Bring Your Own Device: A Strategic Primer for Forward-Thinking Businesses
By segmenting users, defining delivery mechanisms, evaluating network options, being sensitive to global and cultural attitudes and keeping a sharp eye on investment returns, organizations can generate more value from the fast-growing “bring your own device” (BYOD) phenomenon.
A rapidly evolving device ecosystem with a seemingly endless combination of formats (smartphones, smartwatches, tablets, phablets, notebooks, laptops and smart cars, for example) has brought with it a number of security, legal and regulatory concerns, and left many organizations questioning if they should allow employees to use personal devices at work.
In 2015, Cognizant surveyed 15-plus global companies across industries, including life-sciences, retail, manufacturing and technology, with revenues over two billion. The results of the survey revealed important takeaways on BYOD adoption and associated policies. For example, only five of the companies surveyed had well-defined BYOD guidelines for all device formats (e.g., mobile, tablets and laptops) and user types (e.g., employees and contingent workers). BYOD programs were predominantly focused on mobile devices (only two companies allowed BYO laptops/tablets); contingent workers who were not on payroll were largely excluded from the program.
Key Components of a Sound BYOD Strategy
In our view, organizations need to consider the following in order to deliver on the BYOD value proposition:
Focus on user-type segmentation. Clearly define the various types of users (full-time employees, contract workers, business partners, etc.) who can bring their own devices into the workplace. Our research reveals a lack of clarity among organizations regarding who can use personal devices for work-related activities. Blanket policies such as "contract workers will not be allowed to bring their own device” can stifle productivity and collaboration.
A better approach is to categorize applications into "classified" and "general use" to address security concerns, and open general-use applications to all user types.
Stipends and reimbursements can help encourage adoption among various user types.
Rolling out a Bring Your Own PC (BYOPC) strategy that utilizes a secure virtual desktop for short-term contingent workers can help reduce costs and shorten provisioning timelines while advancing “day-one” productivity goals. Virtual desktops offer a secure, contained system that is isolated from the client machine, thus alleviating security concerns regarding BYOPC.
Bonus tip: Apple Mac fans are some of the biggest proponents of BYOD. Support this trend with policies that address the needs of these zealous users and their machines.
Consider delivery mechanisms that vary by device type. Explore virtualization and containerization-based delivery mechanisms to help address security concerns associated with BYOD. (The initial focus of BYOD was restricted to smartphones; however, thanks to advances in desktop virtualization, device profiles have recently expanded to include tablets, notebooks and laptops).
One of the biggest barriers to BYOD adoption is the technological divide that exists between personal-computing and mobile operating systems – an issue that has underscored the need for multiple delivery and control mechanisms.
Virtualization decouples devices from the OS – providing an effective way to extend BYOD to personal computing devices such as laptops and notebooks. Isolating devices can help prevent data from “leaking” from the virtual desktop to the host device.
Containerization can help alleviate user concerns about the level of control that the organization has over their device.
Some companies no longer provision physical desktops and laptops to employees and contractors – opting instead for virtual desktops that are accessed through thin/thick clients owned by the end user.
Bonus tip: Bring your own app (BYOA) extends the concept of BYOD by allowing users to leverage best-of-breed public applications. Cloud applications such as TripIt, Google Docs and Dropbox are becoming increasingly popular with the workforce, and are often acquired directly by end users for business-related tasks.
Think through the network implications. Create network-access services for “non-compliant” BYOD mobile and personal-computing devices.Network access control remains a primary challenge when it comes to enabling BYOD – resulting in the need to set up alternative "BYOD" networks to address security threats that non-compliant devices pose. Our advice:
Newer approaches to multi-factor authentication (MFA) and remote access solutions (such as PulseSecure hardware and software with RSA SecurID authentication) will prevent unauthorized devices from accessing corporate resources.
Install a DMZ network for applications that need to be accessed over public networks, rather than fully inside the “trusted” network, to help address security concerns.
Leverage certificates or other authentication mechanisms to streamline the remote access authentication into a VPN or virtual private network on-demand service.
Bonus tip: Organizations are setting up public-facing BYOD networks via WiFi access to enable BYOD and prevent threats to the trusted network. The dedicated BYOD WiFi network runs in parallel to the corporate WiFi, but comes with security restrictions to prevent access to trustworthy resources.
Acknowledge global variations. Ensure that BYOD policies take into consideration local regulations and user preferences. BYOD attitudes and policies vary significantly across regions – compelling companies to customize BYOD “do’s and don’ts” by geography. Our advice:
Local culture, privacy, data-protection and regulatory concerns play a significant role in end users' attitudes about using personal devices for work-related activities. Europe tends to be more conservative, with cultural and regulatory roadblocks that can hinder BYOD adoption. Privacy and legal issues are cited as primary reasons for not allowing personal devices to be used at work.
For example, the litigation process is quite different in the U.S. than in the EU. While the EU does not employ the concept of discovery, companies in the U.S. are required to produce any data that has relevance to litigation. Acceptable use and end-user policies play a crucial role in defining the level of control an employer will have over the personal device. Data protection laws are far more explicit and stringent in Europe, requiring employers to clearly detail data collection and monitoring of the personal device that will be part of the BYOD program.
BYOD is a mature practice in the U.S., followed by APAC regions, where the work/life boundaries are tightly bound. A recent Gartner study indicates that U.S. companies are twice as likely as their European counterparts to adopt BYOD models.
Bonus tip: Attitudes concerning "who will pay for work devices" vary across regions. Stipends for those who use their personal devices for work-related activities can help alleviate some of these concerns. A study conducted by Cognizant (see hyperlink) revealed that a stipend in the range of $40-$50 per month to cover device and network costs can help maximize BYOD adoption while reducing spend on corporate devices.
Think early and often about return on investment. Calculating return on investment (ROI) for BYOD is not always a straightforward process. When implemented wisely, BYOD can help reduce the IT asset footprint while fostering flexibility and mobility in the workplace. Our advice:
Cost avoidance and savings can reduce spending on devices and network infrastructure. Based on our research, a stipend of $40 to $50 for employees who moved from corporate provisioned mobiles to a BYOD model delivered a net savings of 10% to 15% on corporate mobile devices. Likewise, a shift to virtual desktops accessed through BYOPC for contract workers resulted in a 24% decrease on desktop-related costs.
Increased spending on securing corporate data on personal devices can offset savings on infrastructure and devices, from procurement and training, through support and maintenance.
Higher end-user satisfaction resulting from more choices and more flexibility can improve employee loyalty and productivity while increasing business value.