BYOD, or bring your own device, is not a new concept, and has gained a great deal of traction over the past few years. In theory, merging business and personal activities on a single device is an attractive idea.
As an employee, it means fewer devices to carry and more freedom in terms of apps and entertainment. The ability to store a playlist of your own music can be an invaluable concentration aid for those typing long reports or analyzing large excel spreadsheets.
From an employer's perspective, the cost factor can be a potential benefit - no need to plan and pay for dozens of the latest smartphones.
So, in theory, BYOD can mean user-friendliness, higher productivity, less costs, etc. Coupled with the boost in morale that supposedly comes with such a policy - employees cheering at the ability to use their own beloved devices, it sounds like a great idea, even if it includes Clash of Clans.
What could possibly go wrong?...
The answer is, as many already know, a whole lot. That's why prepared a top 10 list of the potential pitfalls of BYOD.
10. Employee resistance
Contrary to popular opinion, not all employees embrace the BYOD concept.
Firstly, some employees might not have the right devices their job requires. If they are supposed to buy one, it might result in a backlash.
On top of that, there might be additional hassles for its use, such as monthly expense reports, budgeting to pay for the monthly fees, learning new technology, transferring data, ensuring compliance with security policies, and more...
In addition, mobile security is difficult to achieve, and in a BYOD environment, a large part of the burden is shifted to the user.
9. Liability for the device
Who covers the cost of a lost, stolen or destroyed private device used for business? Does it matter if the trouble occurs during working hours or leisure time?
For example, your assistant drops his thousand-dollar smartphone while talking to a client. He claims that he is doing job and the device should be paid for by the company. Most likely, the company buys a new device to avoid unnecessary hassles. Several months later, however, the employee leaves the company. Who is supposed to keep the device?
If you believe that the company is not liable, the deck may be stacked against you, according to a Californian court case from August 2014. The gist of the case was that a company is liable for bills incurred for business purposes, regardless of ownership of device, because the company could not push real operating expenses onto the employee, even if the employee was not the one footing the bill.
8. Licensing & legal issues
BYOD can also be a licensing nightmare. IT needs to consider all the business-related software and app licenses for each device, as well as audit carefully in order to ensure the costs of mobile device management (MDM) solutions accurately reflect the number of devices.
In addition, under some licensing models, in particular for large-scale deployments, software can only be installed on devices owned by the company. If BYOD includes laptops and tablets, desktop virtualization can solve some of these issues, but it's not a universal cure.
An audit finding improper licensing practices can cost large organizations a great deal of money. There is software that manages licensing available but that's yet another cost on the company's shoulders...
Beyond licensing, there can be other legal issues which seem to be in no-man's land.
For example, it is unclear who might be liable if a device used both for work and personal purposes was found to be used for illegal downloading.
Limiting yourself to a single device or a small device ecosystem using a set list of apps and activities can prevent security and licensing issues, as well as legal problems.
Proponents of BYOD often tout the productivity gains of the solution, claiming that having the same device at work and at home means employees put in more hours or have easier access to key documents and files, and therefore lose less time accessing them. Having the same phone for work and personal makes employees more available, and more likely to work after hours.
However, this argument is flawed. For every employee who improves the bottom line, there can be another who wastes an hour on Candy Crush or Facebook. Personal devices are fun, and business devices, well...aren't. Nor are they supposed to be.
The time spent on a business device locked down for that purpose is by definition more productive than similar time spent on a phone where you can simultaneously check email, Facebook statuses, tweeting... Potential productivity is not the same as productivity.
Even if an employee is not prone to wasting time, not all are technophiles. If left to their own devices, half an organization might select Android, a third Apple, and another small proportion BlackBerry and Windows, without considering interoperability or availability of the appropriate apps for work. An inability to cooperate on shared platforms can potentially kill productivity and force employees and IT alike to find workarounds, rather than simply working.
A single or defined device list solution with a defined set of apps, a limited set of supported OSs, all backed by a strong MDM solution, can provide the productivity required with minimum distractions.
6. Termination policy and data theft
If your BYOD policy does not adequately plan for and cover employee departure or termination, the chances of data theft increase exponentially. In a 2013 survey, 59% of ex employees admitted stealing data from their former company.
If an employee is leaving, on good terms or bad, it is important that policy covers the event thoroughly. An employee-acknowledged action plan must be provided, covering removal of access to shared corporate resources, wiping all data on the device, and possibly even an IT security check of the data on the device. Particularly in the case of a dismissal, the plan should include an audit of the levels of access the employee has.
Apprising IT and having them on stand-by is a must, as preventing and removing access can take time, especially on a device you cannot legally confiscate.
5. Hidden costs
While in theory the company can save money on devices, other costs can skyrocket.
If managing multiple devices and OSs, support costs can increase exponentially.
Licensing has already been mentioned as a potential additional cost, as organizations may not be able to take advantage of bulk-pricing plans designed for company-owned devices.
In the same manner, companies lose control over the cost of phone plans, being unable to take advantage of bulk rates. When employees expense their call and data plans from individual carriers, the cost is likely to be much higher than the bulk plans accessible to larger organizations.
Companies can conceivably be blindsided by these costs 3-6 months after implementation as promotional pricing for the data plans chosen by employees runs out.
Incorporating any new policy requires significant training. When it comes to BYOD, this training will include the particulars of the new policy and training on how to integrate the many devices into the corporate infrastructure - VPN, email, etc. Not to mention the training the IT staff might need to handle with he influx of new devices, and possibly the mobile device management solution required to accommodate the change in policy.
There are strong support and training benefits to maintaining a single device or a limited list of acceptable devices.
3. E-discovery and information governance
It is much more difficult to keep track of data created or stored on non-corporate owned devices, as well as to ensure that corporate data is being stored where it should be.
With access to cloud services, such as Dropbox, Microsoft OneDrive, Google Drive, and numerous others, it is nearly impossible to ensure that employees keep their sensitive data where it belongs - in the organization.
This too can have legal ramifications. According to the Federal Rule of Civil Procedure (FRCP), a business must store and be able to provide electronically stored data under its control upon demand. Should your organization be the target of legal action, employee devices and all data therein could potentially be subject to legal hold. How will this be handled in a BYOD environment?
2. Planning the transition
Although organizations share common urgencies, such as such as security, data retention, productivity, and collaboration, most have individual needs.
In implementing BYOD, the unique factors of your organization must mesh with the common needs, often resulting in a great deal of compromise. Planning a transition to BYOD must identify the areas of compromise and those without.
This can be a tremendous undertaking, in particular in a large environment, or an exceptionally complex one. Software companies might not employ a large number of people, for example, but might have small groups working on multiple projects, each siloed off from one another in some respects, but needing collaboration on others. For such an organization, simply budgeting for and finding the time to do a proper analysis of the needs can be cost prohibitive.
Drafting a policy that covers all of the issues raised above can be time consuming and involve hefty legal expenses to ensure that it covers all use cases. Even planning the transition can have a significant cost, though the cost of not planning such a transition is likely admittedly much higher.
If you don't have time to spare for such a large endeavor, or the budget to spare to hire a team of consultants to help with the planning and implementation, maybe BYOD is not for you, at least not yet.
And of course, the number one spot is not a surprise to anyone. If you search for anything regarding BYOD, security is the number one concern. It is all encompassing, covering many of the points raised earlier, such as data retention and theft. Network security can be compromised, and malware can be brought in by employees unaware of the risks of third-party software.
A BYOD implementation done wrong can be a little bit like the wild west, with your neighbors as outlaws, and mob rule creating some very poor decisions. If not kept in check with iron-clad policies, an MDM system in the back end, and IT staff able and willing to educate their users and enforce policies, any benefit will be lost.
A single-phone deployment, with a highly secured OS and an MDM solution to push policies is proven to be more secure than the best multi-device platform, simply because there are less moving parts and holes to patch.
If security is your prime concern, there is no question that a locked down device ecosystem, with only one device type or a limited range of devices, coupled with a secure administration system, is the best way to go.
BYOD is a decision that has been proven to work for certain organizations, and there is a strong trend to follow the successes of others. Adopting BYOD is a decision that must be well-considered, and what works for one organization might hamper another.
Mobile and enterprise analysts tend to push for BYOD because it encourages growth to their market, in providing solutions to manage the artificially created complexities of a multiple device workplace. In many cases, these analysts push a perception that not adopting BYOD is an archaic mindset, rather than a carefully considered position. This is a marketing position, pure and simple.
After nearly a decade of being the "next big trend", only half of large enterprises have adopted it, and with good reason. Security risks are the most commonly cited concerns, with cost a close second.
There are proven cost and security benefits to supporting a limited number of devices, apps and operating systems.
If security, lower support costs and stable, foreseeable operating costs are more important than the potentially illusory cost benefits of not paying for hardware, increased productivity, and employee morale, then do not discount your feelings. Your organization may not be ready for BYOD yet, and indeed, it may never be right for you.