Bring Your Own Device – Are The Savings Worth the Risks?

24 04 2012

By Brett Vermette

There was a time, not many years ago, that computers and information technology were primarily within the business domain and most often only within large businesses.  This has changed as a result of years of continuously improving technology performance/price ratios along with the consumerization of information technology, which has largely been driven by the iPad, iPhone and other tablet and smartphone platforms.   According to Tony Bradley of PCWorld magazine “it used to be that IT departments drove technology, but that has changed dramatically in recent years”. [1]   The focus of much of the innovation in the IT industry has moved from the enterprise to the consumer, which is, in turn, driving cutting edge technology first into the hands of consumers.  Furthermore, the second half of the technically savvy and always connected Generation Y group are now entering the corporate work force.  These circumstances have created a dynamic where consumers frequently have more advanced personal technology than is available to them through their employers.

BYOD Defined

More and more frequently employers are allowing and even encouraging employees to use their personally owned and liable mobile devices for work related purposes.  These initiatives, which are often referred to as Bring Your Own Device (BYOD) programs, offer a number of advantages to both employees and employers.   In fact, Good Technology Corporation found, in their 2012 State of BYOD survey, that “formal BYOD programs, combined with supporting solutions and policies to ensure security and compliance, are fast-becoming the predominant models for enabling broad employee mobility, across multiple industries, and around the globe”[2].  However, BYOD programs also come with costs and risks, which if not managed properly, can have severe consequences.

What’s the Appeal?

There are aspects of BYOD programs that appeal to both the employer and the employee.  Increased mobility and the corresponding improvement in productivity and efficiency are the primary benefits of BYOD programs.  CIO Magazine stated that employees that use a mobile device for both personal and employment related activities actually put in 240 more hours per year than those that do not [3].  Increased employee satisfaction resulting from their ability to use a mobile device of their personal choosing is also seen as a significant benefit.  Individuals choose devices for their personal use that are technologically advanced and most appealing to them.  Extending these devices to their work environment simplifies their end user experience, reduces the necessity for training and support and eliminates the need to carry multiple devices.  From the employers’ perspective, reduced cost is the primary appeal.  iPass, an enterprise mobility services company, conducted a survey that found that employers spend between $124 and $89 per month, per employee just for mobile connectivity related charges [4].  For a large enterprise these costs can be very significant and BYOD programs offload or share this burden with employees.

The Costs & Risks

Employers considering a BYOD program must also carefully weigh the related security, cost and policy implications.  Effectively managing security in a BYOD environment requires implementation of both effective policies and supporting tools.  Organizations wishing to manage the increased risk of information loss associated with BYOD programs must develop a comprehensive policy that addresses items such as password use and strength, remote device management, remote device wipe, permissible operating systems, on-device storage of data and regulation compliance.  Development, implementation and monitoring of these policies can be a drain on organizational resources.  Additionally, tools such as mobile device management software and identity management suites are often required to support implementation of these policies.  These tools can be very expensive to purchase and maintain from both a cost and resource perspective.

Enabling employees to conduct their job related duties using their personal mobile devices requires that corporate applications be available via these alternate end points.  Refactoring applications for suitable access management and security from the wide variety of device software and hardware platforms introduced through a BYOD program can represent a daunting cost and resource drain for organizations. As noted by the Computer Dealers Network “the cost of internal app development can rise dramatically with BYOD.  Companies that ‘go native’ must invest in each platform in the BYOD portfolio”. [5]

Shifting the contractual responsibility from mobile devices back to employees can actually result in an overall increase in cost for the same services.  Corporations have traditionally had the advantage of large volume contracts and the ability to negotiate terms and conditions resulting in significantly lower costs on a per user basis.  Costs based on a corporately negotiated contract can be as much as 42% lower when compared to those incurred through individually negotiated agreements.  [6]

It is commonly believed that IT related support costs in a BYOD environment will be lower as a result of increased user familiarity with the devices that they choose.  This must be carefully considered as application support costs could increase as a result of increased proliferation of device platforms, operating systems and mobile browsers.

Finally, and perhaps most importantly, organizations considering a BYOD program must carefully consider the information loss related implications.  In a BYOD environment employee provisioned devices are still an endpoint on the corporate network.  These devices will have access to critical systems and can download and contain highly confidential information.  By their very nature, mobile devices are subject to an increased likelihood of loss and theft.  Typically corporate organizations are much more concerned with information security than the average individual mobile device owner.  Lost and stolen devices and the fact that an employee owned device cannot be confiscated upon an employees’ termination of employment are key information loss risks that must be considered and mitigated.

Conclusion

The ongoing consumerization of IT coupled with the expectations of today’s younger employees will continue to drive the adoption of BYOD programs in the enterprise environment.  While there are potential cost reduction benefits to employers, the primary benefits will be increased employee satisfaction, increased mobility and improved productivity.  CIO magazine stated that “by 2014, 90 percent of organizations will support corporate applications on devices owned by workers”. [3]  The ubiquity of mobile computing and increasing employer expectations regarding employee availability will drive employee desires for convenient access to key work related systems and data anywhere at any time on a device of their choosing.   As Gartner points out “the line between personal and professional lives now intersects in the smartphone and tablet” [7].  However, employers considering BYOD programs must be careful to fully comprehend the complete risk and cost profile of these programs.  Difficult to anticipate costs including the cost of device management across multiple platforms, network and identity management infrastructure costs and the cost associated with an increase in the likelihood of data loss can be substantial.

Overall, while organizations must carefully manage the associated costs and risks, BYOD programs are quickly becoming a mandatory component of a modern and competitive approach to information technology and cannot be ignored.

_____________________________________________________________________________________

  1. Bradley, Tony.  Pros and Cons of Bringing Your Own Device to Work.  PC World Business Center.  Dec 2011.  <http://www.pcworld.com/businesscenter/article/246760/pros_and_cons_of_bringing_your_own_device_to_work.html>

  2. Good Technology Incorporated.  Good Technology – State of BYOD Report.  Good Technologies.    <http://www.good.com/resources/Good_Data_BYOD_2011.pdf>
  3. Fogarty, Kevin.  5 Things You Need to Know about BYO Tech.  CIO Magazine.  Dec 2010.  <http://www.cio.com/article/647100/5_Things_You_Need_to_Know_about_BYO_Tech?page=1&taxonomyId=3112>
  4. iPass Incorporated.  The iPass Mobile Enterprise Report.  iPass Corporation.   2011.  <http://mobile-workforce-project.ipass.com/cpwp/wp-content/uploads/2011/12/iPass_Mobile_Enterprise_Report_2011.pdf?utm_source=FormSubmit&utm_medium=web&utm_campaign=MER_Download>
  5. Kaneshige, Tom.  The high cost of BYOD.  Computer Dealer New.  April 2012.   <http://www.itbusiness.ca/IT/client/en/CDN/News.asp?id=66884&PageMem=1>
  6. ProfitLine.  The Hidden Risks of a “Bring your own Device” (BYOD) Mobility Market.  ProfitLine Incorporated.  2011.   <http://i.zdnet.com/whitepapers/Profitline_The_Hidden_Risks_of_a_Bring_your_own_Device_BYOD_Mobility_Model_1_19_2011.pdf>
  7. Disabato, Michael.  Field Research:  Mobility in the Age of Consumerization.  Gartner Incorporated.  Jan 2012.  <http://my.gartner.com/portal/server.pt?open=512&objID=256&mode=2&PageID=2350940&resId=1901215&ref=QuickSearch&sthkw=BYOD>

Advertisements

Actions

Information

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s




%d bloggers like this: