Bring your own device (BYOD) enables companies to save money and employees to do their work on devices they prefer rather than standard corporate issue; so what’s not to like? The most prominent concern over BYOD is maintaining security when numerous devices from numerous vendors (and potentially running all manner of software) are all connected to the company network. This issue, however, is not the only one; a number of other difficulties may also arise, both for the company and for the employee.
Company Savings, But at What Cost?
Attempting to please everyone with corporate-issue mobile devices is bound to make almost everyone unhappy. Some will like the models that the company chooses, and others won’t; some will appreciate the periodic upgrade, whereas others will prefer to stick with what they know. Either way, the company pays. But BYOD enables the employees to individually select the devices they prefer—presumably, that not only saves the company capital costs, but it makes employees happier (even if just in a small way) and more productive, yielding even more returns. But this sunshiny picture has some dark clouds on the horizon; here are some of the critical concerns.
- Who pays for the service? Device (and even maintenance) costs are one thing, but service charges are another. Cumulative costs for cellular voice and data services can easily exceed device costs within a year, particularly for cases of heavy usage. Who should pay? If the company pays, does it gain any say in how the employee uses the device? Can employees still consider their devices to be their own property? On the other hand, should an employee be expected to pay for service to do his or her job at the company? And what about service contracts if an employee quits or is fired? A “middle” approach could involve a stipend of some sort for service fees, but should any stipulations be placed on usage?
- Will security costs outweigh the savings? The diversity of devices in a BYOD system poses a number of security risks. To be sure, security is always a challenge, and maintaining it always incurs a cost. But do the added security risks and any extra damage done to the company network offset the savings from BYOD?
- Does it really make employees happier? The company may be saving money from BYOD, but is the employee forced to foot the bill? In tough economic times, an employee is unlikely to quit over BYOD (versus company issue)—the cost isn’t necessarily that great, but it probably doesn’t make everyone happy. Yes, having one device instead of two (one for business use and one for personal use) can be more convenient, but those who prefer separating their business lives from their personal lives might get annoyed. Furthermore, it’s easy to see how a single smartphone, for instance, could easily result in work bleeding further into personal time—possibly a win for the company, but a lack of time to recharge away from work can hamper productivity during normal hours.
BYOD: Privacy and Confidentiality
Looking beyond money, other BYOD concerns also arise for both the company and the employee. These concerns can quickly become legal matters for both sides, and the rules can be rather fuzzy. The following are a couple potential issues.
- What about employee privacy? The employee pays for the device, but the company may implement some strict—and perhaps questionable—policies. Companies tracking usage and even location for corporate-issue devices is one thing—after all, it’s company property. But this matter becomes more dubious in the case of BYOD. Should your employer be able to track your location or even potentially access your private data? If your personal smartphone is doubling as a business device, you have less of an ability to just turn it off if you want some privacy.
- How should companies manage confidential data? When an employee uses a personal device for business uses, the chances of an intermingling of private data and confidential company data increase. To protect themselves, some companies enable a “remote wipe” capability that allows them to delete data on an employee device. Again, for company-issue gadgets, this is an unambiguous matter, but what happens when personal data is destroyed in the name of protecting the company’s rights?
- Does BYOD make compliance a headache? For companies whose businesses fall under PCI or HIPAA regulations, for instance, BYOD can cause problems thanks to mobile devices doubling for both personal and business use. Obviously, even dedicated company devices can be lost or compromised, but mixed-use devices potentially enable more avenues for attack or other compromise. And government regulators won’t care about your BYOD policy, particularly if an infraction means fines (read: more free income for the government).
The working assumption for BYOD is that it enables significant cost savings for the company, but a report by Nucleus Research questions the unqualified assumption that BYOD always provides a meaningful return. Indeed, quantifying the value of BYOD in terms of gained productivity and even lower absolute costs relative to incurred costs (security measures, network downtime because of BYOD, regulatory compliance costs and so on) is difficult. The Nucleus report summarizes the situation by saying that “The hard ROI of BYOD (Bring Your Own Device) is being confused by feel-good claims around productivity and vendor proclamations that lack a financial foundation. To understand the ROI of BYOD, companies must consider the costs and benefits that companies can realistically expect from each area of BYOD.”
So, BYOD may or may not provide the value that proponents often claim. Given the challenges and possible benefits, it most likely can work in some situations but not in others. The task of determining whether BYOD can provide a meaningful return falls to individual companies, and it requires far more than simply assessing how much can be saved in one-time costs to purchase devices for employees.
BYOD is a strategy that can work for certain companies in certain situations. Determining whether your company fits that class, however, requires some work. Important considerations—beyond simple cost savings—include employee privacy, how to secure confidential data, legal and compliance considerations, and other mobile-device costs (e.g., cellular service fees). And, of course, network security is a major concern as well. In addition, it never hurts to re-evaluate your company’s mobile-device usage as a whole: the gadgets are cool, but do they really provide business value, or are they just cute distractions? As with any company strategy, before you implement a BYOD policy, take the time to do your homework—don’t just buy into the claims of potential savings, and don’t be quick to assume that what works for another company will work for yours too.
Photo courtesy of Brad Frost