Consumerization

Bring Your Own Device: Risks and rewards

With BYOD, there is risk and reward, an ongoing conversation and a lot of running around with your hair on fire to get it to function at scale in the enterprise but it might just be worth it in the end.

The invasion has begun. In fact, it may already be over and you didn't even know. Personal mobile devices are already functioning within your organization, accessing email and calendar, using your wi-fi and harboring corporate data. The question isn't about allowing or denying access anymore, the question for today is about management.

One of the more popular concepts grabbing the enterprise around mobile management is Bring Your Own Device or BYOD. The BYOD "revolution" as it's called is only revolutionary for IT departments that have to grapple with an unknown quantity of devices literally penetrating the organization every morning. IT complexity is further driven by the variance in the security and conformity of those devices with established norms, if such norms even exist.

Users often have multiple devices and those devices rarely match any preconceived ideas about what a "standard" device might look like within the organization. Just one scenario from the infinite variety of possibilities looks like this: Devices can enter the enterprise jailbroken/rooted in an attempt to make the device more functional on a personal level. These devices can run myriad apps that IT can't even begin to keep up with. Rooted/jailbroken devices will attach to your network just as readily as "clean" devices. Enterprises everywhere are scrambling to keep up with changes this rapid.

Many organizations are choosing an open BYOD policy with varying results. Bring Your Own Device essentially means that organizations are allowing employees to utilize whatever personal mobile device they wish to accomplish work tasks. The attractiveness of BYOD is difficult to argue from a leadership perspective. It makes IT look like the hero-squad, it might cut costs and streamline spending on corporate mobile. And BYOD alluringly pretends to reduce support requests, which it doesn't. That is the proposed reward but what is the risk?

Perceived risks on the employee side of BYOD look something like this: shifting business costs to employees for mobile data, removal of existing stipends, the expectation of higher availability of employees after-hours, possibly a big-brother scenario with wiley managers monitoring angry-birds high scores and reduced support for devices when things aren't working properly. In reality the term "employee risk" is actually a misnomer and might be more rightly called "employee disquiet."

As with any corporate conspiracy there is always the faint scent of truth. There are cost savings to be had—studies do show that staff are more productive when allowed to use mobile devices to keep in touch with the office and support for a wider variety of personal devices may mean fewer tools to assist from an over-driven help desk, at least initially. As far as big brother goes, I'd be more worried about your carrier than your boss.

On the corporate side, risks associated with mobile are myriad. At the forefront is this sad fact - BYOD doesn't mean that the organization will be able to make any device work; there are limitations. There are limitations around OS functionality, security requirements and even compatibility of some core features like mail if corporate platforms don't utilize ActiveSync. The first and most unpaletable risk is how to say no in an open environment when it appears that "everyone else" has a phone that works fine. How do you tell your manager that you are very sorry but her particular phone just won't cut it in the office and there's nothing you can do?

Clear policies around mobility are the ultimate answer but policies can't cover every present and future variegation of platform, OS and compatibility in the market space. Policies tend to say, "Our organization supports the following mobile device platforms" when it should read something like a rolling history of the mobile phone. Such a granular policy is far too impractical to implement.

Take for example the fact that in the market right this very instant there are no less than seven versions of Android OS floating around in the pockets and purses of managers and employees alike. A policy statement that naively says that the enterprise "supports Android X and above" is already headed for trouble. As proof I enter into evidence the Kindle Fire with its proprietary version of Android and it's new Silk browser which is untested in the enterprise.

Corporate risk looks like a rather large additional load on wi-fi networks, tighter lines of defense around corporate commodities like e-mail and file servers and help desks suddenly being asked to play Genius Bar for problems that aren't directly related to office productivity. Then there is the greatest risk of all, the obvious trust that the organization is placing with the employee not to transition potentially sensitive corporate data out of the organization via mobile. This is just the beginning of the discussion points between the two parties.

I bring up the discussion of risk from these two perspectives because there is a conversation to be had here between the organization and its employee. The BYOD craze is ultimately about building a strong partnership between employer and employee to mutually agree to a way of doing business that may ultimately benefit both parties with better agility in the marketplace.

The employee assumes some risk and possibly some cost, if say using a personal data plan for work causes her to bump to the next tier on the carrier's plan. The organization may attempt to mitigate some of this by offering a stipend program but even this is a trade-off of for both sides. Stipends cost everyone in time and effort for submitting expenses and additional load for the business office in processing and validating each employee's mobile line items. All of this precedes the actual pay out of course.

The conversation needs to happen. This isn't a time for command-and-control from IT or fairy-tale deliverables from leadership. BYOD is ultimately an ongoing dialog between two partners in business and it needs to be viewed as such. The old way of looking at mobility has passed into digital history. The new conversation is about empowering as many people as possible to contribute to the business by being more responsive, more agile and more connected to one another and the work. This idyllic view can only be leveraged in the organization when the conversations happen.

Next steps then are to pull together groups, figure out needs and take a good hard look to see if BYOD is something that your organization wants to embrace. It's not for everyone and it is likely to bring more complexity than you bargained for at first. Many organizations that engaged BYOD early are backing away to a position of corporate liable devices. Others are embracing the savings and flexibility available to them with BYOD and trying to mitigate the additional risks, on both sides of the table. Ultimately there is risk and reward, an ongoing conversation and a lot of running around with your hair on fire to get BYOD to function at scale in the enterprise but it might just be worth it in the end.

Editor's Picks