Allowing Personal Devices At Work: A Faustian Bargain? - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

IoT
IoT
Government // Mobile & Wireless
Commentary
9/20/2011
03:02 PM
Michael  Belak
Michael Belak
Commentary
50%
50%

Allowing Personal Devices At Work: A Faustian Bargain?

Progressive CIOs and their organizations can realize big benefits, but tread carefully.

The rapid growth in mobile device usage is creating a tsunami of change for CIOs and corporate IT departments. A growing number of CIOs are embracing mobile device management programs that let employees "bring your own device" (BYOD) to work. But are they unknowingly making a Faustian bargain, compromising corporate security and by extension brand loyalty and customer good will?

Resistance to BYOD may not be futile, but it will get more difficult as employees insist on using the tools they need to succeed. The worldwide mobile phone market grew about 65% in the second quarter compared with a year ago, according to IDC, which forecasts that the smartphone segment, led by Apple, will grow 55% this year compared with 2010.

That rapid growth hasn't gone unnoticed by corporate IT departments. In a survey of delegates at a recent SC Magazine conference on mobile device management, 60% said they supported a BYOD policy, while 32% were planning to support one in the future. So BYOD is happening, for at least a couple of good reasons:

  • Reduced IT hardware and support costs. A BYOD policy lets companies shift some portion of the cost of mobile devices to their employees and contractors. Companies may get additional cost savings by reducing training and IT support.
  • Increased employee productivity. The theory, at least, is that employees who use the devices they're most comfortable with are happier, more productive employees. And rather than have to rely upon the traditional IT organization's command-and-control procurement policies, employees in a BYOD world move to the latest device at their own, faster pace.

[The InformationWeek 500 conference had plenty to make IT leaders squirm. See CIO Summary: Killer Insights From The IW 500 Conference.]

While a BYOD policy offers companies seductive promises, you can't ignore the ever-present risks, including:

  • Exposing sensitive data. As employees use more and different mobile devices in various settings, they're more likely to lose those devices or have them stolen.
  • Introducing malware to the corporate network. If CIOs thought it was difficult to maintain network security with standardized devices via controlled access, just wait until their departments have to work with a multitude of non-standardized devices connecting to the corporate network, perhaps without all the proper security updates applied. .
  • Greater need to control network access and ensure data privacy. When employees leave an organization, or they lose a mobile device, corporate IT will need to quickly terminate network access and restrict access to corporate data residing on the device. Additionally, corporate data must be protected and segmented at all times from the employee's personal data stored on the device. .

Despite all the risks, a BYOD policy is a valuable opportunity for CIOs to position their organizations as value adders and revenue drivers instead of fat cost centers that can't keep pace with business needs.

Global CIO
Global CIOs: A Site Just For You
Visit InformationWeek's Global CIO -- our online community and information resource for CIOs operating in the global economy.

The first step is to develop a mobile device management policy that clearly states usage and data privacy expectations. That policy should include provisions for:

  • Data security--ensure that corporate data is kept separate from personal data. Most mobile device management software provides a protected sandbox for corporate data.
  • Device diversity--state which devices will be allowed and which not. BYOD doesn't necessarily mean any and all.
  • Cost--state clearly which items the company will pay for and set limits on reimbursements.
  • Access controls--identify how devices will be provided to employees. Employees should understand their eligibility.

The second step is to implement supporting technology to manage and secure both corporate data and the mobile devices that data resides on. Two software vendors, MobileIron and Good Technology, provide a good starting point when evaluating mobile device management solutions. Other MDM software vendors include Zenprise, AirWatch, and Mobile Active Defense.

Progressive CIOs need to evaluate BYOD carefully. Big benefits await those who manage it right.

Michael Belak serves as the CIO of Metropolitan Regional Information Systems, the largest online listing service for residential real estate in the United States. Previously, Belak served as CIO of the District of Columbia, Department of Public Works, and has held senior leadership positions with Marriott International, NASDAQ, General Electric, and IBM. Write to him at [email protected].

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

News
Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
News
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
Slideshows
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Video
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Slideshows
Flash Poll