BYOD, BYOT or BYOP?
Do you BYOD, BYOT or BYOP? In a business world cram-packed with acronyms and monikers, you’re forgiven if these three terms seem unfamiliar. However, you will know about BYOD practice. BYOD (Bring Your Own Device), BYOT (Bring Your Own Technology) and BYOP (Bring Your Own Phone) are integral to IT consumerisation. Put simply, IT consumerisation is the overlap of technology devices for business and personal use.
Explaining BYOD
Confused? Let’s start again. The workforce today has an increasing number of younger, more mobile individuals who grew up with the internet. These people, often having the latest phone, tablet or laptop at home, find it difficult to distinguish between personal and corporate technology. They expect that the device they use for play should also be used for work purposes. Consequently, the BYOD trend has exploded in enterprise with many people preferring to work with technology with which they are accustomed.
IT Consumerisation
BYOD is underpinned by IT consumerisation. Traditionally, new technology would flow from business down into the consumer market. A good example is the desktop computer, which first made its mark in enterprise and then became a household item. IT consumerisation has reversed the process whereby new technology is placed in the consumer market and works its way into business. Examples of devices are numerous including iPhones, smart phones, iPads and Microsoft Surface. In 2005 Garner Inc., a Connecticut based IT research and advisory firm, had this to say about IT consumerisation:
“The most significant trend affecting IT in the next 10 years.”
What BYOD and IT consumerisation means for businesses
BYOD is part of that ‘significant trend’. And, like it or not, BYOD is embedded in all but a handful of small to medium size businesses (SMBs). So what does this mean to you as a SMB owner or executive? On a positive note, it implies increased productivity, reduced expenditure on hardware and content employees. But the news isn’t all good. BYOD also has a dark side. It poses a threat to your IT infrastructure and invaluable, sensitive company data unless it is fully regulated and monitored.
BYOD driving forces
IT self-sufficiency and independence are the driving forces behind BYOD. Your employees who own the latest laptops and mobile phones will find these technologies empowering. So when having to dumb down and use outmoded devices instead of their own in the workplace, in all likelihood you’ll be faced with disgruntled employees.
Personal devices are usually newer, quicker and have more applications than those deployed by IT department for use in the workplace. Technologies such as large-screen phones, tablets and ultrabooks are changing the way people perceive working. SMB IT departments will find themselves playing catch-up and may not buy into the notion of BYOD. Issuing employees with standard and approved hardware and software is surely simpler than permitting a limitless array of technologies and applications in the office. By default, standardisation also implies full control and maintaining an IT infrastructure that is secure and less vulnerable to breach and data compromise.
However, waging a war again BYOD is pointless. As an analyst from Ovum, a digital business intelligence company, confirms:
“Trying to stand in the path of consumerised mobility is likely to be a damaging and futile exercise.”
If this statement is to be taken to heart, then the best a SMB can do is acknowledge the pros and understand the cons of BYOD.
BYOD pros
For any SMB, operating a BYOD strategy has several key advantages. Spend a minute considering the value of four of these for your business:
- reduced spend on hardware and software licensing
- cost savings on device maintenance
- employees have increased work flexibility
- increased productivity since employees work efficiently with their own technology
The VP of Good Technology, a mobile security company based in California, has this to say of BYOD:
“By enabling employees to securely and easily access corporate data on their own device, productivity levels will naturally increase. In terms of cost savings, there are huge benefits, since SMBs will not have to manage and fund a second device for employees.”
A director at the Xceed Group, a London based IT solutions outfit, adds support for BYOD:
“At Xceed Group, allowing the use of consumer devices has helped improve both productivity and staff motivation.”
However, Xceed also believes that SMBs must proceed with caution when implementing BYOD across the board:
“For a company to decide if a BYOD strategy would work for them they need to ensure due diligence is conducted – simply evaluating the benefits versus risks.”
BYOD cons
While Good Technology and Xceed are clearly in favour of BYOD, it’s also easy to spot their reservations. Terms such as securely and due diligence compound the fact that BYOD can put your network and sensitive business data at risk if not well-managed and maintained.
As an SMB owner or executive, you need to fully examine the implications of allowing company data to be accessed on personal devices over which you have little or no control. Reflect on these questions before exploring the cons of BOYD in more depth:
- How secure are the personal devices used by your employees?
- What company data is being accessed via BYOD and by whom?
- To what extent are business files shared and stored on personal devices?
- How is your network protected should a personal device be lost, stolen or compromised?
- What security measures do you have to erase company data should an employee leave?
You’ll quickly spot the clash between convenience and security. Also, the cost savings associated with BYOD can disappear in a flash should a breach occur and critical client and company data ends up in the wrong hands. With IT consumerisation as a mainstream practice in the workplace, there is an increased risk from threats including viruses, malware and malicious hacking. Loss of personal devices with weak password protection also significantly contributes to your company data being vulnerable.
Effectively implementing BYOD in your business could make a dent in your IT budget. While saving on upfront hardware expenditure, you may spend considerable sums on integrating and supporting a diverse range of employee technologies. Good Technology confirms that Android devices can be particularly problematic when it comes to BYOD:
“Android devices can be complex to manage as there are just so many different flavours – a huge variety of devices and a number of different versions of the operating system.”
Device loss, limited password protection, and technology integration are not the only shortcomings of BYOD. Research shows that the greatest risk of data compromise is not having an effective BYOD policy in place. Any SMB with BYOD on board and thinking that ‘it’ll never happen to us’ needs to have an immediate rethink. The fact is that ‘it does happen’ and the only way to avoid disaster is for a company to adhere to a sound BYOD policy. Xceed is of the belief that IT vulnerabilities are manifested when a SMB is not cognisant of the risks attached to BYOD:
“Businesses need to recognise the importance of taking action. By ignoring the problem they may unwittingly expose themselves to attack and, as a result, legislative or reputational threats.”
Incorporating a structured BYOD policy into your business will involve two fundamental stages: planning and implementation.
BYOD policy: planning
With the relatively rapid adoption of BYOD in the workplace, most IT departments and managers have understood the need to develop and implement rigorous policies to control and monitor personal devices. In any SMB, network security is a fundamental principle that underpins smooth business operations. Besides password-protecting devices, these policies usually encompass the encryption of sensitive data, prevention of local storage of corporate documents and, where possible, limiting access to non-sensitive areas.
Research from Good Technology states that IT managers need to comprehensively understand the requirements for network and data security when planning an effective BYOD policy. In essence, they believe that a BYOD policy is a solution matching a need. In support of their belief, Good Technology states:
“In addition to addressing immediate needs, the right solution will be scalable and manageable, and can grow with an organisation as its mobility strategy evolves and changes.”
Before implementing a BYOD policy, you will need to conduct a thorough audit of all devices, both company and employee owned. You need to establish which parts of your IT infrastructure are accessed by which devices. You also need to decide on any restrictions you will enforce, such as limiting social media access and remote deletion of company data without consent of the device owner.
BYOD policy: implementation
There are three basic stages in the implementation of a successful BYOD policy. The first stage is secure device management. Once in place, employees can work using their own devices and you find higher levels of loyalty and improvements in productivity. However, it is in stages two and three of BYOD policy implementation that real mobile productivity and insight comes into play. In these stages, the focus is on mobile applications and data, not the devices themselves. Stage two involves tracking and deploying mobile applications. Stage three takes this a step further where mobile collaboration is established through secure app-to-app workflows. When you attain this level of mobile flexibility, mobility via BYOD technologies becomes a true catalyst for positive changes in productivity and efficiency.
Remember that the primary function of a BYOD policy is to prevent data loss or leakage. Xceed Group offers this advice on planning and implementing a resilient and broad-based policy:
“Where any device accesses or stores corporate data, a full risk assessment should be carried out against a variety of threats, and appropriate mitigations put in place. This could include anti-malware, encryption, passcodes, remote wipe, preventing jailbreaking, and sandboxing.”A BYOD policy that works will enable you to secure your data, not simply the device. By applying this approach, your IT department or engineers need not worry about compromising security in the name of usability.
Happy people and healthy profits
As a SMB owner you rely on dedicated employees, willing to go the extra mile to keep your business on track. BYOD is one of several offerings that will lead to a satisfied workforce and enhanced productivity. And increased profitability usually follows greater productivity. Here’s what Good Technology have to say about happy people and healthy profits:
“All in all, BYOD is about being innovative and helping your employees to work better. Employees want to use the devices that they are comfortable with in the workplace. They want to have the same experience at work that they have at home. People are used to using applications now, rather than browser-based solutions. By giving employees what they want, companies will ultimately benefit.”
Knowing that IT consumerisation and BYOD are here to stay, you understand that mobility is vital for the business of the future. That said, greater mobility also implies greater data and network vulnerability. However, providing that you have an extensive BYOD policy in place and one which is adhered to, the risk becomes negligible while your SMB will prosper from using the latest technology made available by your employees.
