BYOD: here to stay?
Has your company gone BYOD (Bring your Own Device)?
This growing trend consists in allowing employees to use their own devices, like smartphones, tablets and laptops, at work.
This practice is already commonplace in emerging economies; for example, in Brazil and Russia, 75% of companies are BYOD companies. In developed countries like Canada, where workers’ professional and private lives are ostensibly more clearly separated, the ratio of employees using their own devices at work is closer to 44% 1.
BYOD policies benefit employees, as connecting their devices to their employer’s network provides them with greater flexibility and simplicity, as well as a feeling of satisfaction.
But BYOD also benefits companies, since employees working on devices that hold no secrets for them are more productive. In some cases, BYOD models can enable companies to save on the purchase of countless devices. According to a CISCO survey, companies with fully BYOD environments can save $1,650 per employee per year 2.
That said, full BYOD policies in large (or even medium) enterprises can present several challenges.
First and foremost, security can become an issue, since access to, and use of, sensitive information is that much more difficult to monitor. Tight controls, dedicated resources and infrastructure adjustments can mitigate this problem.
Second, the proliferation of disparate devices can cause headaches in terms of management, configuration and updates for IT departments, which have to make sure that all devices are compatible and can get the job done.
Finally, billing can become an issue. BYOD policies create a grey area: who should be responsible for the cost of purchasing and using devices – the company or the employee? Companies may choose to pay for part of the costs; but if devices are used for both professional and personal purposes, how do you calculate the percentage of data related to work?
Minimizing security risks
Some companies adopt an intermediate model, Corporate Owned, Personally Enabled (COPE), as a compromise solution. This model consists in employees using company-provided and supported devices that are also enabled for personal use. This solution simplifies support and maintenance by limiting the choice of devices, operating systems and applications available to employees. This system also provides companies with an interesting legal benefit: since the employer retains ownership of the devices, it also retains the right to wipe data in case of theft, loss or malicious use.
Given the proliferation of connected devices, combined with the growing trend of teleworking, it is becoming increasingly unrealistic to ban all personal devices from connecting to company networks and data. However, regardless of a company’s stance on BYOD, the important thing is to define and communicate a clear policy, where employees are not only aware of expected behaviour standards, but also explicitly commit to observing them.