BYOD is a good thing for organizations both in and outside of the IT industry. People who bring their own device to work might drastically slash the cost of maintaining and refreshing every employee’s machine. Because the employee owns the item, the manufacturer’s warranty usually takes care of repairs. The problems generally begin when organizations try to figure out how to secure it.
Security is viewed as the biggest problem with BYOD. However, BYOD has brought a lot of other unexpected consequences to the forefront, for everyone from the CIO all the way down to the IT managers. Today, I’ll outline the top unexpected consequences of BYOD, explain SHI’s approach to combating those issues, and go over some tips for customers who are trying to implement an effective BYOD strategy in their organizations.
- Securing hundreds of mobile devices. The explosion of the iPad and other mobile devices has caused a major issue for employers. The last time I counted, there were over 100 new tablets added to the market over the past few years. People bringing their own device into the work environment are allowing company data to reside on their devices. With that comes the risk of employees losing their phone, which automatically puts the company at a huge liability. The solution to this is to employ a mobile device manager (MDM). Once installed on a device, it can remotely wipe all the company-owned data from mobile devices.
- Decentralized spending. The second major consequence of BYOD is the issue of decentralized spending. When I say decentralized spending, I mean that the individual end users that work at an organization are going out and buying devices to use at work with their own money, and then having to expense it back to the organization. For example, if a company has 1,800 employees and they all are given the freedom to go buy their own device on their own credit card, it would cause an accounting nightmare of 1,800 different expense reports. Moreover, there wouldn’t be much of an opportunity for the accounting department to plan for those 1,800 expense reports, because it would have no idea what device each employee is going to purchase. We’ve seen this problem reflected back to us here at SHI. In the past, we’ve sold thousands of laptops or tablets to one single customer at a specific time. Then, we’d be able to report back to the customer exactly how many they’d purchased, the serial numbers for their records, and tell them their total spend. But today, with the immense amount of devices in the marketplace and users wanting to choose their own, we can’t do that.
How SHI can help
We combat this using our Procurement division. We provide the customer with a portal that its employees can use to select their devices. The customer chooses what will be available in the catalog, and its employees can pick from those devices. That way, the customer knows that it can come back to SHI to get proper asset tracking, telling it exactly how much it has spent, and where it was spent — down to a cost center or division level.
We can even do some configuration services to put asset tags on the devices. So we’ve taken those legacy web catalogs and marketed them as a BYOD portal, so end users can go on and purchase what they like.
Best devices for BYOD
Now I’d like to talk about some of the devices that most customers will include in their catalogs. When it comes to Android, the openness of the marketplace is both good and bad. It’s good if you have developers that can customize it and make sure it’s secure. It’s bad if you don’t.
There’s been some concern around Android devices being brought into workplace networks because there’s no real scrutiny when apps are published to the Android app store. That means that anybody could put an app there that could prove malicious.
That’s been a big concern for a lot of companies when it comes to Android. Apple tends to be of a favorite among customers, because it has built-in security with high-level encryption. If one app gets a virus, it won’t infect any other portion of the device.
Setting the corporate policy
My advice for any customer attempting to set up a corporate policy on BYOD is to make sure the policy is released far in advance of the day that employees will be permitted to bring in these devices. Companies need to decide: Is this something that they’re going to give a stipend to employees for? Or is this something that’s going to be wholly owned by each individual employee?
Each organization is different. I’ve seen situations where, although the employee did not purchase the device through the organization but still used it for work, the corporate policy still has a hold over that device. It stated that because the user brought it onto the network, and is using MDMs, the company could secure the device, meaning personal and corporate email could be erased in the face of a security threat.
At the end of the day, we are still early enough in the trend that every organization is dealing with BYOD on a case-by-case basis. As the proliferation of mobile devices continues, there will be a continued need for more policies to be put in place by employers. Have any questions about how you’re handling BYOD in your company? Reach out to me in an email.