BYOD and consumerization of IT

The state of information technology in the workplace has shifted significantly in a short amount of time with the advent of “bring your own device,” or “BYOD,” a policy where employees use their own computing devices; whether that means laptops, smartphones, tablets, or other devices; on the corporate network.

BYOD is a trend that represents the consumerization of information technology. As business users become more aware of, interested in, and attached to certain types of computing devices, their expectation grows to use these devices for work purposes and introduce them into the workplace network. This relatively new development will be analyzed herein via an overview of the evolving trends in users’ expectations; an analysis of IT managers’ concerns, including support, data security, and network security implications; an exploration of business leaders’ estimations, and a reconciliation of these points of view via an interpretation of survey data, case studies, and opinion pieces, to establish an understanding of current and future feasibility of BYOD in enterprise environments.

Trends in Expectations

In order to understand the relatively recent advent of the BYOD phenomenon, it is first important to understand the modern history of personal computers in the workplace, particularly as it relates to the larger changes in U.S. business culture that eventually led to today’s situation. Before PCs became common workstations, most companies were equipped with terminals that connected directly to the local network server and had no outside capabilities. Employees at the time largely could not perform any functions on the terminal except those set up by the company for use with its own software.

The situation then changed dramatically with the introduction of PCs functioning as workstations or terminals. In addition to connecting to the mainframe, personal computers were also able to run other software that business users may have been familiar with on their own home PCs, such as Microsoft Windows and its many popular applications including Office. With access to the Internet included in the workplace, web browsers allowed business users to access the full slate of applications, websites, and services that they were becoming used to at home. The overlap and blend of functionality from personal computers at home to those at work led to a level of comfort with the technology among business users that had not existed previously. The Internet transformed both the workplace and the home, connecting together two environments that were once distinct to each other and with the rest of the world (Wallace, 2004).

At the same time, the workplace culture itself was in the process of changing from more top-down control to more individual empowerment, with middle management on the decline and an increased focus on employees that can rely on themselves. Along with these cultural changes, consider the exponential increase in the popularity of laptop computers and the introduction of mobile devices such as smartphones and tablets over the last decade, and business users were ready to take control of their own technology – but IT managers were not yet ready to relinquish control of company-owned computers, which business users began to find restrictive, in that corporate policy, not the availability or capability of technology, became the limiting factor to them utilizing those devices to their maximum potential. Younger employees who had grown up around much of this modern technology also found themselves entering the workplace with different expectations than some previous generations. The combination of these technical and cultural factors led to an increased demand, and eventually the realization, of employees being able to “bring their own devices” to work, connecting their personal computing devices to the corporate network. Business users began to change the landscape at work, whether IT managers were ready for it or not (Gruman, The real force behind the consumerization of IT, 2012).

Recent statistics suggest employees are adopting BYOD at a rapid pace, leading their companies to adopt changes to some long-standing IT policies. Microsoft conducted research around the same time that determined 67 percent of employees reported they are already bringing these devices onto their workplace networks, some of whom doing so without the official stamp of approval from their company, and 40 percent consider it very important that they are able to put those devices to use for work purposes (Jones, 2012). Among just smartphones alone, 46 percent of employees are already using their phones for work purposes, according to research by iPass (Poeter, 2012). According to additional data gathered by Aberdeen Research, 83 percent of companies as of July 2012 allowed their employees to bring their own mobile devices such as smartphones and tablets onto their corporate networks (Gruman, 3 rules for doing BYOD right, 2012). Gartner predicts that by 2014, more than 90 percent of companies will not only allow employees’ personal mobile devices to be used on the corporate network, but will allow access to internal network applications through those mobile devices as well (Guerra, 2012).

Looking to the future, it is likely that companies in all industries with the exception of high-security fields like national security, law enforcement, and defense, will adopt BYOD policies (Gruman, 3 rules for doing BYOD right, 2012). Business users have brought about something of a technical revolution in the workplace, and companies as a whole are beginning to take the lead from these changes in the technological environment to foster a new way of thinking about business productivity into the future, so it is now up to IT managers to deal with the reality of the situation at hand (Woods, 2012).

Implications for Leaders

While individual business users took advantage of changing technology to make workplace changes for themselves, IT departments at companies were faced with the task of managing an ecosystem of devices that were well outside the largely identical, predictable range of devices they had originally planned to support.

When employees first started to bring their own devices to work without receiving approval, many companies started with the reactionary step of banning any devices not issued by the company from joining the corporate network, then only slowly and individually approving exceptions for certain business users to have access to a VPN, or virtual private network, which would allow them to connect to the company’s local network on those devices they had specifically approved (Gruman, 3 rules for doing BYOD right, 2012). Processes like these quickly became unsustainable at some companies, leading some 53 percent of companies as of August 2012 to allow any employees’ devices to join the corporate network without specific prior approval as long as the employee provides the necessary login credentials, according to a Trust in Technology survey (Jones, 2012).

It was not easy for IT managers and business leaders to come to the decision to support BYOD – just as it remains difficult for the remainder of companies that have not yet added it to their technology policies. There are several concerns that IT managers have had about allowing outside devices to access company networks – some of the most often cited concerns include supporting business users’ vast array of devices, making sure the data that reaches those devices is secure, and making sure the corporate network remains secure from external threats. While those legitimate concerns exist, business leaders found a compelling case for implementing BYOD policies, including cost savings, taking advantage of modern technology more quickly, and increases in employee productivity by way of independence (Jones, 2012).

Potential Concerns

The first concern among IT managers was supporting a wider range of devices, some of which fell outside the expected array of devices that they were prepared to support. Mobility services firm iPass conducted research that suggested companies are concerned about increased responsibility to support devices with which IT staff might not already be familiar (Hendrikse, 2012). However, it is possible for companies to scope out and define which types of devices they will support and create a sustainable support plan, while clearly communicating to business users which devices will be supported by the company. It would then be up to employees to make sure they select personal devices that IT staff is equipped to handle. Although companies might not be able to inspect every device personally, this kind of additional communication could dramatically reduce support costs as long as the company plans to support most popular devices and the majority of employees cooperate with the guidelines (Ho, 2012).

Once companies create a plan to support a greater range of devices, they must prepare to deal with unpredictable situations – particularly, what will happen with their sensitive company data should any of these devices be compromised. Research by Symantec suggests there is a maximum 50 percent chance of recovering devices that have been lost, much less for those that have been stolen, and that there is an 80 percent chance any remaining data on the device will be breached or compromised by whomever ends up with the device, whether or not that person makes plans to return the device (Guerra, 2012). With those statistics, it is easy to understand why IT managers are concerned about data security. One of the most effective ways for a company to deal with this reality is to create a secure BYOD policy, which can help employees encrypt their data with passcodes, determine which types of apps employees are allowed to use, and educate employees about setting up cloud management solutions from their smartphone manufacturer, such as Apple’s Find my iPhone service, Google’s mobile security service, and Microsoft’s remote account recovery service, which can all locate lost devices and remove any remaining data on them (Ho, 2012).

In addition to security of data on the devices themselves, companies are also concerned about their own networks and the security implications of allowing external devices to access the network. It is important for companies to create plans to deal with network security, such as automatic backup and redundancy of secure data within their own databases, in addition to the ability to remove or wipe sensitive data from personal devices if possible (Guerra, 2012).

While this can be a complicated task for any company, some new solutions have begun to integrate and streamline these efforts. For example, AT&T announced in September 2012 that it would begin offering mobile security services and software for smartphones and tablets that would allow companies to take advantage of corporate profiles that can be applied across a range of devices, which can transfer sensitive documents across secure protocols while users have toggled on an additional level of security through a mobile app, cutting off all outside access – and therefore outside threats to the corporate network – until the user leaves the app or returns to the settings to toggle off the additional security and disconnect from the corporate network, returning their mobile device to its usual state where they can access their usual personal items. The corporate profile, when applied to a particular device, would also allow the company to remotely wipe company-related data in the case of a security breach, while keeping the user’s personal data. AT&T said the new tools would provide more freedom and privacy to employees while giving additional peace of mind to their companies (Chen, 2012).

It remains to be seen how companies will adopt new software and services like these that are specifically designed for BYOD policy management, as these solutions are just beginning to enter the current environment and will take some time to be adopted by companies and rolled out in statistically significant numbers. However, trends show that more companies are willing to take these steps as their IT managers require solutions in real time.

Potential Benefits

From a corporate perspective, BYOD is not all doom and gloom – it also provides an opportunity for companies to take advantage of some of these changes in modern technology and culture to bring about benefits to the bottom line and to workplace productivity. The first of these benefits is cost savings – the theory that companies can save significant amounts of money if they do not have to invest so much in purchasing and maintaining hardware devices, software, and services (Bright, 2012). If employees pay for a great amount of these devices out of their own salaries, the companies will see savings of hundreds to thousands of dollars per employee over several years. Further, since employees will be more familiar with the devices they bring themselves, because they made the decision to buy them for personal use and as much are more heavily invested in the devices, support costs could go down and maintenance could become less of an issue if those employees regularly update the devices’ software (Jones, 2012). However, it is not a guarantee that any of these things will happen – it largely rests on the knowledge, experience, and level of interest in devices among each employee.

Along with the opportunity of reduced costs comes the possibility of cycling toward new technology at a faster rate. Individual business users tend to move to the next generation of hardware and software at a much faster rate than companies can for their officially supported devices – which makes sense, as one user typically has less than a handful of devices to worry about and does not have to create a large-scale implementation plan (Pritchard, 2012). If the company is able to decentralize that pain point, company upgrades could become easier, as they would have fewer company-owned devices to which they must roll out those upgrades, and business users could potentially help influence the direction of forward movement and progress in newer technology by using their own devices to remain ahead of the curve (Jones, 2012).

Business leaders could also see improvements in productivity if employees are using devices they know and care about. BYOD skeptics insist the phenomenon can be somewhat of a nightmare at the onset, for the reasons discussed earlier, but that companies can still see a reward in the long run if productivity increases. Companies would need to use the same kind of measured standards they are likely already using, such as time management systems and project management solutions, to determine whether employees were able to increase their productivity with the added benefit of using their own devices on the corporate network (Kendrick, 2012). Wired refers to BYOD as a “built-in disaster plan,” citing that the level of independence afforded to employees through using their own devices encourages them to take more responsibility for their productivity, reducing long-standing challenges at some companies in which business users placed blame on IT departments and vice versa (O’Donnell, 2012).

In the event of unforeseen circumstances that would prevent employees from physically reporting to work, the advent of BYOD could foster an environment in which it is easier for them to keep up-to-date and remain productive, since employees will have devices on them at all times – and in all locations – that can connect back to work and allow them to stay in the loop, of course considering that the company has the proper network security framework in place that would allow them to do so and is ready to handle all the other implications that come along with BYOD (Kaneshige, 2012).

Discussion of Findings

The research presented herein has demonstrated there is a steep divide in opinions as to whether BYOD is a good idea for companies to implement as an official policy. Concerns about support, sustainability, and security have led some organizations to hold out on allowing external devices onto their corporate networks, while others have seen potential benefits in cost savings, technical advances, and productivity increases that outweigh the risks. However, despite the lack of a conclusive opinion on the merits of BYOD, one thing is certain – it’s happening. Statistics have shown a marked increase in external device adoption across companies of all levels. In some respects, it is unavoidable – as business users continue to become more technologically savvy over time and computing devices become more readily accessible and mobile, and as new computing concepts like smartphones and tablets come to dominate the industry, it is inevitable that users will have those devices with them at work, whether or not they are allowed to access corporate networks using those devices.

The current trend suggests that companies have begun to view BYOD as a reality that they must contend with, so they are quickly becoming more prepared to find the benefits within this phenomenon and leverage it to their advantage, in the hopes of accomplishing the trifecta – protecting their data and network security, realizing an improvement in the bottom line, and keeping employees happy.


Back to top
SpotlightBack to top