Bring Your Own Device

BYOD face-off: The case for, and against

Can't decide whether to implement Bring Your Own Device? Two CIOs explain how they made their decision.

There's a lot of buzz about how the next big shift in corporate computing will be employees using their own devices at work.

Yet there seems to be confusion about what the Bring Your Own Device (BYOD) trend means for the IT department. The death of the corporate laptop? Helpdesks supporting every conceivable computing device? Will implementing BYOD be a trivial matter, and is it even possible to opt-out of BYOD altogether?

To find the answers to these questions TechRepublic spoke to two CIOs to find out why one is implementing BYOD - and another is holding back.

Holding fire on BYOD - Paul Green, CIO at Sheffield City Council

Paul Green, director of Business Information Solutions, at Sheffield City Council. Photo: Sheffield City Council

For Paul Green, director of business information solutions at Sheffield City Council, organisations shouldn't start by asking whether they should implement BYOD. A better first question, and one that Green is asking at Sheffield, is: 'Which devices are best-suited to allow employees to do their job?'.

The best device - when considered in light of factors such as integration with back-end systems, information sharing and security - he said, may or may not be a consumer one.

While staff may instinctively prefer the gadgets they have at home, Green said that doesn't mean consumer hardware will always be the best tool for every job.

"At home I have an Apple iPad and an iPhone. At work I have a BlackBerry and a laptop computer. The reason I operate that way is because my role in enterprise is very different to how I consume and share information at home," he said.

Green foresees several negatives of BYOD for the organisation and for the individual.

Firstly there is the issue of support under BYOD. Individuals will have to take more responsibility for troubleshooting personal devices, as it won't be feasible for the helpdesk to provide the same level of backup that they do for corporate devices.

Green questions whether staff will struggle to fix devices on their own, and whether manufacturers of consumer devices have the relevant support structures in place to help individuals resolve technical problems swiftly.

"It's less critical if you can't update your Facebook status than not being able to undertake your job role," he said. "If someone has an iPad and they have not got the right support, that individual potentially could be inactive for three to five days."

There's also the question of liability. Green is concerned about the complexity of resolving issues such as whether the individual or the organisation is liable for taxes on equipment and services purchased in relation to a BYOD scheme, or for licensing the software accessed using a BYOD device.

And then there's difficulties around security and management of devices. While organisations can restrict supported BYOD hardware to devices they know can be patched, Green says it is already difficult to get corporate laptops users to log on from outside the office so that regular updates can be applied.

These potential problems, liabilities and additional responsibilities are something that individuals, as well as the business, will have to consider, according to Green.

"Individuals also need to be extremely well-informed about what responsibility they are taking if they wish to pursue a BYOD route. They are increasing their own risk and they would have to judge whether that outweighs any potential benefit," he said.

Despite these caveats, Green said that staff are asking questions like 'I can do this at home, why can't I do this at work?'. But before rushing to implement BYOD, Green said, it is better for the IT department to first consider how they can make the computing experience better for staff.

"I think by carrying out this strategy we are potentially reducing any potential benefit that BYOD policy would introduce, while still maintaining the same level of assurance, security and scrutiny, and more importantly best value to the organisation," he said.

Backing BYOD - Jos Creese, CIO at Hampshire County Council

Jos Creese, CIO at Hampshire County Council. Photo: Hampshire County Council

At Hampshire County Council, CIO Jos Creese is preparing for the roll out of a BYOD scheme, which will begin later this year.

He sees BYOD as an irresistible force that the IT department would be foolish to stand in the way of, for fear of holding back the business.

"There's a certain whiff of inevitability about Bring Your Own Device, as there was with PCs in the early 1980s," he said.

"You don't resist inevitable IT trends, whether they are cloud, BYOD, social networking - you find a way of harnessing them and using them to allow the organisation to do what it needs to do."

Demand for BYOD has trickled down from execs wanting to use their iPhones and iPads at work, and from staff in general looking for more options to work flexibly, he said.

"It makes sense for us to say 'We will find a way of doing that', because it increases staff productivity," he said.

Creese believes that much of the opposition to BYOD arises from the presumption that it means wholesale replacement of corporate PCs with personal devices. Instead Creese sees BYOD as giving staff a choice between using a personal or corporate issue device at work.

"It's an extension of what IT should be doing any way around supporting mobile and flexible working," he said.

"We will still have people who come into work, they will have a desktop, they will work in the normal way, and we will be providing managed laptops and all those sorts of things to people."

The key to keeping BYOD manageable, as Creese sees it, is giving staff that choice between personal and corporate devices at work, rather than forcing them to choose one category of device.

If staff have this choice, it remains feasible to limit support for BYOD without the threat of staff being without a working device.

"There is a misplaced assumption that by allowing people to bring their own device you support every possible device known to mankind, now and in the future, and that you will support at the same sort of level of technical competence that you previously had when you were providing managed devices," he said.

Preserving employee choice between a work or personal device also resolves the issue of what BYOD services and equipment can be charged back to business. Nothing can be charged back as it remains the employee's choice to use BYOD hardware over the corporate issue alternative.

The cost to the IT department of ignoring demands for BYOD could limit its ability to influence future business decisions, he said.

"It's absolutely essential that IT is seen as an enabler of business change and improvement, not a barrier to it," he said.

About

Nick Heath is chief reporter for TechRepublic UK. He writes about the technology that IT-decision makers need to know about, and the latest happenings in the European tech scene.

8 comments
mark.owens
mark.owens

BYOD - A massive can of worms if ever there was one. Even on a data protection level it's an absolute minefield. What do 9 out of 10 CEO's really know about IT security and the way things really work?It's okay until someone somewhere at an extremely high level loses some very sensitive data. It WILL happen....that will be the death of BYOD. Jos Creese said “There is a misplaced assumption that by allowing people to bring their own device you support every possible device known to mankind, now and in the future, and that you will support at the same sort of level of technical competence that you previously had when you were providing managed devices,” Sounds like he's had a lot of experience on the ground floor of an IT support department...NOT! Why don't they listen to their IT departments....after all they employ these people to do the job because they need IT people with experience and expertise.....Please try listening to them. I am not saying BYOD is totally bad, but I am saying it's being led and pushed from the top without consultation and discussion with IT and data protection departments. If you really must open a large can of worms do it with a can opener....NOT a sledgehammer!!

reggaethecat
reggaethecat

I don't get all the negative hysteria about BYOD. There is nothing to say it has to involve a company allowing users' virus-ridden personal laptops onto the internal network - I certainly wouldn't be happy about that. But do I care if the user wants to use their iPad or Android tablet to access work systems via Citrix or Remote Desktop? Or just to get their email delivered to their iPhone? Do I mind if the users use their home PCs to access email via Outlook web access? Do I heck - in fact we encourage it, it means the user can be productive wherever they are with the technology they are used to. Most of our users have desktop PCs which mean they stop work when they go home. If they want to check their emails on their mobile during the evening, why should we prevent them? The functionality is in Exchange to allow them to do that already via an HTTPS connection. What is the security risk? Set your central systems up to be secure, have a decent policy and let your users get on with their work they way they know best. BYOD is already here! What's with the hysteria?

Superar1960
Superar1960

Daddy brings in his home computer that he shares with little Jonny and Bad Gal Sall. Welcome to P2P Sharing, Infections, Dodgy software both in licensing and reliability. Welcome to Porn films because both Daddy and Jonny enjoy them. Daddy helps him self to corporate data so that he can work from home, an extract of the internal database relating to council tax arrears, later on Jonny gets yet more malware which sends that database extract into the public domain. OK, an extreme situation, the internal firewall will stop some of it, but once he gets home that's all gone. We recommend that "business" computer never shared with young people, generation Y, who just don't get accountability or information security. The lawyers and barristers must be rubbing their hands together, the security community are running scared, I hope the savings achieved will be stockpiled to pay off the law suits!!!!!

HypnoToad72
HypnoToad72

What is encouraged will increasingly become mandatory. And, since people aren't spending money, this is a good way for companies to earn profit - by delegating tool purchases to their workers. Meanwhile... While wages stagnate, college degrees needed for the jobs increase, as do the college costs, now workers have to bring in the tools to do the jobs - as dictated by the company. The company will want to put on its own software and may (or may not) provide a stipend in return for one using it. Did I mention one has to buy the product to be used first? I'm sure nobody will care. I mean, everybody will prosper - the large company will be more prosperous. Banks and credit agencies will prosper. And there will be more opportunities for all because of this, just like how offshoring has helped save our country from obliteration! (Unless your job and life has been displaced and you had to move to another state and trying to sell your home in the process for tens of thousands less than what it's worth but who said we were a society or community?) After all, decades ago, companies shifted workers from pension plans to 401ks and workers couldn't be more prosperous and happier today, no? Oh well.

TNT
TNT

Jos Creese echoes a common sentiment about IT, but I see it entirely irresponsibly used in this case. He states, "It???s absolutely essential that IT is seen as an enabler of business change and improvement, not a barrier to it." My question is: how does BYOD improve the work experience? Sure, it may be more fun for an employee to use their latest tech gadget to work, but is it as efficient? Is it secured? Is it backed up? Is it encrypted? Is it properly patched? Is there risk in permitting it on the corporate network? I hear user's all the time complaining that their work computer is so much slower than their home PC, but their home PC isn't running all the security and network options as their work device. Will users be upset when the company mandates those security applications be installed, thereby slowing down their personally owned device? BYOD is a terrible idea and it's not just IT that should be resisting it, any CEO concerned with worker productivity and keeping corporate data secure should resist this as well.

reggaethecat
reggaethecat

It's being led from the bottom by normal users. Also if your issue is with potential data loss, then USB sticks, DVDs, CDs, floppy disks, email, FTP -- not to mention printers -- all of these technologies would have been banned by large companies. They weren't.

HypnoToad72
HypnoToad72

Remember, we workers are not people. Just entities. Costs. It's going to be terrible for us, but at least the company can prosper. And that's the point of our economy. Good questions, BTW... Oh, as more workers and businesses go under due to the Great Contraction, will more large companies get more subsidies and bailouts from government, with the claim "free market with no government intervention is best" by the companies and their associates?

marc
marc

With the average live of many C-Level/VP/D-Level being 2 to 4 years they are becoming more attached to their personal devices rather than corporate devices. If we think the upward mobile professional isn't leaving with their Rolodex of contacts we got stuck in the 80's and if we don't think that trade secrets are not being shared because we have a firewall and IDS/IPS we are missing the point. The reality is many employees who are inclined to leave with data won't be stopped by a policy stating they can't BYOD because they will use Dropbox and USB drives or GMail to move the same data. Focus on securing the data at the sources and walling out unwanted access and segregation of duties but arguing against BYOD isn't going to go anywhere.