BYOD, in my opinion, is a option for employees, not a forced practice. The option is to have full mobile capabilities extended to the corporate world in order to do your job but using your own mobile device(s) that you already own. Instead of carrying and worrying about multiple devices for multiple functions, personal and business, give the option to use one they already own. This is where part of the cost savings come from. The business doesn’t have to procure the hardware device, manage a service contract for cellular, text and data and most likely don’t have to host a Blackberry Enterprise Server (BES) onsite. A percentage of the monthly cost goes back to the employee as a stipend to cover part of their personal service costs.
I am not going to go into the business side management of security and all the canyons of problems that come with BYOD only the costs. So the option approach there is a realized cost savings that the business can benefit from. However, there are some that may be taking it too far and are coming full circle to a business supplied mobile device model, but with BYOD labels.
Here’s another scenario I have heard and read more about in a BYOD model. That model is that BYOD is forced and there is no other option. For those that have their own devices then this is not really a problem. That is until the users refuse to have their personal devices be probed, reviewed, locked down, scanned, by the business in addition to the power of completely wiping the device in their hands. I am not talking about just wiping you mail account and messages but the whole phone, your apps, games, saved files, photos of your children. Poof.
The alternative is the business provides a purchase stipend for the employee to buy a ‘supported’ device, separate to their personal device, and then have to get a new contract. So the business now is buying devices new, like before, and covering the full service contact since the new phones are not joint personal/business. There would be more control around this scenario but I can’t find out how any money is being saved. Especially since most companies have pretty good procurement arrangements with retailers to get phones far cheaper than on the street that the employees use. Then there there is there problem of really ‘owns’ the device then. Under BYOD the employee owns it, but if the business fronts all the costs for the device do you think the employee will get to keep the device if they leave? If not the business now has to figure out what to do with that device, recycle it, give it to another employee and before you know it the business is back in the business of device management.
If the employee is forced to take care of a business use device on their own, which means entering into a multi-year contract, what happens if you lay that person off or they leave? The cell phone service provider doesn’t care, you have a 2 year contract with them with no way out.
BYOD, own device. That’s the key. A business forcing will experience costs and headaches above and beyond than running a ‘hybrid’ model of business delivered and optional combination of personal and work use. Or worse exceeding costs from sticking with proving the devices.
Like everything, BYOD is no different, just because you can doesn’t mean you should… especially if you don’t have a well thought out plan to execute.
End of Line.
Binary Blogger has spent 20 years in the Information Security space currently providing security solutions and evangelism to clients. From early web application programming, system administration, senior management to enterprise consulting I provide practical security analysis and solutions to help companies and individuals figure out HOW to be secure every day.