Allowing Personal Devices At Work: A Faustian Bargain?
Progressive CIOs and their organizations can realize big benefits, but tread carefully.
The rapid growth in mobile device usage is creating a tsunami of change for CIOs and corporate IT departments. A growing number of CIOs are embracing mobile device management programs that let employees "bring your own device" (BYOD) to work. But are they unknowingly making a Faustian bargain, compromising corporate security and by extension brand loyalty and customer good will?
Resistance to BYOD may not be futile, but it will get more difficult as employees insist on using the tools they need to succeed. The worldwide mobile phone market grew about 65% in the second quarter compared with a year ago, according to IDC, which forecasts that the smartphone segment, led by Apple, will grow 55% this year compared with 2010.
That rapid growth hasn't gone unnoticed by corporate IT departments. In a survey of delegates at a recent SC Magazine conference on mobile device management, 60% said they supported a BYOD policy, while 32% were planning to support one in the future. So BYOD is happening, for at least a couple of good reasons:
Reduced IT hardware and support costs. A BYOD policy lets companies shift some portion of the cost of mobile devices to their employees and contractors. Companies may get additional cost savings by reducing training and IT support.
Increased employee productivity. The theory, at least, is that employees who use the devices they're most comfortable with are happier, more productive employees. And rather than have to rely upon the traditional IT organization's command-and-control procurement policies, employees in a BYOD world move to the latest device at their own, faster pace.
While a BYOD policy offers companies seductive promises, you can't ignore the ever-present risks, including:
Exposing sensitive data. As employees use more and different mobile devices in various settings, they're more likely to lose those devices or have them stolen.
Introducing malware to the corporate network. If CIOs thought it was difficult to maintain network security with standardized devices via controlled access, just wait until their departments have to work with a multitude of non-standardized devices connecting to the corporate network, perhaps without all the proper security updates applied. .
Greater need to control network access and ensure data privacy. When employees leave an organization, or they lose a mobile device, corporate IT will need to quickly terminate network access and restrict access to corporate data residing on the device. Additionally, corporate data must be protected and segmented at all times from the employee's personal data stored on the device. .
Despite all the risks, a BYOD policy is a valuable opportunity for CIOs to position their organizations as value adders and revenue drivers instead of fat cost centers that can't keep pace with business needs.
The first step is to develop a mobile device management policy that clearly states usage and data privacy expectations. That policy should include provisions for:
Data security--ensure that corporate data is kept separate from personal data. Most mobile device management software provides a protected sandbox for corporate data.
Device diversity--state which devices will be allowed and which not. BYOD doesn't necessarily mean any and all.
Cost--state clearly which items the company will pay for and set limits on reimbursements.
Access controls--identify how devices will be provided to employees. Employees should understand their eligibility.
The second step is to implement supporting technology to manage and secure both corporate data and the mobile devices that data resides on. Two software vendors, MobileIron and Good Technology, provide a good starting point when evaluating mobile device management solutions. Other MDM software vendors include Zenprise, AirWatch, and Mobile Active Defense.
Progressive CIOs need to evaluate BYOD carefully. Big benefits await those who manage it right.
Michael Belak serves as the CIO of Metropolitan Regional Information Systems, the largest online listing service for residential real estate in the United States. Previously, Belak served as CIO of the District of Columbia, Department of Public Works, and has held senior leadership positions with Marriott International, NASDAQ, General Electric, and IBM. Write to him at email@example.com.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.