Introduction to BYOD
Organisations can no longer assume their people are only going to work on corporate devices.
Bring your own device (BYOD) policies have gradually developed as employees have required access to restricted content via secure networks using their own devices. This has significantly changed the way IT departments and security officers manage mobile devices.
What is BYOD?
BYOD specifically relates to a situation where organisations have an internal policy of enabling their employees to use their own devices (mobile phones, tablets and laptops) instead of supplying the equipment directly.
One of the fist considerations for employers must be data protection. In the UK, the Information Commissioners Office highlights that any organisation who operates a BYOD policy must ensure that any devices and operations comply with data protection requirements.
For financial institutions, there are other serious regulatory requirements governing the recording of electronic communications on devices used for business activities.
Policies must be clear, easy to follow and above all robust enough to withstand the tightest of regulatory compliance requirements.
Implementing a BYOD policy can introduce a number of benefits.
People are inherently strange. Twenty years ago we would never believe that people could develop a strong emotional bond with an electronic device. However, mobile devices and mobile phones in particular are considered to be a fundamental aspect of so many peoples’ lives.
Added to this, every BOYD device has a specific way of working. When people initially begin their careers, they are now highly likely to have been using a smart device (tablet or mobile phone) or even computer brand with which they are comfortable.
Even people who have adopted mobile devices later in life, brand association and technical familiarity can be seen to be important.
Therefore allowing people to use their device of preference for work related activities can increase employee satisfaction as people are empowered to use the device they know and, however irrational, love.
Staying current and up-to-date
Technology changes so fast, yet IT departments are often slow to implement major updates. Sometimes such updates can occur when absolutely critical. Just think back to the delay which many departments took from upgrading Internet Explorer to the latest version.
Fear of the unknown is often cited as a major barrier, however, in truth cost and manpower required to carry out an upgrade are major factors for organisations not staying up to date.
By implementing a BYOD policy, users are more likely to maintain their own device to the latest standards themselves.
This reduces the pressure on IT departments to procure and update to the latest versions themselves. With a robust BYOD policy in place, the impetus is also in the employee to ensure that their device is still compliant.
Significant cost reduction
Through a BYOD policy, transferring responsibility to purchase to the employee reduces the capital overhead of procuring and maintaining devices. It also reduces the cost of insurance which would also be the responsibility of the user.
While this may be expensive for the employee, in many cases the freedom of choice is perceived as a far greater benefit than the actual cost of purchasing a device.
It may also be possible for larger organisations to agree discounted purchases for particular devices through suppliers on a bulk discount agreement, reducing the cost for the employee in the first place.
While it is generally accepted that a happy workforce is a productive workforce, employee productivity can also be increased through a BYOD policy as a result of the increased familiarity of an employee with their device.
Forcing an employee to use a device which they do not want or like means they are less likely to use it, and also more likely to make a mistake.
By using their own device with which they are already familiar, employees are able to work and operate more efficiently, and are more likely to work out of hours as a result.
Decreased demand for IT support
BYOD policies also ensure that, by being in charge of the maintenance of support of their devices, employees automatically reduce the demand for support calls on IT departments.
This reduction can reduce overheads and also improve the operational efficiency of IT departments as they are able to focus on non-support issues. This could ultimately mean that an organisation can be technically more efficient as they can provide more resource to development, rather than support and maintenance.
Increase out-of-hours engagement
Research, and our own behaviour, has shown us that we use our personal devices as much as we watch television out of working hours. We use devices for social media, emails as well as general internet use.
Using devices which have a shared work and personal function mean that while using devices for personal use, we are also likely to stay abreast and respond to out of hours messages.
This is particularly useful for organisations with teams and departments in multiple time zones as it means responses to questions can be delivered in a more timely fashion.
Added to this, people are less objective to out of hours conference calls. While they may not be considered a pleasure, being able to be “at work” for longer hours can significantly improve the operation efficiency of an organisation.
Working from home
As the speed of internet connections increases, either via fixed line or mobile networks, the opportunity to provide working from home options also increases.
Combined with the increased demand for flexible working conditions, working from home is less of a privileged option and more of a requirement which organisations are obliged to support.
To enable such an approach, it is important that people are able to function from home as if they were in the workplace.
Traditionally people may have been reluctant to purchase the equipment required to be fully functional at home, however the benefit of being able to work from home increases the likelihood of making it happen.
For many, working from home is less of a regular occurrence and more of an emergency situation where proximity to home is required (for example, sick children, poor weather and major transport disruption).
Implementing a BYOD policy ensures that any devices used from working from home are compliant with security and data protection requirements and regulations. This means that even in the most security conscious organisations, working from home is a viable option, bringing with it all the benefits working from home can offer an organisation and its employees.
Disadvantages of BYOD
While a BYOD policy can offer a significant array of benefits there are a number of disadvantages which implementing a full BYOD policy could lead to.
Increased security risks
Even with the most robust BYOD policy, there is an inherent user security risk. However, in truth this applies with a BYOD policy or one where the organisation provides the devices for employees.
However, when employees are using their personal devices for business purposes, the division between work and personal can become unclear.
This could lead to potential security breaches.
With the correct use of technology and applications, these risks can be minimised, however it’s important to not intrude on purely personal activities.
Technology support knowledge requirements
The sheer range of devices which need to be understood to be able to support a BYOD policy within an organisation requires an investment of time, resource and understanding. It’s important that when creating a BYOD policy, organisations understand the limitations of particular devices to be able to incorporate the necessary employee requirements to ensure compliance with the policy itself.
It is important for policy makers and IT departments to understand the implications, opportunities and limitations which each device offers.
Expense management complexity
While BYOD policies can be incredibly cost effective, managing expenses can often be a significant deterrent for both the organisation and the employee. After all, if a device is for business use, it makes the costs easy to monitor, even if it’s more expensive.
With employees using their personal devices for business use, naturally they will wish to expense some/all of any costs associated with business activities.
For various departments, managing and reviewing these expenses can be both time consuming and expensive. Employees may also be disadvantaged as the rules surrounding expense management can be complex, which decreases the likelihood for them submitting expenses – or they will accumulate them over a period of time which actually makes it difficult for the organisation to budget.
Managing a BYOD Policy
One of the main blockers to implementing a BYOD policy is the potential for a loss of control over the technological access. Often this will develop into a fraught discussion about security and risk.
One of the key elements of being able to manage a BYOD policy is securing data, both at source and when it is being accessed via a network – and all while not interfering with personal use.
From an end-user point of view, the goal is to be able to do everything on a personal device that you would do on a device provided by the organisation. This would mean sensitive data could be downloaded and accessed which would require a centrally BYOD managed system enabling the deletion of key data if the device was lost, stolen or the employee left the organisation.
An IT department may wish to have a BYOD managed policy where there is limited access to secure data, essentially meaning that data is not downloaded onto the device and everything is accessed in real time. Many BYOD apps offer this as their solution, rather than downloading locally for security purposes.
When making decisions about your BYOD management approach, you need to consider what level of security and access you wish to maintain over personal devices. Certain apps will enable full security control, while others will offer little to no control.
Depending on your approach, the technology available and the sensitivity of your data, your BYOD policy should be evolved to match.