Bring your own device
Many organisations are looking to transform the way they deliver and use IT and the most recent stage of the IT revolution seems to be the emergence of BYOD.
New developments always bring new risks and new strategies to lower risk. Business decisions are always about calculated risk v benefit. We aim, with you, to help users to make the best business decisions and move forward at the forefront of progress.
Bring Your Own Device as a way of delivering IT in the workplace is the way of the future in many sectors and in fact to a considerable extent is with us already. Over 70% of employees already use their own devices sometimes for work purposes, usually totally unregulated and unmonitored, because their employer’s IT policy deals with such use only by forbidding it altogether. As personal IT expertise and spending priorities spiral upwards with the younger generation, the pressure to allow employees to determine their own IT will grow ever stronger.
Many organisations are realising the considerable advantages of BYOD. High capital savings on IT devices, an average of 240 extra hours work a year from each employee allowed to work in this way, greater job satisfaction and increased employee retention are some of the main benefits.
But of course new developments pose new challenges. The relationship of employment is essentially that of selling control: in exchange for pay the employee agrees to give the employer control over their time, their concentration, their actions and their words. Retaining control is key to good management, making sure that the employee’s performance is maximised and that the interests of the organisation are protected.
Always the approach should be:
- What is in the interests of the organisation; and then
- What are the risks and how can they be reduced as much as possible.
So can the risks of allowing BYOD be so reduced that it is on balance in the interests of the business? In view of the benefits the answer will almost certainly be yes. And anyway, the 70% figure quoted above means that the reality should be recognised and regulated rather than ignored. Many of the same issues currently arise already, in respect of employee’s use for private purposes of devices provided by the employer. On to question 2 then and how best the risks can be reduced?
BYOD can work either with the employee owning the device, or in the hybrid form of giving them the chance to choose which device the employer provides them with. Control is easier when the employer owns the device, though as the employee will inevitably use the device for private use as well issues of privacy and monitoring will still arise. Whether data is stored on the device in the traditional way, with the usual IT security issues, or is streamed so that the device does not carry or store information, use needs to be prescribed and monitored.
BYOD risk can be reduced greatly by
- Recognising that risks inevitably arise, but most of them exist anyway in respect of IT use, and perfect security and control is not possible even if BYOD use is not permitted.
- Recognising the risks to the particular organisation and their systems, and devising a BYOD Policy that aims to address the realities of how the employees will actually use IT to carry out their work and manage the risks in a practical way.
- Making sure that the BYOD Policy sits in addition to the IT Policy – which should already deal with the usual major IT use risks of misconduct, discrimination, confidentiality, time wasting etc.
- Having evidence of employee knowledge and agreement, by ensuring the BYOD Policy covers the potential conflicts with employees and effectively records their agreement to the deal under which they are allowed to BYOD. If consulted upon, signed on introduction and revisited once a year, then it will be hard for the employee to argue that they have not agreed to the employee boundaries and employer rights set out in the policy.
- BYOD training line managers to be aware of the risk, aware of the boundaries set on the employee and on the employer in the agreed Policy, so they are likely to act consistently and take appropriate action at an early stage.
- In view of the current rates of BYOD in practice already, especially at the higher levels of management, all organisations should view their blanket ban as out- dated and set down boundaries for such use.
Why are you interested in BYOD?
1 If you are a supplier you will already be well-placed to sell the advantages of the BYOD concept and able to advise on ways in which the major IT security issues can now be addressed very effectively. But also be aware that your end users will have concerns about risk, especially in the control, data protection, compliance, HR and legal areas, which may be barriers to progress. They will worry that it is impossible to maintain enough control without stepping over the boundaries of property and privacy. If you are able to offer a package of Policy and training to deal with these issues, tailored to that organisation and its existing structures, with follow up advice if required, this will provide reassurance and facilitate sales and implementation. As specialists within this field and employee performance generally, we can offer to work with you to serve your end users in a way that will be cost-effective and attractive to them.
2 If you are an implementer or user, as IT, HR or other management, then you will probably already be aware of the advantages of the BYOD concept. Your supplier will be able to advise on ways in which the major IT security issues can now be addressed very effectively. But also be aware of the need to deal with inevitable but not insurmountable risks, especially in the control, data protection, compliance, HR and legal areas. The aim is to put in place structures so as to maintain enough control without stepping over the boundaries of property and privacy. If your supplier does not do so already, we can offer a package of Policy and training to deal with these issues, tailored to your organisation and its existing structures, with follow up advice if required. This will keep you in control and provide reassurance to management, assisting implementation and system maintenance. As specialists within this field and employee performance generally, we can offer to work with you in a way that will be cost-effective and attractive to your organisation.
For details of our services in the IT/employment and BYOD practice area, cost and availability, please ring Frances Barker, Employment Partner on 01473 343911 or email her firstname.lastname@example.org.
If you are interested in BYOD and wish to find aprovider of the technology, we suggest you speak toComputerlinks who are specialists in this area.
COMPUTERLINKS is empowering the IT channel, through its next generation datacentre strategy, by supporting partners as they work with IT and datacentre managers to understand and consider an emerging and potentially complex technology landscape. By providing the channel with pioneering new technologies and solutions across branch-based wireless LAN, productive application access, security and compliance, COMPUTERLINKS is helping the VAR community to support client organisations as they adapt to flexible and more intuitive ways of working and the increasing influence of the end-user in their choice of “Bring Your Own Device”.
For further information, or to request a BYOD white paper please email@example.com or call 01638 569600.