How many articles have you read that praise the virtues of various Bring Your Own Device (BYOD) initiatives? Probably a lot and, if you're an avid TechRepublic reader, you may have even read one or two authored by yours truly. However, being the open-minded, pragmatic fellow that I am, I realize that there are two — or more — sides to every technology and support decision. So, in this space, I'm going to discuss a few reasons why you don't want to embrace BYOD, particularly as it pertains to mobile devices.
Disclaimer: Obviously, there are ways to overcome some of the challenges I describe below, but overcoming them implies that there will be an expenditure of time, money, or both in doing so.
Perhaps one of the biggest challenges in many BYOD initiatives comes from the need for IT to potentially add a plethora of devices to their already burgeoning support load. While some organizations will attempt to place restrictions on what devices can be supported, once the BYOD door is opened, it's very difficult to rein it back in.
Organizations that are considering BYOD initiatives must think carefully about the hidden costs inherent in these initiatives and decide if the benefit is worth the added burden to the IT group. It make more sense to simply say no to BYOD and allow IT to add value to the organization in other ways instead.
New licensing costs
Do your existing software licenses include the ability for you to install software on employee-owned devices or to consume software through employee-owned devices? Even something straightforward, such as accessing a VDI-based desktop from an iPad, could place your organization in licensing jeopardy.
Don't forget that any mobile device management systems that you purchase will need to be extended to deal with employee-owned devices. When the company was providing devices, there was some control in this area, but there's the potential for the floodgates to open once BYOD comes to town.
On the app front, employees are able to download and use any and every app under the sun. How will you handle reimbursement for such apps and what happens to them when the employee departs the company?
New data security issues
Do you like your data snug and secure on devices that you control? With BYOD, you could have company data running around on a myriad of devices and be none the wiser. Story time: I have a friend of a friend who works in the mental health field. She was very pleased that she could carry around all of her patient files on her iPad so that they were accessible wherever she went. I asked how she did this, and she named a common iPad app that just uses regular PDF files with no additional security or encryption.
When you control the devices, you can control how their security mechanisms work. When someone else controls the device — and particularly when they own the device — it become much more difficult to secure the device and the data on it.
Once you open the BYOD floodgates, imagine this scenario: An employee saves mail in non-standard ways to his personal device, which synchronizes with the corporate mail system. What happens if the company receives a discovery order? Do employee-owned devices now fall under this order? If so, how do you handle what could be messy logistics?
Now, what happens when an employee loses a personal device that has a bunch of corporate information on it? Who will hold responsibility for that loss? Does the company get bad PR and a class action lawsuit and/or is the employee held legally liable?
Anytime new devices are brought into an organization in an unstructured way, new potential is created for the introduction of malware across the organization. With employee-owned devices, it's not inconceivable to envision the ease by which malware can be carried behind the firewall, particularly on devices that can plug into a PC's USB port and look like a standard storage device.
If you think this article is all doom and gloom, don't lose hope! These are a few items that simply must be considered by organizations that plan to undertake BYOD initiatives.
Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive with CampusWorks, Inc. Scott is available for consulting, writing, and speaking engagements and can be reached at email@example.com.