Bring Your Own Device (BYOD) — the use by an employee of his or her personal device — is increasingly popular. It has become feasible since consumer devices have equaled, and in some cases surpassed, corporate devices in power and functionality.

GetVoIP has covered this issue before. Early last year, Michael Ventimiglia took a look at the advantages and disadvantages of BYOD, which represents a radical departure from the way in which IT departments ran things before.

Clearly, losing control is not IT’s choice. But it became inevitable once Apple and the other smart vendors set their sights on the mobile sector. The parameters of the debate aren’t whether to implement BYOD or not: The reality is that every company is a BYOD shop, even if it has no policy or even officially prohibits it. People use their smartphones and tablets to do their jobs. Nothing is going to stop them. The real question is how organizations are going to deal with this reality.

So, if BYOD is inevitable – if it’s a done deal — why is it necessary to outline BYOD’s pros and cons?

There are two reasons. The exercise provides decision-makers with the information they need to determine how deeply to embrace the approach: Is it something to be recognized as inevitable and controlled — but discouraged? Is it something to be proactively embraced?

The second reason to discuss the pros and cons of BYOD is to make it far easier to determine what should be in a corporate policy. Certain organizations allow BYOD, but that they don’t make it a requirement. Furthermore, business data on devices should be password protected to prevent obvious issues that may arise.
The Case for BYOD…
The argument in favor of BYOD is pretty simple: It slashes Capex. Every employee who brings his or her device to work is an employee who doesn’t need to be given one by the organization. In addition, these folks have their own data plans and are responsible for fixing broken devices and replacing lost ones. It’s a winner from that standpoint.

Employees also will use their own devices more readily. People like their phones and tablets. That’s why they bought them. It follows that empowering them to use their own will drive productivity beyond use of a mandated device. Even more subtly, people may use their own device even if given company “corporate-liable” device. A corporate calendar app, for instance, may be bypassed for the more familiar calendar on the personal phone. Thus, the company may believe that the employee is using an app that has corporate-grade security and links to all the right back-end databases – it’s on the phone he or she has been issued, after all – while in fact he or she is using a free (and perhaps vulnerable) app from Google Play. The better approach is just to acknowledge that employees will use their devices and plan accordingly.
…And Against
The case against BYOD has been gaining much more notoriety. It took a while, simply because the idea of saving all that capex struck an understandably responsive chord in the hearts and minds of CFOs and CEOs. The reality, though, is that the case against BYOD is very strong. It centers on control and the value of centralization.

An organization that relies on employees’ devices has to do one of two things: Concede it simply will play second fiddle to the personal life of the employee  — who, after all, owns the device — or insist that he or she cede some control through virtualization products that create separate “instances” of the owner’s identity. Neither of these is ideal. Though BYOD initially was seen as a capex hero. It is. It also can be an opex villain. In many cases, the employee is reimbursed for the cost of their plan. That aggregate cost likely will be greater than plans negotiated for a large number of corporate-owned devices. Organizations also must rely on employees to get devices fixed or replaced.

The bottom line is that the big savings in capex is neutralized by the increases in opex. BYOD also generally is messier and less efficient.

Focusing on Security
The inefficiency of BYOD may create significant problems regarding security. Trent Telford, the CEO of data security firm Covata, said that the security focus needs to shift – and slowly is — as corporate America’s understanding of BYOD evolves. By and large, organizations now have their arms around the fact that protecting devices is secondary. The important job is to protect the data that they store and traffic. “From our point of view it’s about protecting the data itself,” Telford said. That’s an important change. To a great extent, the emphasis on data and not devices changes how the entire mobile enterprise is structured and managed, whoever owns the devices.

Healthcare is a leading indicator great proving ground for new techniques because the integrity of patient records is paramount. This means that it had to pay attention to the dangers of mobility and BYOD much earlier than less scrutinized sectors.

HealthITSecurity this week posted a list of five security “must-does” for BYOD: staffs must be well trained; mobile device management (MDM) technology must be in place; remote wipe capabilities must be available in case devices are lost or stolen; encryption and authentication must be in place and policies that fit the organization must be implemented.

BYOD can be a great thing or a big problem. All organizations must plan for it – whether they are a BYOD shop or not.

BYOD for Business: Video


Image via Flickr: Arne Kuilman

About the author: Carl Weinschenk is an IT and telecommunications reporter. On a contract basis, he is the Senior Editor of Broadband Technology Report and a contributing editor to IT Business Edge. He also runs The Daily Music Break, a music website.