Expert Advice on the Pros and Cons of Developing a BYOD Policy
As BYOD becomes more acceptable in the workplace, the concerns of IT leaders continue to grow. We interviewed 22 mobility and BYOD experts to provide some pros and cons around implementing and developing an Enterprise Mobility BYOD strategy. Here is what they had to say:
Meet our BYOD Strategy Experts:
Allan Bennetto, Founder, JMango
Allan Bennetto is the Founder of JMango, an international mobile technology firm. JMango works with several large firms in building apps in building apps for their employees to use in their day to day work day.
BYOD has only recently been embraced by many IT departments of large firms. While many people focus on BYOD in the mobile space, it should be pointed out that BYOD also includes larger pieces of technology such as laptops.
While most businesses would see BYOD’s main advantage to be the cost savings (employees will be bringing their own equipment), there are other gains to be made in terms of productivity and overall happier employees.
BYOD can increase productivity since employees will be using equipment that are already familiar to them. They know their way around their laptops, their phones and their tablets so they won’t need to fiddle around and get tasks done faster. Also, since they are already familiar with their devices, you won’t need to spend so much on training them to use something new to them.
Since they picked the hardware they are bringing to work, they’ll like working on them. This increases worker satisfaction. Any business would know that today’s devices represent a significant investment for anyone. The fact that their employees chose and bought these devices for themselves show how much they love that gadget since they are willing to spend hard-earned money on them. Of course the biggest gain businesses will get from embracing a BYOD policy is the cost savings per employee. Businesses will no longer need to invest on electronic equipment (which quickly gets obsolete in just a few years) and often times, they won’t need to invest on expensive contracts for mobile devices.
But BYOD also has its cons.
While companies may be able to save on equipment procurement costs, they might have to spend more in securing their network. Since employees will have their different tastes when it comes to their devices, IT departments of large companies might find it more difficult to keep track and support all of the devices in the workplace.
Some devices may or may not support the company’s current infrastructure. If you are running Exchange for example, some Android devices may not work well with that. You might also be running a company specific app for mobile devices.
A BYOD policy would mean you’ll need to support all of your employees’ devices which means added costs for you.
Another drawback for BYOD is preventing unnecessary distractions in the workplace. Since these are personal devices, they may contain apps such as games and other social apps that can become a distraction for the employee.
Lastly is protection of company data. When an employee leaves the company, they take with them the devices they’ve been using for work. This increases the risk of sensitive data such as confidential company plans and intellectual property being taken along with that device and into a competing company.
There is also nothing stopping employees from making copies of sensitive data and bringing them outside of the company. There will be little CIOs can do about that.
BYOD is definitely not for every company in this regard.
Ananth Vaidyanathan, Marketing Manager, ManageEngine
Ananth Vaidyanathan is the Marketing Manager at ManageEngine, a division of Zoho Corp., where he plans and oversees the marketing activities for the desktop and mobile device management products. Ananth plays a key role in developing marketing strategies used in reaching the IT decision makers of different verticals to create product awareness and to increase their IT productivity. He has been with ManageEngine for over 11 years.
For any organization, a core focal point is to reduce operational expenses and increase productivity. The advent of smart phones has opened doors for these organizations to save cost and increase productivity among their work forces, which is why BYOD is creating huge waves. To make BYOD successful we need to understand the pros and cons involved.
Higher/Increased Productivity: BYOD helps organizations fully tap their employees’ productivity. With technology that enables anywhere, anytime access to applications and data technology, conventional 9-to-5 jobs have been replaced with work that can be performed 24×7. For instance, business development units are constantly on the move, meeting clients in places like hotels and golf courses to discuss business. In these situations, sales teams must be able to access their presentations from their mobile devices to successfully conduct their business.
Cost Savings: BYOD reduces investment costs for enterprises by allowing work to be managed from an employee-owned device. The cost of the voice data is borne by the employees themselves or is supported by a reimbursement plan by the employer. Enterprises must implement and enforce a well-defined policy to keep such costs under control.
Employee Satisfaction: BYOD helps create a sophisticated work culture and an opportunity to reinforce a mutually beneficial relationship between employer and employee.
Security: Organizations’ paramount concern lies with data security, and these concerns will increase with the introduction of employee owned devices. Incidents such as device theft, use of unapproved mobile applications, and lack of device-level password protection can cause data leakage.
Ownership: In the case of BYOD, there’s a constant tug of war between data and devices. Devices are employee-owned whereas data is company-owned. The rights associated with hybrid ownership can complicate BYOD tasks such as restricting access to official emails or performing a data wipe. In the absence of thorough usage and ownership guidelines, the advantages of BYOD might be completely lost.
To make the most out of BYOD, the following best practices will help to stay secured and avoid the unnecessary risks.
- Pre-determine the device types and operating systems to be allowed, based on the available expertise.
- Scrutinize the data that the device can access. Create a protocol to protect the data. The app should authenticate the user, encrypt the data, and disallow backups.
- Enforce stringent security practices, such as passcode policies and anti-virus applications.
- Create data protection policies such as prohibiting apps that read data from the device or apps that transmit data to cloud.
- Erase data from lost devices or retire the device and erase the data when the employee leaves the company.
In short, when there is a new technology trend in the market, it comes with its own set of merits and demerits. It only makes sense for companies to fully understand the opportunity and manage it with the tools available in the market to enjoy maximum benefits.
Anders Lofgren, VP of Product Management, Acronis
Anders Lofgren is VP of Product Management for Acronis Mobility Business Unit and is responsible for driving the company’s mobility business, with a specific emphasis on product management, product marketing, and strategy. Anders brings more than 20 years of technology industry experience to his role at Acronis; most recently, he served as Vice President of Marketing and Product Management at GroupLogic. As the Senior Vice President of Product Management and Strategy for CA, Anders was responsible for managing CA’s $400MM storage business. He has also held senior level positions at The InfoPro, and covered the storage market as a Senior Analyst for Forrester Research/Giga Information Group. Anders
It means that employees are able to do work at any time, on any device of their choice, thus improving productivity. But, 60 percent of companies don’t have a personal device policy in place for employees — causing a huge security threat.
A stringent BYOD policy is essential for any enterprise looking to enable workers to use their personal devices. With this policy, enterprises need to provide their workers with apps and other tools to protect both themselves and the corporation as a whole, all the while keeping in line with security and compliance standards and regulations. Otherwise, BYOD can endanger the company and their clients by leaving them open to information leakage and security breaches.
It’s also important to note that BYOD isn’t right for every enterprise, or even every group within a given organization. In some industries, especially regulated industries, corporate-owned devices are simply a better approach, and therefore BYOD must be examined on a case-by-case basis to find if it is the best solution for all parties involved.
Andrew Dixon, Senior Vice President, Igloo Software
Andrew Dixon is the Senior Vice President of Igloo Software. Andrew is responsible for Igloo’s sales operations and go-to-market strategy, including operations, demand generation and communications. Prior to Igloo, he was an eighteen-year veteran of Microsoft, where he managed several product groups and divisions. Most recently, Andrew served as the Vice President, Business & Marketing Officer, Microsoft Canada, where he was responsible for driving the Canadian business unit’s marketing and operational efforts.
We find that once a user brings their own device, they will also bring their own applications, and this welcomes security concerns for the IT department. This is also becoming an issue with CIO’s where their job is to manage workflows and information. With employees taking the initiative to bring their own applications and devices, there is a high level of uncertainty.
According to Osterman Research, 49% of employees in 100 – 999 person companies use Dropbox without IT’s blessing. It is evident that the BYO trend is changing expectations on IT. More and more, employees are embracing their self-serve tendencies by passing on the idea of a company issued laptop or phone and bringing their own device. With your interest in BYOD, Igloo has captured some interesting stats around BYOA and BYOD in our recent infographic found here
To avoid this issue, Igloo Software is an intranet platform that is SaS 70 compliant – IT does not need to worry about confusing configurations or security issues. Instead of having what seems like 43584584 windows open, Igloo streamlines work by bringing content & conversations in one environment. Whether you are in a hotel room, at an airport, or at home, using our cloud based software, you can access your files anywhere, anytime, on any device. Instead of relying on different applications for sending or storing documents (and exchanging conversations around these documents), Igloo allows documents and conversations to live in the corporate intranet. We’ve tried to respond to common BYOD security issues with this model.
Anurag Lal, Chief Executive Officer, Infinite Convergence Solutions
Anurag Lal is Chief Executive Officer of Infinite Convergence Solutions. He has over 20 years of leadership and operational experience in technology, IT and telecom services. In addition to his business successes, Anurag served as a Director of the United States National Broadband Taskforce (part of the Federal Communications Commission). He was appointed to the taskforce by the Obama administration, with a charter to lead the efforts in deeply understanding global broadband policies, regulations, best practices and create the first National Broadband plan. This initiative has brought Anurag worldwide recognition and elevated his status to being an industry visionary in the field.
Companies have been slow to roll out BYOD – and even mobile strategies – because they did not realize the power of smartphones and tablets quickly enough. As a result, instead of being proactive, enterprises are reacting. Companies thought they could stay away from developing a mobile strategy, but they are quickly realizing that is not the case. In terms of BYOD in the enterprise, the pros and the cons boil down to control.
One major con when it comes to BYOD is that companies didn’t realize the extent to which employees would use devices in the workplace. In the past when a company issued an employee a phone, the employee used that phone primarily for business, including voice calls and some texting. Now the devices are much more powerful and engaging (think apps) and even though enterprises may mandate a particular device, employees are also consumers in their private life and have strong preferences on which device they want to use. This makes it hard to control what employees do on their mobile devices and which devices they use.
However, if BYOD control in the enterprise is executed correctly with MDM (mobile device management), companies can manage devices, segregate data, control what is put on or taken off a device and erase data if a device is stolen or lost.
Companies are also taking a harder look at corporate connectivity when it comes to BYOD. They often can’t afford the data connectivity they need for the amount of activity sent back and forth via mobile devices and are now considering enterprise WiFi solutions that are secure and have ample bandwidth.
Bret Taylor, CEO and co-founder, Quip
Bret Taylor Bret is currently the CEO and co-founder of Quip, a modern word processor that enables you to create beautiful documents on any device — phones, tablets and the desktop. Previously, Bret was the CTO of Facebook, after it acquired FriendFeed, the company he co-founded in 2007. Prior to that, Bret was a Group Product Manager at Google, where he co-created Google Maps and the Google Maps API, and started Google’s Developer product group.
BYOD will continue to be a positive trend for Enterprise over the long-term because it is fundamentally about making products that people *want* to use and the desires of employees instead of making products that only meets the needs of IT. Even though it may not have started as officially condoned, BYOD products are catching up with the needs of IT departments, and the products we all use to get work done will be simpler and better for it. This has already happened in the enterprise with devices like the iPhone (replacing Blackberry) and software like Chrome and Firefox (replacing Internet Explorer). In terms of obstacles to BYOD, being diligent about security and in some cases compliance are significant and should be priorities for anyone looking to develop products that meet both consumer and enterprise needs.
Christopher Burgess, CEO & President, Prevendra Inc.
Christopher Burgess is the CEO & President of Prevendra Inc.
– Employee is using a device they are most comfortable using – ROI: productivity & morale – Operational Expenses (opex) – employee purchased the device – ROI: Reduced or maintained opex
– Company data on Employee device – Who owns the data?
– Employee using unassociated third party which contains malware. Who pays for the security software for the device?
– Overly restrictive policies have been found (by the courts) to be risk to the company
– Costs of implementing a BYOD are variable – restricting operating systems or device types can help control opex
– Size does matter – new roles may have to be created within IT to support the security of the devices; the creation of responsive design applications which render similar on laptop as they do on a smartphone, etc.
Jeff Rubin, Vice President of Product Strategy, Beachhead Solutions
Jeff Rubin – Jeff is the vice president of product strategy at Beachhead Solutions, a company that designs cloud-managed mobile device security tools.
The pros of BYOD for the Enterprise:
1. Employee satisfaction and productivity. Employees want to use the device they’ve already selected and are comfortable and productive with in their personal lives. Imposing a new set of tools and learning upon them will result in lower levels of both satisfaction and output. People like to work at a place that respects their choices and abilities to make informed decisions.
2. Reduce costs on hardware. Companies can stop buying a smartphone, iPad, and laptop computer for every employee if that employee already has a perfectly good one that they can use, want to use, and – most likely – will use regardless of official policy.
The cons of BYOD for the Enterprise:
1. Loss of company control. Because employees own the devices instead of the more traditional company-owned model, employers cannot practically enforce the same level of security rules on their use. This may affect password policies, application controls (e.g., offensive materials may be brought into the workplace, insecure applications which carry viruses may be present), corporate data leakage for files stored on the devices (especially when the employee uses the same application for both business and personal use, such as a spreadsheet program), and the company’s ability to wipe a device clean when the device is suspected of being lost or stolen..
2. Mobile devices are high security risks because of that portability. While no single security protocol and software combination can completely protect mobile devices from every possible compromise, that increased security risk must be managed.
3. Not even the best, most responsible employees and the most rigorous security protocols can be enough to protect you. Accidents and mistakes happen, devices can get lost or stolen, and passwords can be shared — enterprises may need to increase budgets to spend more on security to cover all the potential security risks BYOD entails.
Jim Garrity, Vice President of Enterprise Solutions, Xtium
Jim Garrity is the Vice President of Enterprise Solutions at Xtium, a leading enterprise software and solutions company providing managed cloud hosting, online backup and virtual disaster recovery services.
The BYOD policy trend is the result of a new, younger workforce that carries laptops, iPhones, iPads and other technology devices. It is essential that companies have a BYOD policy these days.
A clear strategy is migrating to virtual desktop infrastructure (VDI) or cloud-based desktop-as-a-service (DaaS). With VDI or DaaS, an employee’s laptop, phone or whatever device they have does not actually have any data on it locally. Employees can access their desktops on their device, but the data never touches the device. Their device accesses data and the systems that process the data in a cloud infrastructure behind a corporate firewall. The minute an employee ends their session in VDI, they can lose the device, and nobody will be able to hack into their data because it is not stored locally on the device. It is more secure to have VDI than giving employees a corporate laptop – which can be hacked, no matter what security and encryption technology is placed on it. Inside the virtual desktop, you can ensure secure, policy-controlled access to the corporate network. Everything outside the corporate virtual desktop can be at the discretion of the users, who support their own personal devices and software.
So, there is actually more security in having a BYOD policy than not having one. Leveraging VDI or DaaS can be much more secure because once you log out, your data remains secure, whereas saving locally puts your data at risk if someone got hold of that device. Employers should not ban BYOD policies, but embrace them, as employees are going to bring them no matter what. Employees will also be more knowledgeable and comfortable with their own devices.
Jim Rivas, Head of Global Corporate Communications, Check Point Software Technologies
Jim Rivas is the Head of Global Corporate Communications at Check Point Software Technologies. In this role, Jim oversees the communications function including worldwide public relations, industry analyst relations and customer marketing. Rivas joined Check Point Software in 2011 from Oracle, where he was Director of Public Relations. Prior to Oracle, Jim held Corporate Communications management positions at multinational consulting firm Accenture, and pharmaceutical and bioinformatics company Pharmacopeia – Accelrys.
Protecting corporate information has always been a challenge, and it’s only grown more complex with the trend towards BYOD, mobile apps and cloud services. The trick is to leverage the efficiencies that these things bring without compromising your security posture. As such, organizations should focus on implementing proactive network security and training their workforce accordingly – create awareness around security and the cyberthreats that are out there. BYOD is driven by employees, so you need to be able to rely on your people to become the first line of defense.
Jonathan Freeman, President and CEO, Mycroft Inc
Jonathan Freeman is the President and CEO of Mycroft Inc., parent company of XSpectra. Freeman is responsible for the evolution and strategic growth of the company’s next generation IT security innovations, managed services and consulting organization. Freeman has more than 25 years of experience in successfully developing, commercializing, and growing breakthrough identity and access management technologies. Freeman is a recognized visionary in the development and deployment of identity-as-a-service and Enterprise Private Cloud solutions in the Identity Management Security and Managed Service Provider markets.
It reminds me a lot of the PC explosion we saw about 20 years ago. It’s the only other time when there has been a complete generational disruption and a transformation of this magnitude to the entire IT landscape. Smartphones, tablets and laptops allow employees to gain instant access to their company networks whether they are at work, home or on the road. The risks and rewards this creates for the cloud and security world are unlike anything we’ve seen before.
When done right, we can use BYOD to really improve business productivity, cut costs and even improve the device technology itself. By allowing every teacher, soldier, doctor, executive or police officer to securely use their own smartphone or tablet in the classroom, field, operating room, board room or street, we’re swimming with the current, rather than against it. It’s a fairly natural evolution. As the device technology allows us to do more things on it, we’re going to want to do more things on it. If every employee already has the device in their pocket and they’re able to check their email on it, they’re going to check their email on it. So now, it’s about securing it and staying a step ahead of the risks.
Not only does BYOD mean that people will be able to securely access corporate data, but they’re also more likely to want to ensure their personal data (photos, emails, etc.) won’t be compromised. The enterprise’s concern is the data; the employee’s concern is the device. In the IT security world, we care about both. Effective security protects both the corporation’s data and the users’. Organizations need proper Identity and Access Management solutions to help them onboard and offboard employees in a timely fashion as well as provide appropriate access, or in some cases restrict access to certain files from a remote connection.
Jonathan Horvath, Director of Product Management, Smith Micro Software
Jonathan Horvath is the Director of Product Management for Smith Micro Software and is a 15+ year product and program executive specializing in full lifecycle mobile application development. He is the driving force behind the company’s enterprise mobility management product strategy which combines technologies to deliver innovative solutions for enterprise, education, public safety, government and healthcare markets. Prior to joining Smith Micro, Jonathan served as Director of Product Development and Program Management for CaseCoder LLC as was a Senior Program Manager at Motorola Inc.
Managing BYOD is good for business, but not if you neglect the network.
BYOD is a double-edged sword. On one side, productivity is increased as users are able to perform their work on smart devices, anywhere, anytime. On the other side, telecom costs, support costs and security risks are all likely to increase as well. The benefits can far outweigh the negatives, but only if a comprehensive mobility program is put in place that includes company policies on how users can connect to wireless networks. Challenges brought on by BYOD are being addressed by a variety of MDM solutions but the general approach has neglected how these devices connect to the corporate network over public, uncontrolled access points, known as ‘bring your own network’ (BYON). By extending a business’ mobility strategies to address BYON using policy-based management, enterprise IT administrators can better enable their road-warriors to be productive while at the same time managing the connectivity, cost and risk concerns brought on BYON and BYOD.
Ken Shaw, CEO and founder, Infrascale
Ken Shaw is the CEO and founder of Infrascale, a company that provides secure file sharing and backup for business data. Shaw is an experienced technologist and entrepreneur in the cloud storage and online backup industry. The depth of his expertise in storage oriented cloud computing and offshore software development has lead him to be a thought leader in the cloud storage industry.
BYOD promises to provide today’s workforce with increased mobility, greater employee satisfaction and the ultimate reward – the ability to be more productive.
However, the challenge for companies comes down to IT security and management, says Mr. Shaw. From the perspective of the company, they are trying to protect valuable data that can be a business advantage, or be subject to privacy, patent or intellectual property rules. Loss of company or customer data due to lost or stolen devices or laptops can have devastating consequences. And yet, managing today’s diverse and prolific use of devices can bring IT teams to their knees by maxing out resources.
I would recommend four tips to mitigate these cons:
1. Craft a smart BYOD policy for your organization that includes strong end-point protection and management controls.
2. Work with IT to choose a file share and backup solution with strong security measures such as double-blind encryption in place
3. Ensure your approach supports a wide variety of devices – some solutions still don’t support Android or iPhones.
4. Ensure your solution delivers robust yet easy to use management and control.
Matt DeWolf, Director of New Product Development, Runzheimer International
Matt DeWolf is the Director of New Product Development at Runzheimer International, a global leader in workforce mobility programs. He is responsible for overall product management, strategic planning and product road mapping to grow Runzheimer’s new product line of business. In addition, he is tasked with monitoring and evaluating market conditions to better position Runzheimer International as a leader in the employee mobility space.
Summary: The Risks and Rewards of BYOD
– Create a BYOD policy that is tailored to the unique needs of the business role. In other words, there’s no such thing as a one size fits all BYOD policy.
– Make sure that financial reimbursements match the employee’s actual business use. Under reimbursing an employee for their business use, is just as bad (if not worse) than over reimbursing them. Inaccurate reimbursements for business expenses can lead to class action lawsuits.
– Make sure that policies describe the kind of equipment the employee must use. For example, if employees are walking around with old feature phones (i.e., the old clam shell style phones) then your company won’t be able to leverage the latest mobile app technologies. This will put your company at a competitive disadvantage.
– Be aware of what your employees are bringing into the workplace. Ensure that they are using late model technology, and refreshing their Operating Systems frequently. This is helpful in two ways;
o You ensure that you can leverage the fleet of BYOD devices as a competitive advantage for your business, i.e., leveraging the latest mobile productivity tool
– You ensure that you minimize security risks for your network.
– Review your policies frequently. Technology, and your employees corresponding business use, can change quickly. Ensure that you monitor your policies to make sure that they accommodate the latest technology advances and employee compliance.
– Consider working with an expert to help your company manage through the change process. Moving from a corporate liability phone program over to an employee liability phone program can be tricky. There are companies (like Runzheimer) who can guide you through the process and ensure that your new BYOD program doesn’t create a big mess within your employee base.
– Don’t try to use a one size fits all policy. You will inevitably under reimburse some people, and over reimburse others.
– Don’t roll out a program and forget about it. The program needs to be monitored and managed. If that sounds too expensive or cumbersome, consider working with a third party who can manage that process for you.
– MDM software is not mandatory. Companies who rely on e-mail, text and voice do not have major security concerns when employees are using Apple and Google products with the latest operating systems. So don’t over react and put in a sophisticated and expensive MDM software package unless you really need to.
Matt Santill, Chief Information Security Officer, Broward College
Matt Santill is the Chief Information Security Officer at Broward College in Fort Lauderdale, Florida. Broward College is one of the largest colleges in the United States with over 68,000 students. Santill has also worked in security roles for a Fortune 500 and the Financial Industry.
We are in an era where mobile devices will be used for personal and business whether the enterprise allows it or not. Most organizations have already adopted the use of email on their smart devices. And smart devices owned by the enterprise have been used to communicate personally for years. We will slowly start to transition to a BYOD enterprise throughout most organizations. There will be very little boundary between work, personal, and social platforms. When we give employees the ability to work from any device, anytime, and anywhere it increases productivity levels substantially. There are some risks however to this new phenomenon. I will provide a short list of the risks below and the common ways to mitigate this risk.
It is very difficult to protect the data on devices that are not managed or owned by the enterprise. It is important that we are able to apply policies on the device that is connecting to the corporate network. These policies could be mandatory checks for anti-virus through a Network Access Control solution (NAC). A NAC can also verify whether a computer or device is up to date. This will ensure that the data that is stored on the machine will not be as susceptible to malware or a virus offloading it to a cyber criminal. If the device does not come back as having anti-virus or being up to date it shouldn’t be allowed on your network. Another key solution to prevent data loss is through a virtual application solution. One of the biggest players in this arena right now is Citrix but many others are in this space as well. The application virtualization solution allows devices to use corporate applications remotely through a web portal or an applet. This ensures that the data is never actually stored on the end device. All the applications are running in the cloud or on a server in the data center rather than on the local device.
Applications are more frequently going toward the Software As A Service model (SaaS). Corporate email is often times being accessed on personal devices. These applications could contain sensitive data. If the device is lost or stolen this could lead to the organization being breached. It is important that the organization has a way to remotely wipe their data in the event it is lost or stolen.. Many organizations are doing this with Mobile Device Management (MDM) solutions. The MDM solutions creates a secure container where the data can be deleted remotely if the device is lost or stolen. The organization may also just delete the information owned by them when an employee terminates.
These solutions can all be used together to reduce the risk of BYOD in the enterprise.
Michael Bremmer, CEO, Telecomquotes.com
Michael Bremmer is the CEO of Telecomquotes.com and has specialized in telecommunications for 22 years working with small & medium sized businesses.
Pros of BYOD
1. Happier employees because they can choose their own handsets/plans
2. Less technical management
3. Less expense because you’re not responsible for lost, stolen or broken devices
Cons of BYOD
The biggest challenge to BYOD/BYOA isn’t the device, it’s the unplanned HR issues/liability/security issues.
1. With the decline of unlimited data plans and data usage skyrocketing, how do you create an appropriate usage policy? What happens when an employee is consistently incurring overage charges for data from business use that their stipend doesn’t cover?
2. In litigation, if an employee’s device becomes part of an evidentiary proceeding and is seized, is this a violation of their 4th amendment rights? What their right to privacy with their personal property?
3. What about the comingling of business and personal data? For example, I lose my phone and IT remotely wipes it for security purposes, but I lose my pictures of my baby (because I’m stupid and don’t have a backup?)
4. Finally, data leakage is a HUGE issue. With smart phones, we have a powerful, highly portable repository for information that the company doesn’t own, with my own Google Drive, MS Skydrive & Dropbox on. All of these are potential security risks with back doors into my company network.
Paul B. Hill, Senior Consultant, SystemsExperts
Paul B. Hill is a Senior Consultant at SystemsExperts, assisting on a wide range of challenging projects across a variety of industries including higher education, legal, and financial services with the company for more than twelve years.He joined SystemExperts full time in March 2012 and coordinates the SMARTday practice.
Some of the pros of a BYOD policy for the enterprise include:
– Perceived cost savings resulting by shifting the acquisition cost of smartphones and tablets to employees
– An attempt to foster employee morale by granting employees the ability to adopt new platforms of their own choosing
– Eliminating a potential tax reporting burden if the IRS decides that company provided smartphones and tablets are taxable benefits
– Potential time savings by avoiding corporate dialing and data plans with carriers
Some of the cons facing companies when they adopt a BYOD policy include:
– Higher support costs: support staff may need to be trained to answer questions about a wider variety of platforms; multiple answers to address a single issue may need to be established, and some support staff specialization may occur
– Increased security risks: not all mobile platforms support all security features
– Handling of corporate: understanding where corporate data may reside, ensuring compliance with data retention policies, eDiscovery, and ensuring that all corporate data is being properly handled
– Balancing corporate requirements/liabilities: organizations are not yet requiring employees to sign liability waivers to protect companies that may accidentally destroy personal data if a device has to be remotely wiped.
Despite the risks, the desire to achieve cost savings and improve employee morale will continue to drive BYOD for the foreseeable future.
Peter Altschuler, Chief Marketing and Creative Strategist, Wordsworth & Company
Peter Altschuler is the Chief Marketing and Creative Strategist at Wordsworth & Company, and has been a highly influential innovator in the fields of technology to television production. He has also served as the marketing VP for NetOffice, the marcom director at Inference, and the head of the in- house agency at Candle Corporation.
There used to be countless reasons to avoid letting employees use their own devices. Now there are more reasons to encourage it.
The productivity advantages of mobile enterprise access extend from individual employees (who can get things done on the spot without waiting until they’re back at their desks or in front of a laptop with a wireless modem connection) to the business as a whole, since decisions happen faster, delays are eliminated, revenue- generating activities can bring in more money more quickly, and cost-savings actions (like correcting an operational problem) can prevent losses.
Yet security has always been a primary concern of IT, which wants to be sure that its data is protected, its backend systems can’t be compromised, and device users are really who they say they are. Now there are so many enterprise mobility management, mobile device management, and mobile application management tools on the market that security is much easier to ensure.
Costs have been the other major obstacle, particularly for creating enterprise mobile apps. The expertise, time, and effort to create the functionality, user interface, and device-specific apps that users want has often amounted to tens of thousands of dollars over a period of months. And, as with any programming project, whether done from scratch or using traditional SDKs (software development kits) and IDEs (interactive development environments), there are innumerable opportunities for bugs and security holes to be built in.
Though company-wide, bet-the-business mobile systems, such as those relied on by UPS and FedEx, will always require massive efforts, the everyday needs of employees should not require (and may not merit) costly, time-consuming major development projects. For the tasks and workflows that employees rely on to do their jobs, it’s easy to generate direct connections to an organization’s existing enterprise applications and data — without introducing the bugs and risks of custom-programmed apps — and do it in minutes… or less.
Webalo has eliminated all of the usual complexity and reduced app generation to an automated or step-by-step configuration process. Instead of highly skilled programmers, business users can master Webalo’s cloud-based process and create enterprise-to-mobile capabilities in as little as 30 seconds — transforming a BI (business intelligence) report into mobile-friendly form automatically or configuring an app that integrates CRM, database lookups, and order entry into a unified mobile app that runs natively on any Android, Apple, BlackBerry, or Windows smartphone or tablet.
For IT, Webalo provides out-of-the-box integration with the EMM tools from AirWatch, Aruba, Citrix, Good Technology, MobileIron, and Symantec. So It and end users can generate, almost literally, all the enterprise mobile apps they want and have those apps instantly protected — with no separate steps — by the EMM systems.
Details are at http://www.webalo.com and there are really easy to understand videos at http://www.webalo.com/videos.php.
Phil Hartstein, President, Finjan Holdings, Inc.
Phil Hartstein is President of Finjan Holdings, Inc., and oversees the direction and management of current assets and future investments as well as working with the company’s executive management team to execute the shareholders’ vision as a public technology company. Mr. Hartstein has worked in a number of technology and intellectual property related roles for over a decade. He is regularly invited to speak on a number of patent monetization related topics from third-party litigation financing to capital market trends, as he himself is a named inventor and patent holder with more than two dozen pending and issued patents across a number of disciplines.
BYOD can be managed and even mitigated with the right corporate policies in place-Corporate policies can be defined to filter network usage based upon individual user access privileges, device type, applications by risk profile, and even implement sandbox areas in which BYOD users can store and manipulate data while minimizing risks. Effective policy implementation and management won’t stop mobile malware entirely, but a BYOD policy lets a company quarantine areas that could be infected and protect malware injection from spreading to the rest of the company’s sensitive data storage.
Lack of BYOD policies-The use of mobile devices in all aspects of our everyday lives continues to become more prevalent and has escalated further with BYOD offerings at enterprises. While BYOD is seemingly harmless, the synchronization of device data to business network information leaves the company and devices open to malware injection. The increase in BYOD fuels much of the mobile market growth, but the lack of BYOD policies and protection also sparks the possible introduction to unseen and undetected malware.
Moreover, BYOD offers the promise of both lower IT expenses while increasing employee engagement and access on the job.
Reuben Yonatan, Founder and Cloud Communications Analyst, GetVoIP.com
Reuben Yonatan is the Founder and Cloud Communications Analyst at GetVoIP.com, providing guidance and assistance to small and mid size companies with all their communication needs.
Namely security. As such, it’s important that businesses weigh the two before diving into BYOD headfirst. Though the pros and cons can vary depending on the method of adoption and implementations, there are some general pros and cons to be aware of.
*Productivity & Efficiency*: In using one’s own device, an employee is going to be more knowledgeable and comfortable. Why? Because they know the device. Employees don’t have to spend time adjusting to a new operating system or display. Instead, they operate in the comfort of their own device. As a result, employees are bound to be more efficient and more productive. They know how to use their own device, which can cut down the time it takes to complete a task.
Mobility: In allowing employees to use their own tablets, laptops, and/or mobile devices, you are granting them mobile freedom. Business users that implore BYOD can access work emails and information from home, on the road, or anywhere else. Users are no longer confined to the office’s resources.
Cost Efficiency: Businesses can cut costs of office resources dramatically by allowing users to use their own devices. As such, businesses may not need to buy phones, computers, or other technologies in as great of quantities (if at all). Furthermore, in extreme cases, BYOD can even help in-office businesses to remote/home offices. In using one’s own device, users connect to the company’s network from anywhere. As such, you may be able to move a portion of your employees out of the office to save space, or even to get a smaller office space and save money.
Updates: With mobile devices, tablets, and laptops, upgrades/updates are much more common. As such, employees using their own devices are likely to stay more up-to- date. This can help improve efficiency and productivity, as well as security—i.e. the more antiquated something is, the more susceptible to security breach it is.
Cost: Though there is a big window for greater cost efficiency, it is not guaranteed. As employees use their own devices, businesses may be able to cut cost on hardware and devices; however, they may need to invest it elsewhere. For example, business applications may need to be adapted for different devices. Additionally, there may be a need for extra support and management services, which also require additional funding. And of course, businesses may want to account for more security, too.
Security: This is probably the biggest/most common concern. There are a number of people who feel that BYOD, and the number of different devices it brings, has made security all the more challenging. Why? Because the company ultimately has significantly less control over devices it doesn’t own. In addition to this, what happens to data in the event a phone is stolen or lost? What’s the course of action? Also, how can a business control a device they don’t own? Typically, company devices are fit with acceptable use policies; however, it’s infinitely more complicated for IT departments to tell employees what to do with their own devices.
Past the usage issue, it’s harder to differentiate which devices are accessing which systems/data. With a number of different devices it can be harder for businesses to control enterprise data access. As such, business’s networks and systems are much more susceptible to infiltration and security breaches. For example, a singular mobile device attached to a company’s network can be breached via email. If this is done, the network is not only compromised, but since it’s a single device, the business won’t know the source (as they can’t see the source of the breach—which here is the email). *Boundaries*: What constitutes possession? Again, it’s hard for a business to tell someone how to use their own device. Additionally, what happens to users’ saved data when they no longer work for a company? Though this can be stipulated, it can still be tricky to draw the line between where employee ownership starts and ends. Furthermore, what happens if the device is lost or stolen? Is the employee to blame? Can he or she be held accountable? BYOD comes with a lot of variables; therefore, enterprises may want to steer clear of it altogether.
Adopting a BYOD policy is not an easy choice, especially for an enterprise. While there are a number of advantages that can really augment an enterprise’s performance, there are a few critical aspects to concern yourself with.
Rick Braddy , Founder and Managing Partner, SoftNAS
Rick is responsible for SoftNAS day-to-day operations, finances, business and technology strategy, product development and e-commerce infrastructure. Rick also looks after online marketing, lead-generation and product launch strategy. Rick is also a serial entrepreneur and former Chief Technology Officer of the CITRIX Systems XenApp and XenDesktop group and former Group Architect with BMC Software. He is an innovator, leader and visionary with more than 30 years of technology experience and a proven track record of taking on business and technology challenges and making high-stakes decisions.
• Makes people happier and more productive, when used properly for business purposes
• Companies can avoid costs associated with providing these devices to employees
• Employees get to choose the device they prefer
• BYOD are “unmanaged” devices, which increases risks associated with security, virus infections, improper use for non-business purposes on company network and premises
• IT does not control these devices, which makes IT uncomfortable due to potential security and related risks
• For example, employees may connect their own PC to corporate networks and accidentally infect the corporate network with Trojans, spyware, viruses and other maleware
• In order to manage these devices, IT may incur additional expenses and be forced to deal with a broad range of incompatible (non-standard) devices and versions
• Some employees may use these unmonitored devices for personal purposes during business hours, making employees less productive
Scott Moffitt, vCIO & Director of Business Development, NCC Data
Scott Moffitt is vCIO & Director of Business Development for NCC Data, a top performing independently owned IT services and communications company.
– Extended Work Hours
– Faster Responses
– Happier Workers
– Saves Money
– Security Management
– Controlling Acceptable Use of the Device
– Keeping Company Data Private