BYOD versus CYOD — I said, you said

By you (and Lee Naik)

Two weeks ago I wrote a blog on two device policies currently in use in enterprise organisations — Bring Your Own Device (BYOD) and Choose Your Own Device (CYOD). The article was very popular, racking up more than 560 000 reads at last count, and was ranked the top blog across the entire LinkedIn platform for the week.

Readers commented extensively, but what really struck me was the quality of the engagement. Some readers’ experiences corroborated my views, while others took issue with what I said. As a result I’ve refined my take on selected topics, while others require further discussion. On the whole it was a very illuminating and positive experience, brimming with new use cases that really tested my ideas on the issue.

The fundamental character of the two frameworks came up for discussion, and here I have to thank readers for picking up on nuances I hadn’t specifically mentioned. So let me take a second to explicitly define the two variants: BYOD is exactly what it sounds like — employees bring their choice of device to work while with CYOD you’re asked to choose between a finite number of device models — supplied by yourself or the company.

That last bit — who does the supplying — is an interesting detail. You see, I called CYOD an “evolutionary off-shoot of BYOD”. And in the sense that I had in mind — CYOD supplied by the user — that is true. It is indeed a more recent variant of the BYOD phenomenon (itself fairly recent). But CYOD as supplied by the organization is more than 10 years old, as some readers point out. That’s the beauty of social media engagement. Maybe more of my articles should be crowdsourced!

But let’s dive right into the deep end of our dialogue. I didn’t run any numbers, but one thing is apparent: While it may be too soon to write off BYOD (too many contractors and start-ups get by on it), there is nevertheless overwhelming support for CYOD, supporting the thesis of the article. Several reasons come into play: CYOD retains the good of BYOD (supporting productivity and a degree of choice) while overcoming some of its biggest problems (specifically, cost of training, ease of management and security). One reader summed it up by saying CYOD is a welcome return of the dog wagging the tail.

Of enormous value, too, was the comment that CYOD helps solve the problem of technology in education for its simpler logistics and superior security stance, while still providing choice.

However — and here I give readers full credit for changing my view on matters, methods to secure cloud deployments are a lot less trouble than before. A handful of readers pointed out that to secure a BYOD (or perhaps any) device, you only need to put a virtualised, managed company image on it, completely sandboxed with VPN access. That way you won’t have to manage a truckload of different devices, and all the company’s information remains in a secure location.

In fact, with virtualisation, the whole BYOD/CYOD distinction falls away, a reader pointed out. And if that’s the case, they ask, why are we still talking about it?

Hang on, not so fast. Is virtualisation all it is cracked up to be? Why, asks another reader, would you spend thousands on a device you’re using as a dumb terminal with limited functionality and no local data? It is possible, of course, to have an enterprise environment AND whizz bang personal device heaven on the same device, but the real issue I have with a 100% virtualised corporate environment concerns the many hours I spend travelling to and from client and industry engagements. On a 15-hour flight, I want data on my device, in order to be productive. That is, after all, the point of mobility.

Furthermore, another reader points out, we should never underestimate the value of being tested, and both BYOD and CYOD are test cases for a complex battleground of user, IT and organisational interests. “As wearables and the Internet of Things become more widespread, and their capabilities go up, it’s going to be the next IT nightmare — you’re absolutely right to bring [device diversity and the best form of it — BYOD or CYOD] up now, while we still have the opportunity to pre-plan our security posture, rather than largely reacting to it as many of us did in the sudden onslaught of BYOD.” Indeed.

Are we right back to BYOD then? Well, tactics like virtualisation won’t wash with emerging platforms like IoT. According to a study from HP Security Research, 70 percent of the most commonly used IoT devices had serious security vulnerabilities, so now is as good a time as any to settle our device stance.

As one reader perceptively said, we can’t talk about a mobile Internet, as though mobility (and device diversity) are party crashers that we have to cater for as afterthoughts. All devices and things make up the Internet in its infinite variety, and the catering needs to plan for all comers.

And with that I’ll sign off on the most compelling themes raised by readers. Thank you for an extraordinary conversation that truly elevated the dialogue we have on an ongoing basis, whether we’re aware of it or not. I hope there will be other opportunities to share a byline with you in future!

Reader of the week (albeit two weeks ago) goes to Jodie Reynolds for some excellent insights.