BYOD: It’s more complicated than you might think
The ramifications of bring-your-own-device policies will affect both IT managers and employees. But it’s not all bad news...
IT experts have a simple message for IT managers about bring-your-own-device (BYOD) policies: Don’t underestimate what you are getting yourself into.
On the one hand, that’s hard to imagine. Since agencies first started exploring the idea of allowing employees to bring their own mobile devices onto agency networks, they have been working through the ramifications in such areas as infrastructure operations, device management and, of course, security.
But there’s more to BYOD than they might suspect, both for better and for worse.
It’s not just a matter of bringing new technology into the enterprise. It’s about how that technology is being introduced: by the employee, not the bureaucracy. That shift needs to be taken into account as agencies develop their IT plans and budgets.
One potential problem is that BYOD shifts technology purchases from the procurement process (i.e., an agency buys the products and services) to the expense-reimbursement process (employees buy the products and submit expense reports for the services).
For agencies, the shift can come with a cost — literally.
The research firm Aberdeen Group warns that the hidden costs of BYOD can eat up any anticipated savings. Some examples are the costs associated with processing an increasing number of expense reports, a heavier workload for the help desk and related support operations, and the extra effort to manage and secure the data on devices.
However, the shift also has one big benefit: It speeds IT adoption.
“An organization may be better [able to] keep up with mobile technology advancements by aligning to the consumer rather than the much slower pace of business technology adoption, with its long cycle of detailed requirements analysis, established refresh rates and centralized procurement heritage,” according to a report by Gartner, an IT research and consulting firm.
Some federal IT managers might wonder if it makes sense to skimp on those detailed requirements analyses. Will employees do sufficient research, or will they resort to impulse buys?
But David Johnson, a senior analyst at Forrester Research, an IT research and advisory firm, believes that employees are likely to make smart buying decisions out of a healthy self-interest.
In a recent blog post, he compared IT users to mechanics shopping for tools. “They will buy tools that align best with their own strengths and help them do the best work they can,” Johnson wrote. And they will “generally select good quality tools given the choice because they don’t have time to waste dealing with cheap ones that break.”
Nevertheless, employees must be prepared to accept certain trade-offs.
In most agencies, any device being used to access government applications and data will need to comply with any number of federal IT policies.
The BYOD toolkit developed by the federal Digital Services Advisory Group and the CIO Council emphasizes the importance of finding the right balance between the personal privacy of the employee and the organizational security needs of the agency. For example, both parties need to agree to an “acceptable use” policy, and they need to address legal discovery ramifications, including the possible confiscation of the device.
In effect, the consumerization of the enterprise also might be called the corporatization of the smart phone.
The key to managing this tension is employee training, said Stacy Crook, a senior analyst for mobile enterprise research programs at IDC, an IT research and consulting firm.
Most organizations require employees to sign BYOD agreements that outline the governing policies and expectations. The problem is that employees are eager to bring in their smart phones and are likely to sign the agreement without reading it through.
In one case in the private sector, 70 percent of employees who attended a training session ultimately decided not to sign their company’s agreement, Crook said.