Resistance Is Futile: When It Comes to BYOD the Trend Is to Go with the Flow

Resistance Is Futile: When It Comes to BYOD the Trend Is to Go with the Flow

Try to think of a time when employees wanted to buy their own office supplies. Was there ever a movement to bring your own fax machine? Not since briefcases and backpacks have we seen not just a willingness, but an insistence by employees that they “get” to use and pay for their own stuff. Mobile devices are incredibly personal (more personal than personal computers), productive, entertaining, informative, connecting, distracting and not exactly risk free. BYOD, or Bring Your Own Devices, is a tidal wave, and like any tidal wave, corporations and government agencies are way past the stage of stopping it. We are well into the stage of embracing it, minimizing risks, and making it work to our advantage.

In a post on the LexisNexis® Communities, Lisa Stam, a labor and employment attorney in the Toronto office of Baker & McKenzie, wrote about the futility of bucking the trend. “We cannot underestimate the allure of the mobile device, and employers who try to ban such extensions of an employee’s social system without good reason are likely to face resistance. Beyond all the stereotypes of Gen-Yers needing to Twitter® Tweet out what they just had for lunch, the more powerful call for BYOD may come from your higher-end executives who have set up their electronic infrastructure at home and want their mobile device to match―out of efficiency, a reluctance to waste time learning multiple platforms, or perhaps perceived status of one environment versus another.”

Stam cited a study conducted by Wakefield Research for Avande, which surveyed 600 C-level executives from companies and IT professionals in 19 countries. The report says 61% of companies have employees use their own devices in the workplace, and 54% say they use smartphones for basic work tasks like email, reading documents online and managing their calendar. A third of the respondents say they use tablets for the same basic work tasks, but a third also reported using tablets for more advanced business work, including CRM, project management, content creation and data analysis.

Although one might think the highly regulated business sectors that handle the most sensitive data―finance/insurance and healthcare―these industries that “dominate the overall BYOD picture,” according to a report from Good Technology.

Perhaps because of the scale of the potential efficiencies and technological sophistication, bigger companies are seeing wider acceptance of BYOD. Eighty percent of 2,000-plus-employee companies, 60% of 5,000-plus-employee companies and 35% of 10,000-plus-employee companies support BYOD, the Good Technology survey revealed.

Apparently companies in the Middle East lead the way in BYOD adoption globally, with 80% of companies there saying they allow some form of access to personal devices, according to a survey by Aruba Networks.

Employees Happy to Pay

And something that few would have predicted 10 years ago, half of the companies with BYOD models require employees to pay for their devices and the personal choice that goes along with it―and “they are happy to do so.” Forty-five percent offer some financial support to employees for their device and service plans. Good Technology also found that offering a BYOD stipend increases adoption and that nearly half of those surveyed deploy BYOD programs in multiple countries.

There is more evidence of BYOD acceptance in healthcare, an industry in which losing the right private data can cost a company millions in fines. That has not kept people in that sector from bringing their own devices, yet there is plenty of caution all around. Last year, Aruba Networks surveyed more than 130 healthcare IT professionals. The survey revealed that hospitals are embracing BYOD initiatives “but with varying levels of access to business applications.” Of the 85% who support the use of personal devices by doctors and staff at work, more than half say they are limited to Internet access only, and nearly a quarter provide limited access to hospital applications. Full access to hospital networks were reported by only 8% of those surveyed.

With all this additional traffic, bandwidth and infrastructure require some beefing up. Aruba Networks reported that half of the healthcare IT professionals said they were planning to expand or update their Wi-Fi® infrastructure in the 12 months following the survey, and 35% said they will be improving their wired networks. And there was little doubt that hospitals will own rather than outsource their network infrastructure. Ninety-three percent said they will own their network.

Sixty percent of those surveyed said their organizations support Electronic Medical Records, or EMR, applications on mobile devices.

Seventy-six percent of respondents provide Internet access to patients and visitors, with 58% having open networks with no passwords required.

For more information, and to download a presentation with an overview of the survey results, visit the Aruba website: http://www.arubanetworks.com/pdf/solutions/HIMSSSurvey2012.pdf

Productivity at Intel

Intel conducted a study of its own employees―some 19,000 of whom are participating in the companies BYOD program. Last year, Intel reported improved productivity for each employee by an average of 57 minutes per day, crediting increased access to corporate and personal applications. In the same report, Intel says its private cloud saved the company $3 million in 2012 and its crowdsource forum on new business opportunities generated more than 250 ideas. You can download their report here: http://www.intel.com/content/dam/www/public/us/en/documents/best-practices/intel-it-midyear-performance-report-2012.pdf

Good Technologies said that government and retail are the slowest to adopt BYOD. But the federal government is not ignoring the trend. In May of last year Federal Chief Information Officer Steven VanRoekel called for the establishment of a Digital Services Advisory Group “to promote cross-agency sharing and accelerated adoption of mobile workforce solutions and best practices in the development and delivery of digital services.” One of the objectives is to develop government-wide BYOD guidance learned from successful programs launched at “forward-leaning agencies.”

The Future Digital Government Strategy deliverables, such as the Mobile Security Reference Architecture is intended to help inform agency considerations on BYOD. The report also noted that the National Institute of Standards and Technology (NIST) is drafting standards and guidelines focused on mobility.

While the government is moving cautiously into the BYOD arena, the report says much has to be done on some of the more complicated issues BYOD presents. “This includes how the government can reimburse federal employees for voice/data costs incurred when they use their personal mobile devices instead of government-issued mobile devices, and additional security, privacy, and legal considerations including supply chain risk management and legal discovery,” the report explains.

Device Agnosticism

“The growing trend of BYOD demonstrates that we as IT leaders have changed how we adopt technology,” the government report says. “Gone are the days of long projects that address every demand. We must now integrate new technologies in a rapid, iterative, agile, interoperable, and secure method to meet changing market and customer needs. Device agnosticism is more important than ever. Our software, hardware, and applications must be compatible across common systems and personal devices. Our information security controls must also be consistent with existing law and standards to ensure confidentiality, integrity, and availability. Because of these and other considerations, BYOD is not necessarily a good fit for all government agencies―it has to fit the agency’s environment, support mission requirements, and meet the specific needs of staff.”

The BYOD Working Group offered additional observations about the BYOD trend -- good insights for any public or private institution.

• “BYOD is about offering choice to customers. By embracing the consumerization of Information Technology (IT), the government can address the personal preferences of its employees, offering them increased mobility and better integration of their personal and work lives. It also enables employees the flexibility to work in a way that optimizes their productivity.

• “BYOD can and should be cost-effective, so a cost-benefit analysis is essential as the policy is deployed. Such a cost-benefit analysis should take into account both potential increases in employee productivity and potential cost shifts. For example, providing employees access to government services on their personal devices should help reduce the number of government devices that are provided to staff as well as the life-cycle asset management costs associated with these devices. BYOD programs may, however, necessitate government reimbursement for voice/data costs incurred when employees use their personal mobile devices instead of government-issued mobile devices and additional enterprise infrastructure costs in handling the support of BYOD users. Additionally, overall costs may significantly increase for personnel who frequently communicate outside of the coverage area of their primary service provider and incur roaming charges.

• “Implementation of a BYOD program presents agencies with a myriad of security, policy, technical, and legal challenges not only to internal communications, but also to relationships and trust with business and government partners. The magnitude of the issues is a function of both the sensitivity of the underlying data and the amount of processing and data storage allowed on the personal device based on the technical approach adopted. Generally speaking, there are three high-level means of implementing a BYOD program:

-  Virtualization: Provide remote access to computing resources so that no data or corporate application processing is stored or conducted on the personal device.

-  Walled garden: Contain data or corporate application processing within a secure application on the personal device so that it is segregated from personal data.

-  Limited separation: Allow comingled corporate and personal data and/or application processing on the personal device with policies enacted to ensure minimum security controls are still satisfied.”