The Challenges of a Workplace Bring Your Own Device Policy

Everything was so easy a decade back. Employees used company issued computers, spoke on company cell phones, and played by all the rules of CIOs and IT departments. They usually weren’t allowed to use their own laptops or mobile devices, which allowed the IT departments to keep everything locked down.

The more generous companies gave high-profile workers Blackberries, but even those were controlled by a very strict set of guidelines. And they were Blackberries, after all. Not the best devices for surfing the internet or watching videos.

But then the mobile revolution happened. Steve Jobs invented the iPhone, YouTube, Pandora Internet Radio and Spotify Music made significant inroads with users and suddenly people wanted to bring their own devices to work. No longer content to use archaic computers and ancient communication devices, employees wanted to do both personal and business activities on the same device.

And so many companies began implementing Bring Your Own Device (BYOD) policies, allowing workers to use whatever computer or phone they desired. These policies have, in many ways, been a great boon to productivity and have huge advantages. But there are also some significant downfalls to the rise in BYOD.

In this article, I lay out the pros and cons of BYOD, as well as try to provide a bit of objective analysis of the situation.

BYOD: The Positives

NUMBER ONE: Companies Don’t Need to Pay For Equipment and Services

In the past, companies footed the bill for all related technology. Any time an employee needed a new phone or computer, or had one of those devices crash, the company had to pay all the expense. This meant getting locked into long-term contracts with vendors and suppliers and shelling out huge amounts of cash every year.

Employers also had to pay for services like internet access, mobile data, computer cabling, external hard drives, and a host of other miscellaneous expenses. Yes, they completely controlled the entire IT ecosystem, but they also had to finance every element of the ecosystem. This system was a large item line on every income statement and gouged profits.

While companies still must spend a significant amount on IT every year, they no longer have to foot large portions of the bill. Employees work on their own devices and the company only needs to provide a secure access method. They don’t pay for internet access or mobile data, and when something crashes the worker is responsible for replacing it.

As Tony Bradley says:

With the worker paying for most, or all of the costs for the hardware, voice and/or data services, and other associated expenses, companies save a lot of money — as much as $80 per month per user.

Money that was previously spent on IT equipment can now be invested in other places, which ultimately results in a boosted bottom line.

NUMBER TWO: Boosted Employee Morale

If there’s one thing employees hate, it’s working under Orwellian IT policies requiring them to use outdated and inefficient equipment. It feels like a tremendous waste of time, doesn’t allow them to customize things to their liking, and often requires them to carry multiple devices. It’s an enormous pain which leads to low employee morale. Workers want freedom. They want to be treated with respect and trust. They often feel like IT workers look down on them to begin with, and this doesn’t help things.

By implementing a BYOD policy, employees can use what they want when they want. If they got a new iPhone for Christmas, they can use it in the office. They can use their blazing fast iPad tablet and consequently, get more work done. They’re familiar with their personal Macbook laptop, and they have it set up just the way they like.

When a company implements BYOD, employees are happier, feel trusted, and don’t resent IT (as much).

NUMBER THREE: More Cutting Edge Tech

IT departments aren’t known for purchasing cutting edge technology. They want devices that are older, have been tested and patched, and have been shown to be reliable. They don’t want to spend millions of dollars on new devices only to have them be unstable. In turn, this usually means that the technology purchased by IT departments is 2-3 generations old (Windows 95 anyone?).

With BYOD policies, this isn’t the case. As the iPhone has demonstrated, most people want to be within 1 generation of the most recent release, meaning almost all the technology is relatively cutting edge. This means faster processors, larger storage, better mobile cameras (if that matters), more memory, and so on. It also means that, in theory, problems that existed in earlier generations have been fixed.

And, of course, it means happier employees since few things are more frustrating than using clunky old technology that worked most effectively during the last presidential administration.

NUMBER FOUR: Increased Productivity

This is highly debatable, but it at least deserves mention. Those who are in favor of BYOD argue that it increases productivity. They make several points to bolster their argument:

  • Employees always have their devices, meaning they can do work at home or on the road. Contrast this to workers who are more likely to leave their work laptop at the office and thus can only be productive during standard work hours.
  • Because employees usually upgrade their technology with more frequency, they have the best equipment, which in turn leads to being able to achieve more. Faster technology leads to faster results.

These arguments certainly have some merit, but there are numerous ways in which BYOD can also hinder productivity. We’ll get into that in a bit.

BYOD: The Negatives

NUMBER ONE: IT Departments Lose Control Over Hardware

The most glaring negative is that when every employee brings their own device to work, IT departments lose almost all control over the hardware. They can’t control what apps or programs are installed, how the devices are secured, or what files are downloaded.

Previously, these elements would be locked down by strict policies in order to prevent privacy breaches, hacks, and viruses. An inability to control the hardware means more vulnerabilities. An employee may innocently click a link, unaware that they’re downloading a Trojan horse virus, or use a torrent program to download illegal files.

This is a prime example of tradeoffs involved in BYOD. Offering greater flexibility to employees meaning potentially exposing the company to danger.

NUMBER TWO: Enforcing Compliance Becomes More Difficult

Certain industries, such as healthcare, have incredibly strict regulations about the use and distribution of information. Companies absolutely must comply with these policies, even if the data resides on an employee-owned device. All data must be safeguarded appropriately and only shared in strict accordance with the regulations, and a failure to comply can result in significant legal penalties.

Allowing employees to load confidential data onto their personal devices greatly increases the risk of compliance failure. The risks are numerous:

  • Employees may fail to appropriately secure confidential data outside the confines of the office.
  • Employees may accidentally share private data with those who have no right to see it.
  • If data isn’t secured properly and a device is lost or stolen, the company must take significant steps to ensure the data isn’t inappropriately accessed.

CIO.com adds even more frightening data to enforce this point:

A recent TEKsystems survey found that 35 percent of IT leaders (such as CIOs, IT vice presidents and directors) and 25 percent of IT professionals (such as developers, network admins and architects) are not confident that their organization’s BYOD policy is compliant with data and privacy protection acts, HIPAA, Dodd-Frank or other government-mandated regulations.

There are certainly numerous ways to enforce compliance on employee devices, but they are infinitely more complex than the methods used on company-owned devices.

NUMBER THREE: Difficulty Retrieving Data After An Employee Quits Or Is Fired

It’s a company’s worst nightmare. A problem employee quits or is fired, taking with him thousands of valuable, or even confidential files. Suddenly the company must scramble to retrieve the data and hope that he doesn’t do something rash.

And while the employee most likely signed an agreement regarding using company data, there’s no guarantee that he’ll keep his end of the bargain in his disgruntled state. To prevent such events, companies must have plans in place ahead of time for how to deal with these situations.

NUMBER FOUR: Legal Challenges When Searching Devices

There may be times when a company must search an employee’s device to find a bit of company data. What happens if, during that search, the IT department stumbles upon evidence that the employee has also been working on a project for a competitor?

This raises a host of hugely complex legal questions the company must navigate. Did they have permission to search the device? Would the discovered data hold up in an arbitration case? If the employee is fired and the company wipes his iPad, are they liable if personal data also is erased? What if the company finds something truly illegal, like child pornography? Would that evidence hold up in court?

To avoid these legal nightmares, companies must have crystal clear BYOD policies in place to protect both them and their employees. Failure to implement these policies can lead to massive legal headaches and significant expenses.

NUMBER FIVE: “Rogue” Devices

It’s not unusual for tech savvy individuals to customize their devices, sometimes to the extreme. Jailbroken iPhones have been around for almost as long the phone itself, and the process allows users to install apps unavailable to normal users.

But these “rogue” devices also present problems for companies. Are they covered under BYOD policies? What if a malware device is downloaded onto a customized phone which then compromises company data? How will that be handled?

This is another prime example of the downsides of BYOD. There are an almost infinite number of variables that must be addressed, and a failure to cover any of those variables can lead to problems.

NUMBER SIX: Falling Productivity

As mentioned above, BYOD advocates have argued that it increases employee productivity. Maybe. But allowing employees to bring their own devices can also significantly hurt productivity.

Yes, that brand new iPhone has some great business apps, but it also has Facebook, YouTube, Candy Crush, iMessage, and a thousand other distractions. It’s incredibly easy for employees to get sucked into the endless black hole of Buzzfeed videos, text messaging, and updating their status.

The Verdict

Clearly, there are numerous advantages to implementing BYOD in the workplace, and with the massive surge in mobile computing in recent years, it may be impossible to avoid BYOD altogether. In fact, a recent study showed that 75% of businesses allow users to bring their own devices to work.

As Lisa Phifer wrote:

This horse has not only left the barn, but will trample any IT department that intends to stand in its way. There may be use cases that are inappropriate for BYOD, such as specialized mobile healthcare devices or ultrabooks that carry classified data. But nearly every company has employees who buy and use their own phones and tablets, and those devices are going to find their way into the workplace.

But the disadvantages are real and must be thoroughly considered before implementing those policies. Failure to create clear, responsible, easily understandable BYOD rules will lead to endless headaches for a company.

The verdict seems to be that BYOD is here to stay, but that companies should use great care as they implement these policies. With great power comes great responsibility, and companies must ensure their employees use their power wisely.

Posted in: Cybersecurity, Mobile Technology, Technology Trends