BYOD is dead — long live CYOD!
Few people would dispute the benefits of BYOD.
When employees are allowed to bring their own computers and smart devices to work, it saves their employers having to buy and maintain the devices and infrastructure needed to support them, creating happy, productive employees who use the technology they know and love.
And yet, according to a study by CompTIA, companies are ditching BYOD as their primary device acquisition model. In 2015, 53% of companies surveyed said they weren’t using BYOD — quite a spike from the 34% of 2013.
What’s emerging is that most companies tend to get tripped up on the legal and financial complexities of BYOD. Many don’t fully consider its impact on compensation, for example — how does the employee get paid for work done on the phone? What about pay for work on it after hours?
What’s more, the answers will differ hugely for different jurisdictions. With the adverse business climate for BYOD in Europe (complex regulation, unfavourable tax regime and high mobile data cost) many employers provide laptops, cellphones and even cars to employees in selected countries.
Nor are European workers happy to pay for BYOD: only 6% of employees say they’d cover the entire cost of a terminal dedicated exclusively to their professional activity, while only 18% are willing to finance part.
But the real issue with BYOD is the enforceability of security policies. Keeping a BYOD fleet secure is quite simply nearly impossible.
Most devices contain or give access to proprietary enterprise information. According to Gartner, one in four business users surveyed admit to having a security issue on their private device. And according to Osterman Research, 15 percent of employees believe they have “none to minimal” responsibility to protect corporate data stored on their personal device.
Happily, all these issues are adequately addressed by an evolutionary off-shoot of BYOD — choose-your-own-device (CYOD). Allowing employees to choose between pre-approved devices, CYOD makes concessions for user choice without sacrificing enterprise control.
And make no mistake; a degree of choice is very important. European professionals expect their companies to provide more innovative devices: only 46% of them are happy with the tools given them to do their work, while 70% are very satisfied with the technology they use at home.
Some IT managers provide iOS devices to satisfy the new generation of Apple fans. To be sure, the vendor’s claims of security by design make its devices worthy of consideration. But whatever the platform, CYOD gives IT departments the opportunity to pre-install security software and set up administrator, firewall and network settings. Companies are thus better positioned to provide thorough support to a limited number of devices.
To avoid getting tripped up on CYOD, companies should focus on effective implementation that blends security and flexibility.
Tip 1: At the very least, balance user desires with productivity. Offer enough variety — especially if the organization is shifting from a BYOD culture — but test products exhaustively.
Tip 2: Plan and ready yourself for CYOD with a comprehensive mobile protection strategy. Focus on active defense methods, characterised by a risk-based approach to security management versus incident response. Pick a best-of-breed data loss prevention product that integrates well into your mobile product and supports your strategy.
Tip 3: Assemble the right team. Mobile projects should include members from IT, legal, HR, security operations and the business. Ensure that members of the IT team who solve mobile problems clearly understand the objectives.
CYOD provides the right mix between the old and the new to satisfy everyone and be the mega trend BYOD promised to be but never was.
I hope this look into an important variation on the BYOD theme is of help. What, in your experience, is the single most important thing to remember in your device strategy?