To bring or not to bring your own device, that is (and has been) the question.
Since the debut of the iPhone 10 years ago and the subsequent proliferation of smartphones and tablets, enterprises around the globe have struggled to reconcile the cost-benefit equation between allowing employees to use their personal devices for work, or forcing them to carry a company-owned device.
The term BYOD (bring your own device) was coined earlier this decade as the smartphone and tablet boom made it clear that the use of mobile devices for business purposes was a benefit to employers and employees alike. If an employee owned a smart device and could use it for corporate and personal purposes, businesses wouldn’t have to invest in hardware and related support. Employees could either submit carrier charges as expenses, or in many cases simply receive a monthly stipend ($40 to $70 is a common range) from their employer. The research and consulting firm Gartner found in 2016 that only 22 percent of companies issue phones directly to their employees (Figure 1).
With apologies to Shakespeare, BYOD is now suffering from the slings and arrows of outrageous fortune and many question whether it will survive into the next decade. The shortcomings of BYOD can be summarized:
- As devices and mobile operating systems have proliferated, the costs to enterprises for managing security and legal liabilities have increased dramatically. This is particularly acute where iOS is less common, such as in Europe and APAC, where a multitude of diverse operating systems and OS versions have resulted in employee phones devices being pre-loaded with “bloatware” that can present data security risks to employers as well as employees.
- The ability to calculate a fair reimbursement or stipend amount is stymied by the way carriers summarize data charges on bills, which makes it difficult to impossible to separate corporate from personal applications and data usage and costs. Plus, the cost of administering and management approval of expense reports or stipend payments adds up.
- A court ruling in California (Cochran v. Schwan’s Home Service) mandated that businesses pay “reasonable compensation” to any employee using a mobile device for work. The ruling is not final. Not all businesses, including many small businesses, presently reimburse on a routine basis and may struggle to fairly calculate the actual reimbursement amount for business use if this ruling becomes law.
If BYOD programs are to be successful, businesses must put in place an effective mobility policy which includes Enterprise Mobility Management (EMM) and that not only addresses security concerns but also controls costs and increases productivity. Of course, many small organizations lack the resources to administer EMM internally and turn to an increasingly sophisticated and cost-effective group of managed services providers to manage BYOD.
Large enterprises, on the other hand, have the purchasing power to negotiate cost-effective deals with device distributors and carriers to supply their work forces with smartphones and tablets and eliminate BYOD altogether. Very recently we have seen Apple and GE in a deal that will standardize iPhones and iPads for 330,000 GE employees and Apple and Delta Airlines reach agreement on providing devices to 30,000 employees, including flight crews.
Expect to see more of this for the simple reason that Apple’s iOS operating system for mobile devices is a very controlled ecosystem. The risk of a security breach is minimal in such a closed system. The reason Apple iOS wins out over Android is that Apple owns the infrastructure, controlling the device, the operating system and a tightly controlled app-store. Worth noting is that Google has now introduced a similar closed operating system for the Android ecosystem that has potential to compete for corporate use.
The drawback to the Android systems used on devices other than the new Google device is that the Google Play app store does not review the new apps with the same intensity as Apple and is seen as more likely to introduce malware onto the device and therefore into the corporate network. There was a reported case of a free flashlight app for Android that turned out to be accessing everybody in the user’s contact book. Applications not rigorously screened could easily introduce malware to a corporate data server, a risk that many businesses just shouldn’t take. That’s the number one issue against BYOD.
The second issue is that employees run into support issues with BYOD. If an employee’s corporate email stops working, they need to call a support desk, which in turn must troubleshoot. If it’s an Apple device, that’s relatively simple with one operating system within one or two versions of the current release. But with Android, there are dozens of operating systems to vet with each carrier customizing the standard OS to provide their unique user experience, making support of a simple task much more complicated and costly.
Many businesses are concluding that they simply can’t be bothered with BYOD and are reverting to Corporate Liable devices and plans like GE and Delta Airlines. But there are still countless businesses who do back-of-the napkin calculations that conclude the benefits of having employees using their own devices outweighs the costs and risks of a BYOD policy.
While it tends to vary by culture, in some countries it is still common for employees to carry two devices – to truly separate between business and personal use. Recent advances in operating a single device in a dual persona mode (personal and business persona) may also may also be offer a single device solution where only business data may be wiped from a personal device when the employee leaves.
One thing is clear – BYOD has been the introduction to more of a “BYOx” environment where employees are bringing more than just the device into the corporate world and may be using consumer cloud applications in the workplace too. Files too big to email to a coworker may be shared via a user’s own file share account such as Drop Box meaning that proprietary and confidential company data may be leaking out of the corporate domain. Other, consumer grade devices, applications and tools used for work and corporations need to be ready with policies and systems able to validate adherence to those policies to protect against the security and liability issues these may introduce.
Author Bio
Ian Murray, Vice President, Tangoe. Ian brings over 18 years’ experience helping enterprise clients select, implement, and manage Telecom Expense Management and Managed Mobility Solutions. Ian is responsible for developing and delivering go-to-market strategies, sale training and enablement, product and solution launch plans, creation of compelling positioning and messaging, and building market awareness for Tangoe’s solutions with a focus on compelling use cases and business value. Ian is a member of the Chartered Institute of Management Accountants (CIMA) and has almost 3 decades of international work experience.