BYOD – or Bring Your Own Device (not Build Your Own Duck, as suggested by a bemused colleague recently) – is a phenomenon currently sweeping IT and business circles around Australia. The concept is quite straightforward: rather than issue uniform hardware across an organisation, just let an employee use their own at work. It’s a concept which flies in the face of the 20-plus years of IT management – however companies are beginning to dip their toes.
There are many organisations within Australia trying some sort of BYOD with varying degrees of freedom, including BUPA Aged Care and QLD Department of Education.
Generally, the mention of BYOD immediately polarises people into one of the two camps: excitement or terror.
There are many upsides to adopting BYOD in an organization which are extremely attractive to non tech managers and staff, like the ones listed below:
- The user can choose a device they want and are comfortable using
- A user doesn’t have to carry around 2 phones, 2 laptops and two tablets – as was my case when I worked in finance
- Management can save on costs by having the end user pay for hardware and usage. The Good 2011 – State of Technology Report showed that 50% of organisations made their employees pay for their own devices used at work
Naturally, there are a few of glaring concerns IT come across when dealing with a fleet of essentially wild devices:
- Lack of uniformity across devices used means IT support has to cover all bases from iOS to the 3,400,000 different and obscure versions of Android
- The user may be like my Mum and have absolutely no idea about looking after, securing or using the device. This, combined with the above lack of device uniformity, can turn the IT department into a troubleshooting line for all things electronic
- Version control is difficult
- Users could jailbreak devices, exposing security flaws and malicious software
Many organisations are taking a middle-of-the-road approach by allowing users to BYOD but by using mobile device management (MDM) such as Mobile Iron or AirWatch to manage it. This annoys the user though, as now they’re bringing their own device, however it’s being locked down by the organisation. So essentially, they’re lending a tablet which can be unlocked upon their resignation.
A currently-proposed alternative is looking at the device in a different way. With the availability of cloud and affordability of data, there isn’t really a need to permanently have data stored on a device in many cases. Users should be able to BYOD and have the required content delivered through applications that cache content as needed. As an example, a staff member of a business would need three key things from their device with varying degrees of commercial confidentially:
- Customer records (CRM) – highly confidential
- Marketing collateral – not confidential
- Pricing lists – highly confidential
The pricing lists and CRM can be stored within a secure application on a device which connects back to the server and is pushed data as required.
A typical disaster scenario would involve the staff member going out for a few wines on Friday after work and leaving his tablet at the pub. Unfortunately, it wasn’t a particularly courteous pub, so their device wasn’t returned. As soon as they realise their device is gone, they call the IT department and put a remote wipe on the CRM and pricing app. The second the device is switched on and connected, all work-sensitive data is erased. Unfortunately, the staff member would lose all of their photos and music as well as the actual tablet, which certainly isn’t remarkably good – yet that incident isn’t going to cause a privacy disaster for the employer.
BYOD is a concept gaining momentum across the business pace and various organisations need to have some sort of a strategy around how they want to tackle it. While it can be tempting to simply say no to BYOD or lock it down to the point where it basically becomes organisation’s property, the positives also need to be considered. At the end of the day, it all comes down to the organisation’s risk profile and willingness to adopt new technologies.