How could anybody have made it through college not knowing the meaning of the acronym BYOB? While some argue that it means bring your own booze, and others insist it means bring your own bottle, it comes down to the same thing as far as the party host is concerned: You can never be sure in advance what drinks people will bring and how many. You have to be ready for a full range of possibilities.
These days, IT departments are using the term BYOD with increasing frequency. It stands for Bring Your Own Device, and it presents the same problems to CIOs as BYOB did to party hosts in college. With such a range of devices potentially connecting to the corporate network, how can IT guarantee security or specific levels of service?
Before answering that question, let’s consider how this movement toward consumerism came about.
Two things are driving the trend toward BYOD. The first is that nobody wants to have to carry around two phones, and many people are attached to the device they use at home, so employees ask to use personal handsets at work.
The second driver of the BYOD wave is that companies don’t want to buy smartphones for all employees, so they ask people to bring their own device if they want access to mobile voice or data services. A common variation of this case is where the company provides an allowance for employees to buy the smartphones of their choice.
Wherever it’s coming from, there’s no fighting such a big wave. Recognizing the progression toward blending personal and business use of technology, the more forward-thinking companies are already writing rules and guidelines for BYOD into their mobile device usage policy. And they are relaxing rules to accommodate personal devices for at least some services.
Companies that embrace BYOD are cutting costs in at least two ways. The first is that employees usually share at least some of the expense of buying the device. The second is that less training and support are required. The employee chooses the handset usually because he or she is already familiar with it and doesn’t need to be shown how to use it.
Before accepting BYOD, the IT department should answer the following seven questions:
1. When employee-liable devices hold sensitive corporate data, will the IT department have the right to perform a partial or full device wipe?
2. When data is automatically backed up from mobile devices by a management platform, does the platform have to distinguish between corporate data and personal data on the handset?
3. Can IT be sure that all devices are running adequate virus protection software?
4. Can IT be sure data is adequately encrypted on each device?
5. Under what conditions will devices be allowed VPN access?
6. What platforms must be deployed to render application content on a variety of device types, with different screen sizes and characteristics?
7. How much support should IT provide for employee-liable devices?
Once a company has satisfactory answers to these questions, they’re ready to embrace BYOD without compromising service levels or security. If doubts remain, a simple solution is to provide only limited access to handsets that aren’t on the IT department’s preferred list.
In college, BYOB made it easier for people to be sure they would be drinking what they wanted at a party. At the same time, this practice relieved the host of the burden of paying for everybody’s drinks. Similarly, BYOD allows people to bring their favorite device, and it reduces IT costs. As long as everybody is prepared to handle the variety, there’s no reason for companies not to jump on the bandwagon.