabled wipe as a mandatory exit strategy.
10 BYOD Worker Types
The BYOD initiative affects everyone in the organization, right from the CEO to the hourly workers.
Accordingly, Cio.com provides the 10 most common BYOD worker types.
The main class of employees to blame for the BYOD phenomenon is the Millennials of the work force. They are the ones who pressure the management into allowing them to use their own mobile devices on the job. They work odd hours and over the weekends. They want their personal and business lives blended.
Techies have found a friend in the Android. With the BYOD initiative, Android has allowed geeks to embrace consumer tech. The openness that techies crave is offered by the Android platform, while also serving up cool apps for the purpose of monitoring systems remotely and other IT functions.
CEOs occupy a crucial niche and are important stakeholders in the BYOD world. They use what they want, when they want, and how they want to, as the work of IT is to make it happen. Every BYOD policy generally has its first beginnings in corner-offices.
The BYOD initiative isn’t something for everyone - however, companies have, in the past, still mandated the policy for all employees in the organization, regardless of whether there are cliques of employees who do not want to waste money on fancy mobile devices, sign privacy rights, and then browse social networks for support when problems arise.
Salespeople love keeping things simple, give presentations that are dynamic, and hate using keyboards. Like Millennials, they, too love to blend work and personal life.
Hourly-wage workers and entry-level candidates have a lot to gain from BYOD. They would not have had the privilege to own a company-issue device. It is a level of freedom that would not have been afforded them, previously. They would also get to work outside of office hours.
Every organization has complainers. Nothing is good enough. And BYOD is no exception. It always begins with complaints about the need of BYOD in the organization and eventually extends to complaining about the concerns of BYOD.
Addicts of social networking love the BYOD initiative. Social networking becomes easier while doing work, and this raises importance concerns about employee productivity. A few companies have even gone to the extent of banning Facebook and other networking sites.
BYOD can be disastrous when in the wrong hands. Almost every company has disgruntled employees who are ready to leave and take confidential data with them.
In the spotlight of the BYOD stage is the CIOs. The job description includes making the initiative work for everyone, from drafting a policy to privacy rights to legal issues.
It’s interesting when you start thinking of where you or your employees fit in. It is also very useful, because it makes sure you’re prepared for any eventualities. BYOD is certainly beneficial, but you need to make sure you implement and utilize it with utmost care.
What other fascinating things have you learned about or experienced with BYOD? Let us know in the comments section below!