What’s the real future for Bring Your Own Device? And what does this mean for Cloud Service Providers?

What is Bring Your Own Device?

Bring Your Own Device (BYOD) is a term coined to encompass the growing trend for employee owned devices – tablets, smartphones, notebooks – to be used in the workplace. The main drivers for the trend have been:

  • the ‘consumerisation of IT’
  • increasing need for mobility/ mobile workforce

Who pays for BYOD?

Sometimes an employer will pay a subsidy towards the cost of the device. Full reimbursement schemes are rare. Anecdotal evidence seems to suggest many employers are moving towards ‘choose your own device’ schemes, where employees are able to select a phone or tablet from an approved list. Best practice for BYOD is considered to be for the employee to pay for the device but the employer to subsidise the payment for the service plan.

What are the benefits of BYOD?

The benefits for the organisation are a reduction in the cost of hardware – since the employee is picking up the tab for buying their own device – and an improvement in employee morale – since employees have greater choice and are able to use their own preferred devices. It is also argued that it helps to support or create a more mobile workforce.

What are the downsides of BYOD?

The main concerns associated with the adoption of BYOD schemes have focused on security and interoperability.

What risk does BYOD present in terms of interoperability?

Inevitably, if the business must support multiple types of devices, running multiple operating systems, with no version control, significant challenges in terms of interoperability will result. This has led to some arguing that BYOD policy must be seen as primarily an applications strategy rather than a purchasing policy.

For example, Darryl Carlton, a research director at Gartner, has argued: “Designing your applications to meet the demands of BYOD is not the same as setting usage policies or having strategic sourcing plans that mandate a particular problem. BYOD should be a design principle that provides you with a vendor neutral applications portfolio and a flexible future-proof architecture. If the applications exhibit technical constraints that limit choice and limit deployment, then the purchasing policy is irrelevant.”

If businesses are willing to approach BYOD in this way, he argues, then they will be far better able to support the changing nature of the diverse and mobile workforce.

What risks does BYOD represent in terms of security?

BYOD presents significant challenges in terms of security. Part of the problem is that corporate IT has less oversight of these devices. Part of the problem is that corporate IT is unable to exercise control over these devices. Another issue is that the user will make choices that the CIO might not. And the biggest problem is data. The risk of data leakage is a problem with mobile applications. Data may be duplicated between applications and the cloud, and there are no audit trails or even oversight of the applications used.

How have businesses approached the BYOD trend?

Initially, BYOD was seen as a problem that could be addressed by mobile device management solutions. However, the ‘nexus of forces’ of social, mobile, cloud and information has changed the nature of BYOD.

It is no longer an issue of employees bringing in their favoured devices but also of deploying their favoured applications and software as a service (SaaS). This has been dubbed ‘bring your own applications’ (BYOA). It has meant that BYOD has transformed from a problem of device management to a problem of managing applications and, most importantly, data.

Daryl Carlton again: “For CIOs to consider BYOD activities within their organisation to be a temporary problem generated by a few disaffected employees would be a tragic mistake. This is a leading indicator of change for which an appropriate response is required. Reasserting control is not an appropriate response. This is a permanent and irreversible shift in the way that IT is procured and implemented to support the organisation, suppliers and customers.”

What can businesses do to manage BYOD?

While some analysts have suggested that IT should be ceding control and starting to play the role of enabler, there isn’t much evidence to suggest this is happening on the ground. Battening down the hatches is a more common response. For example, one recent survey suggests that more than half of organisations block access to file sharing applications – Morgan Stanley being the latest to announce it is blocking Dropbox.
Because of the changes to the way IT is procured – with individual users expecting to freely download and install apps – one approach has been to introduce corporate App stores to provide access to essential business systems and encourage employees to choose only from a list of approved applications.

Desktop as a Service (DaaS) is also gaining traction as good way of allowing for a free choice of device while solving problems of security and minimising problems of interoperability.

How widespread is BYOD?

According to a 2013 global survey of CIOs conducted by Gartner, 38% of companies expect to stop providing devices to workers by 2016. However, it is worth noting that – as well as reporting expectations rather than reality – this is a global survey and BYOD take-up has been higher in BRIC countries.

In the UK, a 2014 study from CompTIA, the ICT trade association, has found that the actual figure is much smaller: only a very small percentage of firms (4%) have embraced a full BYOD (bring your own device) policy, where employees provide all devices.

The same survey found that half of British companies do not allow employees to use any of their own devices at work, because of “a lack of resources” and “a failure to balance the needs of employees and those of the IT department”. Over half of UK companies still handle all mobile device deployment and do not allow outside devices.

It is worth noting, however, that the figures from the CompTIA survey are skewed around corporate policy. Numerous commentators have argued that just because corporate IT aren’t sanctioning BYOD doesn’t mean it isn’t happening.

Why is BYOD important to Cloud Service Providers?

Discussions about the BYOD phenomenon inevitably get tangled up with ‘cloud’ before long because of the way SaaS has changed consumer IT (and, increasingly, corporate IT). SaaS has been a powerful element in both driving the demand for BYOD/ BYOA and increasing the complexity of the BYOD (turning it into an issue that must encompass BYOA).

Cloud has changed the route to market for all hardware and software manufacturers and, consequently, is a powerful force in all corporate IT decision-making. Significant opportunities exist for cloud service providers to help organisations meet the new demands that BYOD places upon them – whether in the form of DaaS provisioning or delivering the ‘vendor neutral applications portfolio and a flexible future-proof architecture’ Carlton calls for.

What is the future for BYOD?

Some analysts have predicted a ‘backlash’ against BYOD as corporate IT attempts to reassert control. Other organisations have attempted to plot a middle ground – specifying some acceptable platforms, devices and applications while discouraging others.

However, it seems clear that organisations need to address the continuing demands placed upon them by the increasing consumerisation of IT and the increasingly mobile and diverse workforce – however this debate is framed.

What should I be doing about BYOD today?

Every organisation has different requirements and security concerns. BYOD strategy will need to address these whilst also attempting to meet the mobility, and access requirements and device preferences of its employees.

Communication and HR strategy needs to support BYOD policy and ensure all employees understand what they are entitled to, what they are legally responsible for, and what is expected of them.

The advice of analysts is to look beyond the financial / purchasing implications of BYOD to reimagine the way applications, data and security need to be managed to support an increasingly mobile workforce and diverse platform environment/ device pool.