Technology, Cloud

Are there 5 top reasons CIOs should allow a Bring Your Own Device (BYOD) policy?

Blog-post by,
HP Blogger
,

I was reading a post from one of the security experts at HP titled: Top 5 Enterprise Security Challenges with "Bring Your Own Device." When it comes to allowing employees to use their own devices at work, there are some real support, data control and security issues, but the blog post made me wonder: Are there 5 top reasons CIOs should encourage a “bring your own device” policy?

This top 5 list would need to be divided into 2 categories: ‘what’s in it for the company’ and ‘what’s in it for the individual’

What’s in it for the company if they allow a BYOD policy?

1) Cost control – A flat, usage rate must be determined based on job function. If someone requires more than the allotted time, it is a personal decision on their part and they will be responsible for the overage charges. The warranty/repair costs will also need to be controlled and there can be no more “accidental” upgrades.

2) Morale – Most organizations are already supporting BYOD in one way or another, so why not implement an official policy and include BYOD as a perk for employees. A recent survey found that employee satisfaction was the greatest benefit for a bring your own device to work policy.

What’s in it for the individual if they are allowed to bring their own devices to work?

3) Productivity improvement – If employees are allowed to use a device that they want to use and are familiar and comfortable with, it stands to reason that they will be more productive.

4) Freedom – Most employees know which devices they really need to be productive, right? Personally, I love the function and format of the HP 2760p, especially when I’m traveling via a plane, and I can't wait to see how it handles Windows 8. If employees want to use both a cell phone with a data plan and a laptop with wifi together, that’s a choice they can make.

5) Flexibility – With today’s more mobile workforce, giving employees access to the information they need wherever they happen to be working that day is not only becoming an expectation, it’s a necessity for business success.

While the benefits of a bring your own device policy are numerous, there are still a number of downsides for the individual employee as it relates to being their own IT department, such as spending a great deal of personal time at Best Buy. But for many employees, those issues are minor and for others, they may just want to opt for the standard device.

I think when the hardware begins to understand the need for this dual personality operation and provides a few hooks to enable better support, this BYOD tidal shift will turn into a tidal wave.

Does your organization allow BYOD? If so, what benefits and/or pitfalls do you see with this policy as it relates to IT?

(3) (3)

Discussion
Would you like to comment on this content? Log in or Register.
cchehreh
Cameron Chehreh 21 Points | Thu, 01/12/2012 - 02:39

Excellent post...this is becoming pervasive enough that there is a strong rise of demand in classified environments for the same type of BYOD strategy. Depending on the approach applied, it can assist in your security posture and data strategy.

 

The predominant policy change we are exploring implementing a policy that states something to effect that if you were able to breach the secure VDI environment and downloaded corprate data to a private device you would be subject to the device being confiscated and subject to ITAR and export controls of corporate data. 

 

This is more of a policy and legislative issue rather than a functional one and really has applied to government contracting and use vice private sector corporations. Once again great post and thanks for the interesting topics John!

jdodge
John Dodge 1326 Points | Thu, 01/12/2012 - 18:33

Cameron, how is confiscation of personal and employee devices put into practice? It sounds hairy, but I suppose there's a choice: keep your device and or lose your job! I take it penetration of the VDI environment is easily detected, no?   

Robert.Litchfield
Robert Litchfield 3 Points | Wed, 11/02/2011 - 11:39

While all the concerns and advantages that have been mentioned in both the article and attached comments are real, this is more about a mentality shift for IT in the Enterprise. We probably all have individuals and complete teams that struggle to relax thier controls and allow our internal customers and partners to make technology decisions.

I belive the number one reason to allow BYOD is to force change within the traditional Entrprise IT organization. Through this somewhat controllable, and possibly even "fun" change, we as leaders are pushing our teams forward.

RJL

 

dbobke
Daniel Bobke 7 Points | Wed, 11/02/2011 - 03:18

I love most of the end results of BYOD (or T for technology) - flexibility and productivity enhancements, customer responsiveness, saying "yes" instead of "no" (this is a big one). The one thing not addressed so far in this discussion - either in the article or in the comments - is data security.

 

There must be concern for the balance between productivity and data security. Maybe Chris' white paper deals with the security challenges, but I am concerned that we have been pressured into sacrificing security for ease of use considerations. I don't think they are mutually exclusive, but I know that an enterprise's most valuable asset is their data.

 

I think it starts with a clear written policy that has buy-in from the top down and addresses implications of using a personal device. For example, if the device is lost or if the employee is terminated, the company has the right to wipe all data from the device - including your personal stuff in the case where there is no clear way to differentiate. Password requirements, encryptions, etc. - these all need to be addressed.

Chris_P_Intel
Chris Peters 6 Points | Wed, 11/09/2011 - 23:30

Daniel, We have realized that security can not be compromised to enable the productivity advantages of these devices.  However, we have found that we need to shift our security model from a binary yes/no trust model governing access to a multi-level tiered security model.

This new model looks at four primary factors when governing access to data and delivery model for the service/application -- the device (security & performance capabilities), the data (classification level), the person (role, need to know, etc), the location (country, network, etc).  The goal of this model is captured in a phrase our CISO uses called Protect to Enable.

Let me keep you reading :-) ... Some of these concepts are explained in this Intel IT best practice paper on Maintaining Information Security while allowing personal handheld devices in the enterprise

jdodge
John Dodge 1326 Points | Thu, 11/03/2011 - 14:31

"Buy in and policy from the top down..." That's the only way to craft an effective policy which is respected and followed. The creators have to be very careful to make their case and not come with oppressive strictures..."you can't have this...you can't have that...."

I have been on the receiving end of bad IT policy and would do everything within my power to circumvent the rules. IT has to be an ally of the end user, not its enemy. 

pcalento
Paul Calento 256 Points | Sun, 10/30/2011 - 18:10

The problem with BYOD ... is also why its so important. IT is reacting to significant (internal) customer demand (i.e. elusive IT-business agility) but doing so, often without a plan in place. The key is not only to provide Instant-On access (and security) but to figure out how to measure engagement with enterprise apps and corresponding productivity benefits. 

--Paul Calento

(note: I work on projects sponsored by EnterpriseCIOForum.com and HP)

Chris_P_Intel
Chris Peters 6 Points | Fri, 10/28/2011 - 05:47

Charles, Intel IT began allowing BYO personal devices back in Jan 2010 and we have seen a steady flow of demand for increasing choice. Today, we support over 27,000 handhelds in our environment and more than half are employee owned.

We have seen all the business value benefits you outline in this blog and our employees are reporting nearly an extra hour of productivity each day due to use of these devices (mostly phones and tablets today). 

BYO and IT consumerization is expanding at Intel IT as a first step enroute to a new compute model we see being driven by an extremely mobile workforce - we call the model the compute continuum.  Some more information about this journey can be found in this Intel IT best practices whitepaper.

http://www.intel.com/content/www/us/en/it-management/intel-it-the-future-of-enterprise-computing-preparing-for-the-compute-continuum-paper.html

jdodge
John Dodge 1326 Points | Fri, 10/28/2011 - 19:33

Chris, I scanned the white paper but did not see breakdown in the types and brands of handhelds and what's included. Would love to see that. Is a tablet a handheld? 

Chris_P_Intel
Chris Peters 6 Points | Wed, 11/09/2011 - 23:14

John, We are limited in our ability to publicly disclose who we do and don't use by internal guidelines.  However, as you can imagine given Intel's size and ww scope and given the BYO part of the program, we are supporting the large popular types and brands via this program as that is where the pressure comes from our employees for program support.

And yes .. tablet is considered a handheld (also called a companion device internally) and we do support tablets.

jdobbs
Joel Dobbs 310 Points | Thu, 10/27/2011 - 20:53

In many if not most organizations this is already happening to some extent whether the CIO realizes it or not. 

I am aware of at least one large company that gives employees a “technology allowance” with which they can purchase the laptop and/ or tablet of their choice.  They are responsible for all support, maintenance etc of the device itself. I have been told of another company that simply requires its employees to supply their own PCs and phones.  In the era of virtualization, especially desktop virtualization, this is likely a cost-effective option.

 

One place to look at how to make this work is academia.  Students bring their own gear to college and most schools provide clear, self-help guidance for how to securely connect to the university’s many on-line resources.  This generally works well and this generation of students, as they are entering the workforce, will be both familiar with and comfortable with assuming this responsibility in their place of employment.  In fact, I suspect that they will welcome it.

 

pearl
Pearl Zhu 89 Points | Thu, 10/27/2011 - 16:23

Hi, Charles, nice posting, I think BYOD is the phenomenal at the era of IT consumerization, also reflect the convegence of enterprise IT and comsumer IT, it may bring up the further security/GRC challenges for enterprise, on the other hand, as you pointed out, the advantage to improve productivity, cost control., etc would also beat the disadvantage, scenario planning could be the key. thanks.