Consumerization

BYOD: Tech chiefs still split on the benefits, concerned about security

CIO Jury: While bring your own device might be an idea that appeals to staff, CIOs are not so sure, as concerns about data security remain.

The bring your own device (BYOD) trend continues to gain momentum as execs at the top of businesses, and younger workers at the bottom, demand the right to use their own smartphones, tablets and laptops in the office.

But for CIOs, BYOD is a bit more complicated, as they have to balance the potential benefits of higher productivity and lower spending on hardware with the risks to corporate IT security.

When asked, "Are you encouraging the use of BYOD inside your organisation?" TechRepublic's CIO Jury was evenly split, with some CIOs keen to roll out permission for employee-owned gadgets accessing their systems, while others taking a more cautious approach.

Adam Gerrard, group CTO, The LateRooms Group, was enthusiastic and pointed to an unexpected side benefit: "We actively encourage BYOD. With such a complicated array of devices available to consumers, a BYOD policy that provides control and security yet still offers enough flexibility to remain attractive means we have effectively amassed a large number of testers.

"They now provide us with a fresh customer perspective on the performance of our consumer applications in the real world, as well as highlighting potential areas for improvement in our products."

Gavin Megnauth, director of operations at Morgan Hunt, said the security and management tools for BYOD "are coming of age," and security of core systems and data is understandably a priority for CIOs.

Brian Wells, associate CIO at Penn Medicine, said his organisation insists users install its mobile device management package to gain access to corporate resources. He added: "We must maintain [Health Insurance Portability and Accountability Act] compliance and the ability to track and kill/wipe lost or stolen devices."

Graham Yellowley, CTO of equities, risk and client service at LCH Clearnet, said: "We are encouraging the use of BYOD - but only for Apple's iPad at present as we have included this device within our standard device list and have the ability to support it fully."

Shawn Beighle, CIO at the International Republican Institute, said BYOD was part of his future plans: "We will be opening up the use to whatever smartphone staff wish to use [in the first] quarter 2013, then we'll move onto tablets shortly thereafter. Laptops - that's going to take a while longer."

Similarly Richard Storey, head of IT at Guy's and St Thomas' NHS Foundation Trust, said: "We are conducting a high-level design to provide the environment necessary. Small-scale testing is underway to contribute to a determination of the right security model needed."

Afonso Caetano, CIO at J Macêdo, said BYOD is permitted once the employee agrees with the adaptation of the equipment for the internal processes of information security. But he added: "Most employees don't realise some advantage with that and end up carrying the two devices daily."

And not all CIOs were so keen on BYOD. Mike Roberts, IT director at The London Clinic, said: "The concern is both the Data Protection Act/Patriot Act and who is responsible for accessing the applications. If we do not own and maintain the access device, we cannot guarantee that patient data is properly maintained and secured."

John Robinson, director of technology at Bloomfield Public Schools, said: "We have added capability for users to connect their own devices natively for email, but are still evaluating the security implications of allowing access to other systems on the network."

This week's CIO Jury is:

  • Shawn Beighle, CIO, The International Republican Institute
  • Afonso Caetano, CIO, J Macêdo
  • Adam Gerrard, group CTO, The LateRooms Group
  • Jerry Justice, IT director, SS&G Financial Services
  • Gavin Megnauth, director of operations, Morgan Hunt
  • Jürgen Renfer, CIO, Kommunale Unfallversicherung Bayern
  • Mike Roberts, IT director, The London Clinic
  • Joel Robertson, director of IT, King College
  • John Robinson, director of technology, Bloomfield Public Schools
  • Richard Storey, head of IT, Guy's and St Thomas' NHS Foundation Trust
  • Brian Wells, associate CIO, Penn Medicine
  • Graham Yellowley, CTO of equities, risk and client service, LCH Clearnet

Other members of the CIO Jury pool also made their opinions heard on BYOD.

Kevin Leypoldt, IS director at Structural Integrity Associates, said: "I am not sure I would use the term 'encouraging'. I think that we are more than tolerating BYOD, but not launching marketing campaigns in its favour. We have policies, procedures and instructions for configuring and using personal devices. It's been incorporated into our on-boarding and training agendas. However we are not asking or encouraging our users to bring/use their own devices."

But Smith C Scott, director of technology at 32Ten Studios, said the security, management, support and liability for the device "are all too difficult to parse".

Meanwhile John Gracyalny, VP IT at SafeAmerica Credit Union, said: "I can't imagine it ever being allowed in our industry - banking - due to security and privacy regulations. We do, however, provide a wi-fi connection via a DSL circuit that does not touch the corporate network anywhere, for senior managers and board members who want access for their smartphones and tablets. They can get to the net, but not to our systems."

Want to be part of TechRepublic's CIO Jury and have your say on the hot issues for IT decision-makers? If you are a CIO, CTO, IT director or equivalent at a large or small company, working in the private sector or in government, and you want to join TechRepublic's CIO Jury pool, or you know an IT chief who should, then get in contact.

Either click the Contact link below or email me, steve dot ranger at techrepublic dot com, and send your name, title, company, location, and email address.

About

Steve Ranger is the UK editor of TechRepublic, and has been writing about the impact of technology on people, business and culture for more than a decade. Before joining TechRepublic he was the editor of silicon.com.

Editor's Picks