Why BYOD Programs Face Limitations

CIO Insight Staff Avatar

Updated on:

By Owen Wheatley

A policy that allows employees to bring their own devices (smartphones, laptops and tablets) to their workplace and use those devices to access company information and applications is not a new concept. In fact, the bring-your-own-device (BYOD) phrase was first coined in 2005, but, unlike some IT trends, this one has raced along the maturity curve exceptionally quickly.

BYOD Opportunities

The concept of BYOD was driven by three principal forces: First, the enhancement of mobile technology capability; second, the rise of the “personal cloud” in which most major software offerings are now available via the internet; and third, the changing expectations of users who demand the same access to IT performance at work that they enjoy at home.

From the employer’s perspective, BYOD is an opportunity to enable a happy workforce, make employees more mobile and more motivated, with the associated increases in productivity and talent retention.

So what’s not to like about BYOD? Given the apparent benefits to both employees and employers, we should have seen stratospheric adoption of BYOD across all industries, yet as recently as mid-2013, less than 10 percent of organizations had implemented formal BYOD programs. In the last two years that figure has grown, but some reports suggest it is still no higher than 60 percent. Considering the obvious advantages to BYOD, that seems low. So, what are the constraints and what does the future hold?

The most obvious constraint is security. The simple truth is that when a device has a dual use (work and personal), the company can’t be sure that the user has done everything required to keep that device secure for business use. Conversely, users have concerns about keeping personal data private. On top of the risk of personal device hacking by malicious third parties, BYOD also raises the spectre of data theft by employees, who may be able to create their own wireless network and log into corporate applications without being monitored. Concerns about data security and privacy account for almost 80 percent of those organizations ruling out BYOD as a concept. Also, the cost of mitigating those risks (perhaps through a layered approach by deploying containers from the device to the network to the cloud) can be significant.

The proliferation of eligible devices, including wearable devices and the rise of the Internet of things, provides further motivation for the organization to consider including loss of standardization benefits, lack of control over hardware and the breadth of required support expertise.

Organizations are therefore wrestling with this balance. On one hand, they want to empower employees and enable greater business agility. On the other, they are worried about security and spiralling costs of control. This conundrum may be the reason that BYOD adoption has stuck at around the 60 percent mark. As a consequence, many firms are devising hybrid models such as “choose your own device” (CYOD) which allows employees a degree of device freedom but restrict the options to a defined list (Android and iOS devices are almost always included on such lists). This helps contain the proliferation risk and cost. Other limits might relate to geographical restrictions or data access levels granted to employees. All these measures dilute the basic BYOD concept and corresponding advantages, but serve to tighten the security and cost case for adoption. Additional education for employees (e.g., to guard against phishing emails) and considering BYOD devices for standard, consistent patching might also be compromises worth investigating.

It is possible that BYOD is just the first step towards what some are calling the “BYOX” revolution, where ‘X’ could be anything or everything from BYOA (app), BYOI (identity), BYOT (technology) or even BYOC (cloud). Certainly, as technology becomes more consumerized, employees expect their organizations to keep up. However, the likely outcome is the concept of tempered freedom and the over-riding message is: bring your own device, but expect limits to what you can do with it.

Owen Wheatley is the director and head of Banking, Financial Services & Insurance Sector, UK, Ireland & Netherlands, at ISG.

CIO Insight Staff Avatar