Download - BYOD - who carries the can?
-
7/29/2019 BYOD - who carries the can?
1/16
Copyright Quocirca 2013
Rob Bamforth
Quocirca Ltd
Tel : +44 7802 175796
Email: [email protected]
Clive Longbottom
Quocirca Ltd
Tel: +44 118 9483360
Email:[email protected]
BYODwhocarriesthecan?Balancingthecosts,risksandbenefitsofbringyourowndevice(BYOD)
March2013
Thereisatrendamongemployeestowanttousetheirpersonalchoiceof
mobile device in the fulfilment of their work commitments. While this
appearstobringmanybenefitsfortheemployeetoselecttheirpreferred
device or devices and, on the face of it, reducesupfront costs for their
employer, it does introduce significant on-going costs and risks for the
organisation. However, with many appealing mobile consumer devices
beingoffered,thetrendislikelytoincrease,soorganisationsneedtoworkout suitable strategies and policies to manage this complex and hybrid
situationinthebestinterestsofboththemselvesandtheiremployees.
FirstpublishedinJune2011withthetitleCarryingthecan,butnowupdatedtoreflectrecentindustrytrendsandchanges.
-
7/29/2019 BYOD - who carries the can?
2/16
BYOD who carries the can?
Quocirca 2013 - 2 -
BYODwhocarriesthecan?Balancingthecosts,risksandbenefitsofbringyourowndevice(BYOD)Consumertechnologiesandattitudesarerapidlyenteringtheworkplace.Organisationsmustdevelopaworkableandefficient
strategy fordealing with three major issues surrounding employee use of smart mobiledevices deviceconsumerisation,connectioncontractsandpayment,andthesecuremanagementofcontentorapplications. Thebalancebetweenwhatisownedand providedby thebusiness versus what isintroducedbythe employee (i.e. BYOD bringyourowndevice)needs careful
consideration.Overall,thisisoftenreferredtoasevaluatingwhethermobiledeploymentsarecorporate-liableoremployee-
liable,whichthisreportwillexplorefurther,alongwiththeimplicationsfortheorganisation.
Mobileworkingisno
longeraminority
activity
Fasterandubiquitousconnections,combinedwithsmartersmalldevices,havenotonlymadeit
possibleforworkinvolvingITaccesstobeconductedawayfromthedeskbutalso,withanew
generationof touch screen tablet devices, it is almost mandatory.These technologies have
become ingrainedinconsumerbehaviourthroughthewidespreadacceptanceanduseofthe
internet and social media. Organisations are no longer dealing with a handful of individual
roadwarriors,butawholearmyofmobileworkerswithdifferentexpectationsandneeds.
Touchscreentablets
arepopularforhomeandwork
Whetherthisisanalternativetoalaptoporsimplyanextramobiledevicedoesnotmatter,
tabletsbringaninformalapproachtoaccessingcontentandcommunicatingthatcouldaddto
securityrisks.The factthatmanyindividualswillalreadyhaveoneforpersonalusewillmeanthatthisclassofdeviceisaverylikelycontenderforabringyourowndevice.Ontheflipside,
corporate-issuetabletsareverylikelytohavepersonaluse,soeitherwayitwillbeimportant
tounderstandhowtheyfitintothecorporatemobilestrategy.
Consumerisationof
ITmeansusershave
strongopinionsand
wanttochoose
Technologywasoncemoreadvancedintheworkplacethanathomebut,formanyworkers,
thisisnolongerthecase.NotonlyhasconsumerITbecomepervasive,itissimplertouseand
appealing.Individualsbuyconsumertechnologytomatchtheirpersonaltaste,style,imageand
aspirations,andwouldliketheirworkoptionstomatchtheirconsumerpreferences.Onegroup
of employees in particular, senior executives, sometimes use (or abuse) their position to
compelITdepartmentstoallowthesepersonalchoicestobebroughtintotheworkdomain.
Savingsindevice
purchasingmaskcontractissuesand
hiddencosts
Havingemployeesbuytheirowndevicesmightbringpotentialupfrontsavings,butthereare
unexpectedconsequencesforhighercostselsewhere.Organisationsneedtobeclearthatthey
understandwhatthesearesuchaswhatnetworktariffsarebeingused,whatistheimpactonsoftwareandsupport,aresomepeopleunabletofunctionproperlybecausetheirchoicesare
incompatibleinsomeway(e.g.withtheirrole,orwithotherusersorothertechnologiesused
inthebusiness)?
Consumerattitudes
tomobileappsand
contentintroduce
risks
Thereisnopointtryingtoturnablindeyeorignoringtheinevitable.Mostorganisationsare
probablyunawareof thenumberofconsumerdevicesthatemployeesuseforworkpurposes
orwhatpersonalusetheymakeofcorporatenetworkresources.Whiletheorganisationmight
notwantto,forexample,blockaccesstosocialnetworkingandcloudbasedpersonalstorage
orfriskemployeesformemorysticks,itdoesneedtounderstandwhatishappening,assessthe
exposuretorisk,andputinplacesuitablepoliciesandprotection.
Theorganisationhas
tomonitorandkeep
alevelofcontroleitherway
Whether mobile devices are company ownedor employee owned, if they are used on the
organisationsnetworktoaccesstheorganisationsassets,theorganisationhasaresponsibility
tomeasure,checkandprovidesafeguards.Thisisnotonlytosecuredata,butalsotosecure
thebestvalueforthelowestoverallcosttotheorganisation.Donewell,thiswillnotconstrain
theemployeebutwillbenefitthem.
Conclusions
Therealityisthatthisisnolongeranissuetoavoid.Employeeswillhavetheirownmobiledevicesandmanywill,attimes,wantto
usethemforworkpurposes,evenifonlyoccasionally.Thisconsumerisationofdeviceisnotthesameasdealingwithnetwork
contractsorbilling,butisoftenconflatedwiththembuttogethertheyhaveawiderimpact.Dealingwiththeissuesthisraisesis
somethingallorganisationsshouldaddressnowiftheywanttoavoidcostsandsecurityrisksovertime.
-
7/29/2019 BYOD - who carries the can?
3/16
BYOD who carries the can?
Quocirca 2013 - 3 -
Introduction-themobiledevicedilemmaTimetopackupthedesk
Predictingthedemiseofthedeskhasbeenabitlikepredictingthepaperlessoffice.Whilegreatintheory,thereare
manyconstraints,oftenpersonalandsocialratherthantechnical,whichmakestherealitysomewhatmorecomplex
toachieve.However,thecomfortandattachmenttowood,aluminiumandgenerallycheapveneeriswearingthin
foranumberofreasons,somedrivenbytheorganisationbut,perhapsmoreimportantly,manyothersdrivenbythe
individual.Mobileisbecomingadefaultandacceptedwayofworking.
Everyonehasnot suddenlyadopted thefullynomadicworking styleof aroadwarrior,salesrepor field service
engineer,butwhilemostbusinessactivitiesaredependentonaccesstoIT,thisisnolongeranactivitythatrequires
participantstositatadedicatedplacetousetheiraccessdevice.Mobileworkingformanyistheflexibilitytowork
anywherein the office,just asmuch asforothers itmightbewhile drivingdownmotorways, sitting inairport
loungesorlogginginfromastudyathome.
Theadvantagesforthebusinesshavebeentrumpetedforsometime;thepotentialtodownsizerealestateand
lowercostsoffacilitiesorofficespaceandboostproductivity,effectivenessandresponsivenessofemployees.The
formercanbeimplementedwithflexibleofficeandhot-deskingprogramsandrenegotiationofrentsorthesaleof
assets,butthelatterdependsheavilyonthecommitmentoftheindividualemployee.
Consumerisationofmobiledevices
Whereasoncethissortofcommitmentwashardtostimulatewithcorporateissuelaptopsandmobilephonesbest
suitedtoroadwarriorsandyuppies,thepervasiveconsumeradoptionofsmartphones,tablets,theinternet,social
networksandnewshinydeviceshavemademobiletechnologydesirable.Onthefaceofit,thismightmakeeffective
mobileworkingeasiertoachieve,butitintroducesmanycomplexities.Thesestemfromtheincreasingnumbersof
mobiledevicesbeingusedbyemployeesasconsumersandahugevarietyofdevices,eachwithdifferentbrandand
styleappeal.
The desktop, laptop and mobile phone are rapidly
being overtaken by smartphone and tablet form
factors-touchscreendeviceswiththeconvenienceof
mobile phones, the compute power of laptops but
simpler usability than traditional desktop computers
(Figure1).
Partoftheswingtowardssmartphonesandtabletsis
duetothesignificantconsumersuccessofAppleandAndroid platforms, but even the more corporate
MicrosoftandBlackBerrybrandshaveadoptedamore
consumer oriented stance in their marketing
messages. All of these devices capitalise on ease of
use, internet connection and the availability of large
numbersofcheaporfreeapplications.
Theydeliverasocialandmediaconnectiononthemovewhichissoappealingthatmostdonotwanttolosethis
lifestyleaccessorywhileatwork.Thisleadstoasignificantincreaseintheamountofmobiledatausage.
-
7/29/2019 BYOD - who carries the can?
4/16
BYOD who carries the can?
Quocirca 2013 - 4 -
Organisationalcontrol
Herein lies theproblem. Consumers have becomeardent fans of the technologiesthat might make themmore
productiveasemployees,buttheyareunlikelytowanttohavelesscapabledevicesfortheirwork,berestrictedas
towhich services they canaccess,orbekeen tocarrymultiple devicesfor homeandwork. Theylikethe BYOD
opportunity tohave their personalpreferenceand individual choice.However, theorganisation needs to retaincontroltoensurethesecurityofitsITassets,protectitsliabilitiesandmanagecosts.
Onthefaceofit,adoptinganindividual-liableapproachcouldbeofsignificantvaluetotheenterprise,bysimplifying
orremovinganumberofdifficultissues.Indeed,ifthiswerejustaboutthepurchaseanduseofstandalonetools,
passingtheresponsibilitytotheindividualwouldbeveryworthwhile.Thecomplexityfortheenterprisecomesfrom
thefactthatitisnotsimplyaboutthedevice,butanumberofinterlinkedfactors:
- Hardwarenotonlythecostofbuyingthedevices,butalsoperipheralsfromearphonesandBluetooth
headsets to docking stations and chargers. Most of these are very personal and will depend on the
individual, so providing a standard issue set that would work for all would be expensive. Over an
employeestenuretheremaybeupgrades,replacementsandcompaniondevicesrequired.
- Applicationseventhesmallestmobilehandsetshavesignificantcomputepowerandstorage,andcan
downloadanythingfromringtonestofullblownapplications.Mostemployees,whetherusingacompany-
issued or personally acquired device will want some non-corporate applications. These might be
unofficial,butstillusefulfortheirdaytodaywork,suchasfortraveltraintimetables,airlinedeparture
apps,currencyconversionornoterecording,reminders,shipmenttrackers,etc.
- Networksnolongersimplybusinessphonecalls,butamixofpersonalandworkactivitiesthateatinto
data, minute and text tariff pools. SIM swapping from corporate feature phones to employee-owned
smartphonesisbecomingamajorissuenowthatallSIMsaredata-capableanddatausageoutsideofa
propertariffwillincurlargepay-as-you-gocharges.Whatshouldbepermitted,bannedorpaidforbythe
employee? While tariffs have been slowly falling over time, usage is rising and, with a varied mix of
applicationsonamyriadofdevices,inanunpredictableway.Measuringworthandcostofnetworkuseisnowverycomplex.
- Personal cloud since employees as consumers have become familiar with using several devices in
differentcircumstances,e.g.atabletwhilerelaxingathome,amobilephonewhiletravelling,aPCatthe
desktoptheywanttosharesomeinformationacrossallofthem.Theyalsowanttosharewithfriendsand
colleaguesandtogetherthishasledtogrowinguseofpersonalcloud-basedstorageservicesamemory
stickinthecloud.Thisisarealsecurityanddataleakagechallengefororganisationstodayandovertime,
theseserviceswillstarttocomeata price,andtheremaybecoststhatbecomevisibleonlyonexpense
claims.
- Usagenotonlyarenetworkresourcesconsumedinacomplexway,butsotooistime.Mobiledevicesare
oftenjustifiedbasedonproductivitygainsandresponsiveness,buthowmuchmoretimeandefficiencydoindividuals lose by not paying full attention due to legitimate interruptions, alerts or entertaining
distractionsfromtheiralwayson,alwaysonlinemobilecompanions?
-
7/29/2019 BYOD - who carries the can?
5/16
BYOD who carries the can?
Quocirca 2013 - 5 -
Impactofemployeechoiceoncost
Theshifttowardsanemployee-liableapproachisoftenjustifiedalongthefollowinglines.Employeesalreadyhave
their ownpreferencesofmobile devicesas consumers,andallowingthem toexercise that choice forwork willcreatelessfrictionandmakeiteasiertorecruitsuitableemployees.Itwillalsothensavetheorganisationfrom
havingtheupfrontcapitalcostformoreexpensivepiecesofhardware.
However,itisamistaketoconfuseemployee-liabilitywithconsumerchoiceofmobilehardwarethereareother
issuestoconsider,andthesebegintohighlightwheresomeofthebroaderimpactwillbe.Organisationsneedto
considerhow fartheywantto bealong thescaleof handingover mobile liabilitiesto individuals. Withcellular-
connectedmobiledevices,thereisaspecificareaofcostthatmustbebornewhoeverprovidesthehardwarethe
mobilecontract.Thishasconsiderableramificationsforbothindividualandorganisationasalthoughvoicecallsand
textmessagesarebeingofferedinevergreaterbundles,capsandextracostsarestartingtoappearonwhatwas
once all-you-can-eatmobile data plans. Mobile data expectations anddemands through increasing useof apps
especiallyforpersonalinadditiontobusinessusearegrowingrapidly.Thecontracts,tariffsandwhopayswhatfor
business and personal usage are still major factors in determining the actual lifetime costs of corporate- oremployee-liableapproaches.
Contract Device Payment
CORPORATE
Completecorporateliability
CHOICE
Corporateliability,withconsumerisation
CHARGED
Corporateliabilitywithend
userpayment
CONSEQUENCES
Corporateliabilitywith
consumerisationandpayment
PERSONALCompleteindividualliability
Doesresponsibilitylie,withtheorganisation
ortheindividual?
Thereareothercostimpactsontheorganisationdependingoniftheindividualisresponsibleforcontract,device
andpaymentofongoingusagewhetherforpersonalorbusinessuse.
-
7/29/2019 BYOD - who carries the can?
6/16
BYOD who carries the can?
Quocirca 2013 - 6 -
Contracts
Thesearegenerallyconstructedtokeepcostsdownandreducecomplexityfortheorganisation,so,onthefaceof
it,handingownershipandresponsibilitytotheemployeeseemslikeagoodidea.Howeverthisisamassivelossin
termsofeconomiesofscaleand,whileindividualcontractswillbelucrativeforthecarriers,theywillgenerallybe
moreexpensiveforboththeindividualandorganisation.
Individualresponsible Impact
Deviceupgrades
Existingcontractterminationmostuserswillhavethelatestdevicebecausethey
have been offered it as part of the deal for extending their existing private
contract.Ifthatdeviceistobecomeabringyourownintoworktheywillneedto
terminatetheprivatecontract,butwhowillpay?
Helpdesk
support
Normallyneeds tobe put inplace and available toall users, ideally ona 24x7
basis, but iftheemployeehas theirown contract, this will bewiththe service
providerorup totheindividualtomanage,eitheronlineorwithpeers.Thiswill
impactmobiledeviceeffectivenessofemployees.
Networktariffs
Volumediscountsnolongerapply.Mobiletomobile,mobiletolandline,landline
tomobileon-netratesareverycompetitiveandnormallyaround1/3rd
ofthecost
ofcrossnetworkcalling. Ifusersareallowedtohavemulti-networkoptionsthis
willincreasebothmobileandlandlinecosts.
Network
bonuses
Thebonusespaidbythenetworksforthecorporatecontractarelikelytobelost.
Thesebonuseshavebeenpaidinavarietyofways,butareavaluethatcould
diminishveryquicklyandonethatmustbeaccountedfor.
Data
consumption
Data is purchased in bundles but with no way of segregating business and
personal data usage, so no mechanism to re-coup personal data consumption
costs.Basedonaveragepersonalcallstatisticsof28%ofallcalls,personaldata
usagecouldbefarmoresignificant.
Whatistheimpactof contractcostsontheorganisationNegativeNeutralPositive
Thekeytoreducingandcontrollingcostsisaccountabilitythroughthecostcentrearchitectureallthewaydownto
endusers.Withindividualstakingcontractresponsibilityandreclaimingthroughexpensesallaccountabilityislostin
astackofpaper,paidmonthlywithnoeasymethodorextensiveresourceburdentovalidateclaims,payments,
usageandpersonalcalldeductions,letaloneanywaytovalidatenetworkbillingcharges.
Thisapproachnowcomeswithfargreaterimplications,withdatabecomingthenormonbusinessconnectionsand
being supplied in bundles. Organisations cannot possibly expect users to be able to evaluate their data
consumption andadjust thedata bundle to best suit their usage profile. Itwould benaive fororganisations to
believethatthisistheroleofthenetworkthisistheirownin-housemanagementissueandtryingtopushthisout
to the networks as their responsibility is not a business-like approach. It is the equivalent of sending a bankstatementtoabankmanagertocheck.
Mostorganisationsthathavesigned/re-signednewcontractsinthe last 18monthsmaynotbe aware thatvoice
connectionsarenolongerlimitedtovoicecalls.Networks,bydefault,setupcontractssothatallvoiceconnections
automaticallyincludepay-as-you-godata.Thisisa managementheadachefororganisations tocontrol costs,and
especiallytheusageofdata,becauseoftheriskofSIMswappingfromabusiness-suppliedphoneintoanemployee-
owneddevice.UsersthatSIMswapfromaconventionalvoice-onlyconnectiondevicetoafeaturerichdata-centric
devicefindthatdatawillworkanddonotquestionwhethertheyshouldorshouldnotbeusingittheybelieveits
thenorm. Pay-as-you-go willprove a very expensive wayofusing data compared to an agreedandnegotiated
contracttariff.
-
7/29/2019 BYOD - who carries the can?
7/16
BYOD who carries the can?
Quocirca 2013 - 7 -
Devices
Again,whenmobiledevicesweresimplyphones,thedesireforanemployeetowanttheirownparticulartypeof
device was only slight. Now a diversity of smartphones and tablets, strong consumer brands and a wholesale
acceptanceof technologyin manypeoplespersonallivesmeansthatmanyemployeeswillhavestrongopinions
aboutwhattheydo,anddonot,likeorwanttobeseenwith.
Thisis where themuch-discussed consumerisation of theenterprise appears to generate themost gain for the
organisation;however,evenheretheinitialcapitalcostsavingscanquicklybeundermined.Formanyemployees,
theremaybeunexpectedcoststhatpreviouslywereabsorbedbytheorganisation.
Individualresponsible Impact
UpfrontcostShouldbebornebytheemployee,althoughahalfwayhousewhereemployeesare
offeredanallowanceprovidingtheychooseasuitabledevicemightbeused.
DeviceunlockingAlmostallhandsetswillneedtobeunlatchedfromtheiroriginatingnetwork.Thiscostsbetween10and30.Therearecheaperbackstreetoptionsbutthis
inevitablyrenderswarrantiesnullandvoid.
Device
Management
servicesupport
Individuallyboughtdeviceshaveconsumersupportmodels,withextendedwait
timesforin-warrantyreplacements.Thisistheresponsibilityoftheuserwhorisks
beingoff-airwhilewaiting,whichmayimpacttheirabilitytowork.
Replacement
costs
Operatorsubsidyoverthecontractlifetimeisamajordriverforadoptionofthe
consumermobiledevices.Usersseldomunderstandtherealorreplacementcost.
Valid
procurement
Strictrulesarenecessarywheretheuserbuystheirowndevicee.g.ifusingeBayor
certainotherchannelstheusercouldbebuyingagreyimportwithnosupportand
withcompletelydifferentsoftwaretothenormforthatcountry.Evenbuyingfrom
recogniseddealerscancauseissueswithsupporttimescales.
Mobilepolicy
Withdevicesbeingbroughtinbyindividuals,mobilepolicieswillneedtobeputin
place andcertainlybeefedup. Thisis required evenin organisations that donot
routinely provide mobiledevices for their employees, as employees will bring in
personaldevicesinanyevent.
Software
platforms
Standard builds and volume discounts keep the cost of providing a common
software platform low, but not if the employees choose their own devices.
Organisations willhave toprovideandpayfor softwaree.g. malwareprotection
evenonemployee-provideddevicesplatformdiversitywillincreaselicencecosts.
Application
availability
MoreworkloadinITtoensureapplicationsareavailableorthatthereare
alternativesfortherangeofdevicesemployeeschoose.
Databolt-on
Wheremanycorporatedevicesmighthavehadvoice-onlytariffs,onceemployees
providetheirowndevicesintocorporatefleets,databolt-onswillberequiredtobe
addedontothecontract.Overalargefleetofmobileemployeesthiswillhavea
considerablecostimpact.
Whatistheimpactof devicecostsontheorganisationNegativeNeutralPositive
Payment
-
7/29/2019 BYOD - who carries the can?
8/16
BYOD who carries the can?
Quocirca 2013 - 8 -
Workingoutanacceptableaccountabilitymodelsothatindividualspayforpersonaluseandtheorganisationpays
for business use has been difficult enough to implement with voice calls, but becomes impossible with data
consumptiononsmartphonesandtablets.
Where the organisation is responsible for payment,thiswillinvolveclaimsandexpensesprocessing,which
is a costly system to run, but without such controls
employeeabusecouldberife(Figure2).
Iftheindividualisresponsibleformakingpayments,it
is most likely they will want to claim the business
elementsoftheirexpensesback.
Thisisfraughtwithdifficultiesbecause,whilebusiness
and personal phone calls mightbe relatively easy to
identify,theyaredifficulttoverifybytheorganisation
asthebillbelongstotheindividual.
However since mobile data is rapidly becoming a
significantelementofmobiletariffs,especiallywhileroaming,allocatingthisfairlyoraccuratelybetweenbusiness
andpersonalisprettymuchimpossible.
Individualresponsible
Impact
Personaluse
Nolongerneedstobemonitoredandrecoveredasacost,butemployeeswhoare
payingtheirownbillsmaybetemptedtospendmoretimeonpersonalactivities
whentheyshouldbeworking.When controlledby theorganisation thiscanbe
monitored automatically, but otherwise will need well communicated andunderstoodpoliciestoensureappropriateemployeebehaviours.
CarbonFriendlyIndividualliabilitymeansINDIVIDUALbilling;somemaybeonline,otherson
paper,butprobablyrequiringprintoutsforreclaim,sonotverycarbonfriendly.
ExpenseReclaim
Thecostofprocessingexpenseclaimsisnotfreeandonethatmanyorganisations
overlookorfailtotakeintoaccount.Theaveragecostassociatedwithprocessing
isroughly4050perclaimandcanquicklymountup.Anumberofemployees
arelikelytobeclaimingexpensesalready,soaddingalineseemstrivialbutmany
users will not be claiming expenses on a monthly basis so this may generate
considerableextraworkifprocessing100/1000sofmobileinvoices.
Policing&Compliance
Withbillingdatasentdirecttousersthereisverylittleorganisationscandotoanalysebillingdatawithouttheconsentofusersindividualbillingmakesdata
personalevenifthereisultimatecorporateliability.
Monitoring&
validation
Monitoringandvalidationisnon-existentwhenitcomestoexpense-paidmobile
bills.Mobileexpendituregetslostanditisalmostimpossibletoprovideaccurate
managementinformation.Afterall whoisgoingtogothrough1000sofpaper
billstocheckifauserhasallocatedpersonalcallscorrectlyorifatall?
Whatistheimpactof paymentcostsontheorganisationNegativeNeutralPositive
-
7/29/2019 BYOD - who carries the can?
9/16
BYOD who carries the can?
Quocirca 2013 - 9 -
Impactofemployeechoiceonrisk
Fromtheemployeesperspective,takingthematterofmobiledevicesintotheirownhandsmakessense.Consumer
productshavemadeITandcommunicationstechnologyaccessible,simpletouseandwitharelativelylowupfrontcost.Improvements inqualityanddesignmeansindividualsaremoreconfidentthatthetechnologyisunlikely to
breakdownor,ifitdoes,theycanaskafriend,lookonlineforhelp,or,asalastresort,readamanualorcontacta
suppliersupportcentre.
Therazorandbladescommercialmodelsprevalentwithmostaspectsofconsumertechnologyencourageinitial
purchase andstimulateon-going usage.So connection costsandsoftwareandmediapurchasesare spreadover
time and individually look insignificant, although the build up over time with ever-increasing usage might be
considerablymoresignificant.
Beyondrackingupexcessivecosts,therisksfortheindividualfortheirownpurchasesarelossofhardware(often
mitigatedwithinsurance),lossofmediaorapplicationcontent(generallymitigatedwithsynchronisationtoanother
deviceoracloudservice)orinfectionbysomeformofmalware.Formost,theseareminorconcernscomparedtothebenefitsofusingthetechnology.
Withtheseconsumerexpectationsinmind,itshould
be no surprise that employees would then also
expect to use their consumer devices for work
purposesandviceversa(Figure3).
This is particularly prevalent among younger
members of the workforce, many of whom have
already wholeheartedly adopted new mobile
technologiesforpersonalusethelatestgeneration
oftouchscreentabletsbeingacaseinpoint.
Thosewhohaveadoptedtabletsforpersonalusewill
increasingly be using it forworkpurposes indeed
will expect an enhanced experience through such
devices.
Interestingly,while other colleagues mayhave initially encountered tabletdevicesfor workpurposes, theywill
discover personaluses for these devices, and there willbe a growing crossover between workplace needs and
personalneedsrightacrosstheagespectrum.
While thiscrossover might seemreasonable forthe employee, it doesopen up significantlevelsof risk for the
organisation,andtheseincreaseiftheorganisationdoesnotownorcontroltheunderlyingdevice.
Many oftheserisksare exacerbatedby thedouble-edgedpopularityof consumerapplicationsand socialmedia,
which opens up a multitude of opportunities for employees to waste time and mobile network capacity.
Encouragingemployeestoworkwhilemobilewith tools andnetworkaccessontheassumption that itwillmake
them more productive might bea forlornhopeunless suitable on-goingchecksormeasurableoutcomesare in
place.
There are many disadvantages to the organisation if employees choose such a wide variety of options that
compatibility issuescreep in.Not only willthisaffectwho hasaccess towhat facilities, itwillmake itharderto
providetechnicalsupportandhardertoensuredataintegrityandthatadequatemeasuresareinplaceforbackup.
-
7/29/2019 BYOD - who carries the can?
10/16
BYOD who carries the can?
Quocirca 2013 - 10 -
IndividualresponsibleImpact
Device
acceptance
Individualmorelikelytolookafterandtakebettercareoftheirowndevice,keeping
itscorporatecontentandaccesssafer
Inappropriate
content
Organisationscandolittletomonitororcontrolthecontentofemployeesown
devicesand,iftheydo,thiscanleadtoemployeeconcernsaboutprivacy
Tax
implications
Needtobeunderstoodandcorrectlymonitoredwithrespecttopersonalcallsand
potentialchangesintheapproachtobenefitsinkind.
Security
management
Organisationneedstoputwatertightpoliciesandeducationinplacetoensure
individualssuitablyequiptheirdevices,orhaveconstrainedaccesstocorporate
resources.
Security
support
Considerationneedstobemadeforthecostofsupportingsecuritysoftware,
platformsandservers,whethersupportedinternallyorexternallythiswillcost.
Dataintegrity
&backupRequiresindividualsupportandmaybemoreadhocthanorganisationwouldprefer.
Technical
support
Organisationmayencounterunknownandunexpectedissuesthatindividualsare
unlikelytoresolvethemselvesordirectlywithproviders.
Breadthof
support
Supportingdifferentoperatingsystemsacrossanunknownrangeofmobileplatforms
swellsthelevelofknowledgerequiredorforcesuserstodoitthemselves.
Incompatibility
DespiteinitiativessuchasJava,andthegrowingmarketshareofplatformssuchas
Android,thelackofacommonmobileapplicationplatformmeansthat,withopen
choices,therewillbesomeincompatibility.
Cohesion
Someemployees,e.g.seniorexecutives,mayobjecttohavingtoself-support,and
stillexpecttheITdepartmenttohelpthem,meaningITspendsmoretimeonadhoc
queriesorfire-fighting.
Whatistheimpactof riskontheorganisationNegativeNeutralPositive
-
7/29/2019 BYOD - who carries the can?
11/16
BYOD who carries the can?
Quocirca 2013 - 11 -
Mostcompaniesrecogniseandareconcernedaboutmobilesecurityrisks,butmanystruggletoidentifythedevices
that are attachedto their network (Figure 4). Much ofthe history ofmobile deployment has been adhocand
lackingstrategic focus, initially withseniorexecearly adoptionforcing thepace,which might be whymost still
struggletosetouteffectivemobilepolicies.
Security is always a problem with mobile devices
usedforbusinesspurposes,withtheriskoftheloss
ofdataaswellasthehardwareitself,fromtheftor
lossofthedevice.Thismightbemitigatedsomewhat
withBYODforbusinessuse,asemployeesaremore
likely to take care of their own possessions than
thosetheymightfeelaresubstandardandhavebeen
imposedonthem.
However this is unlikely to be sufficient for the
organisation, many of which will consider it to be
necessary to protect corporate assets on employeeowned devices, through installing security agent
software,aprotectedsandbox,virtualisationoreven
wholedeviceencryption.Toofewseemtobeableto
managethistoday.
Howdeeptheorganisationreachesintoanindividualsowndevicewillhaveimplications,especiallyintheeventof
terminationofemployment.Thereisalsotheriskthattooheavyhandedorconstraininganapproachwillchokeoff
theverybenefitsthatorganisationswerehopingtheiremployeeswouldgainfrombeingabletochooseconsumer
mobiledevices.
While thepositivesideof theemployee-liable approach isthatemployeesmightbemorecarefulwiththeirown
hardware,theiruseof socialnetworkingondevicesusedforworkaswellaspersonalactivitiesmightexposethe
organisationtomalwareriskanddataleakage.ThisneedstobeadequatelyaddressedbytheorganisationifBYODis
tobeacceptable.
TherearefurtherissueswithaccesstocontentthataffectITpolicies.Unlessorganisationsensureallmobileweb
trafficis routed through internal accesspoints then users withmobileweb devicesusing public networkaccess
pointswillbeabletovisitsitesthatwouldnormallyberestrictedoninternalaccesspoints.Ifamobileusercan
access these sites and aninternal user cannot - how should ITpolicy deal with this, especiallyas itcannot be
monitored?Ifbothsetsofusersknowthis,thereisariskofclaimsofdiscrimination.ThisthenraisesafurtherHR
issueifusersareaccessingsitesoncompanydevicesthatareconsideredinappropriate.
-
7/29/2019 BYOD - who carries the can?
12/16
BYOD who carries the can?
Quocirca 2013 - 12 -
Mobilestrategyandpolicies
Manyorganisationsseemunabletoknowwhattodointhefaceoftherelentlessconsumerpressurefordevice
choice,withconsequentfragmentationofnetworktariffsand potential risk tocorporateassetsandfor abuseofresourcesandtime.Theyshouldstartbydefiningamobilestrategy-somethingmostorganisationsfailtodo,hence
whymanymobiledeploymentshavebeenadhoc-andconsequentpolicies.
Thesehavetoencompasstheorganisationsattitudetoriskandsecurity,costcontrolandmonitoringandbroader
reasonsorvalueexpectedfromtheadoptionanduseofmobiledevices.Thiswillthendeterminetheapproachto
whereitisnecessarytoinsistontightcontrolandwhereitisacceptableforemployeestodothingsforthemselves
(Figure5).
Not all employees will want this freedom, even if
offered, and will welcome the clearly defined
parameters that allow them to separate work and
personal activities. They might have to carry theirownpersonalmobiledeviceaswellasoneforwork,
butthe clarityof physical separationoffersbenefits
forbothemployerandemployee.
Mobile strategy andpoliciesneedto beestablished
in collaboration between line of business
management, individuals and IT or resource
management, and not some dictat from an
embattled IT manager, penny pinching finance
director or overly prescriptive individual in HR.
Ingenious or disgruntledemployees will always find
waysroundwhattheyperceiveasinappropriateconstraints,evenifitmeansdamagingcorporateassets.
SomeseniorexecutivesgoandbuydevicesthemselvesandwillthenapproachITdemandingtheymakeitwork,so
almostallorganisationswill have toconsiderthe implicationsofallowingat leastsomeemployees tobringtheir
owndevices.The challenge fortheorganisation istoensurethatany short-termcost savingsorapparent values
gainedarenotoverwhelmedbyotherhiddencostsorexposuretorisksthatproveexpensiveinthelongerterm.
-
7/29/2019 BYOD - who carries the can?
13/16
BYOD who carries the can?
Quocirca 2013 - 13 -
Conclusions
Theincreasedacceptanceanduseofadvancedcommunicationstechnologyineverydaylifemeansthatindividuals
asconsumershaveaccesstomoreadvancedtechnologythantheymaydoatwork.Theymaythereforefeelthattheiremployerisnotprovidingthemwiththemosteffectivetoolstomatch:
- workneeds-tocarryouttheirroleaseffectivelyaspossible
- socialneeds-status,prestige,beingpartofthegang,etc.
- personalneeds-applicationsorservicestheyneedorwanttousedaily
Withregularmobilephones,themainissuessurroundkeepingatabonthemixofbusinessandpersonaluseand
deciding who pays the bills. With smartphones and tablets the issues expand to application usage will they
introducesecurityissues,willpersonaluseescalate,howmuchextrasupportwillemployeesneed?Whetherthese
smartmobiledevicesareprovidedbytheorganisationortheindividualmakesadifference,but,critically,sodoes
theownershipandmanagementofthecontract.Therealityisthatallorganisationswillhavetofindawaytodeal
withemployeesbringingintheirowndevices,soitisbesttoincorporatethisintotheenterprisemobilestrategy.
Organisationsneedtoactfasttoputpoliciesinplacetoretainanelementof control.Thisisalreadyanissueand
therewillbeaconfusingmixofbothcorporate-andemployee-liabledevices.Thereisnosingle,simplesolutionand
userswillneedtobeprofiled,basedontheneedsoftheirrole,sodifferentgroundrulescanbeestablishedfor
differingbusinessneeds.
Theorganisationhas to decide where consistency is important or vital. Thismayinvolvesome commonalityof
devices,butthemainaimshouldbetodeterminecommoncommercialandoperationalplatformsindependentof
the actual device. The commercial platform has to take into account all elements of the contracts used for
connectivityandwhatelementsemployeesmustpayfor.Theoperationalplatformshouldprovidethelevelsand
typesofaccess,securityandmalwareprotectionrequiredandwhethertheindividualorthecompanyprovidesthe
device.Whereanemployeeschoiceofdevicedoesnotfitwithwhattheorganisationneedstodeliverintermsofa
suitableplatform forwork,theemployeeneeds tobemadefullyawareofthelimitationsof theirchoiceandtheimpactitwillmakeontheirwork.
Therearecertainmusthavedevicesthataregoingtohavebroademployeeappeal,andorganisationswoulddo
well to recognise this up front, and put more focus on getting these devices incorporated into the corporate
framework.Theycouldalsoputinplaceprogrammestoencourageemployeesintogoingdownthatroute,with
sponsoredpurchaseprograms,corporate-leddealswithsuppliersorsimplyofferthosedevicesasperksofthejob
duringrecruitment.Thiscouldberuninasimilarmannertocompanycarprogramswheretheemployeeisgivenan
allowancedependentongrade,roleandneed,butcantopitupwiththeirownfundstogetadevicetheyprefer.
Whetherdevicesareprovidedbytheorganisationorownedbytheemployeeandusedtoaccesstheorganisations
resources,employeeshavetobemadefullyawareof theirresponsibilities.Aspartofthiseducationprocess,itis
importantthatemployeesreadandsignuptoanagreementthatoutlinesthecommitmentsoftheorganisationand
thereciprocalcommitmentsoftheindividual.Thisshouldincludetheconsequencesforfailingtoadheretothose
commitments,forexampleifemployeesmakeillegalorinappropriateuseoftheorganisationsresources.
To maintain control of costs and reap the benefits of mobile working, there needs tobe a closer relationship
betweenthoseresponsiblefortheemployee,thetechnologyinfrastructureandthemoneylineofbusiness,ITand
financialmanagement.Thisinvolvesallaspectsofthelifecycle;procurementtoobtainofferssothatthosemaking
employee-liable choices avoid paying high consumer tariffs, usage monitoring to ensure billing is accurate and
appropriatelyallocated,andensuringacleanbreakwhentheemployeemovesonortechnologychanges.
Thechallengeforanorganisationisnotaboutdecidingwhichroutetogodowncorporate-liableoremployee-
liablebutdecidingwhatstrategyandpoliciesitneedstoputinplacetomanagecostandrisk.
-
7/29/2019 BYOD - who carries the can?
14/16
BYOD who carries the can?
Quocirca 2013 - 14 -
References
1iPassQ4MobileWorkforcereport,November2012
2OfcomBusinessConsumerExperiencereport,2010
3iPassQ2MobileWorkforcereport,May2012
4LANDeskSoftwareITservicedeskresearch,September2012
-
7/29/2019 BYOD - who carries the can?
15/16
AboutTangoe
Tangoe(NASDAQ:TNGO)isaleadingglobalproviderofCommunicationsLifecycleManagement(CLM)softwareand
services to a wide range of global enterprises. CLM encompasses the entire lifecycle of an enterprises
communicationsassetsandservices,includingplanningandsourcing,procurementandprovisioning,inventoryand
usagemanagement,mobiledevicemanagement,invoiceprocessing,expenseallocationandaccounting,andassetdecommissioninganddisposal.TangoesCommunicationsManagementPlatform(CMP)isanon-demandsuiteof
softwaredesignedtomanageandoptimizethecomplexprocessesandexpensesassociatedwiththislifecyclefor
both fixed and mobile communications assets and services. Tangoes customers can also manage their
communicationsassetsandservicesbyengagingTangoesclientservicegroup.
Additional information about Tangoe can be found at www.tangoe.com. Tangoe is a registered trademark of
Tangoe,Inc.
-
7/29/2019 BYOD - who carries the can?
16/16
BYOD who carries the can?
AboutQuocirca
Quocircaisaprimaryresearchandanalysiscompanyspecialisinginthe
business impact of information technology and communications (ITC).
With world-wide, native language reach, Quocirca provides in-depth
insightsintotheviewsofbuyersandinfluencers inlarge,mid-sizedand
small organisations. Its analyst team is made up of real-world
practitionerswithfirst-handexperienceofITCdeliverywhocontinuously
researchandtracktheindustryanditsrealusageinthemarkets.
Throughresearchingperceptions,Quocircauncoversthe real hurdlesto
technology adoption the personal and political aspects of an
organisations environment and the pressures of the need for
demonstrable business value in any implementation. This capability to
uncover and report back on the end-user perceptions in the market
enables Quocirca to provide advice on the realities of technology
adoption,notthepromises.
Quocircaresearchisalwayspragmatic,businessorientatedandconductedinthecontextofthebiggerpicture.ITC
has the ability to transform businesses and the processes that drivethem, but often fails todo so. Quocircas
mission is to help organisations improve their success rate in process enablement through better levels of
understandingandtheadoptionofthecorrecttechnologiesatthecorrecttime.
Quocircahasapro-activeprimaryresearchprogramme,regularlysurveyingusers,purchasersandresellersofITC
productsandservicesonemerging,evolvingandmaturingtechnologies.Overtime,Quocircahasbuiltapictureof
longterminvestmenttrends,providinginvaluableinformationforthewholeoftheITCcommunity.
QuocircaworkswithglobalandlocalprovidersofITCproductsandservicestohelpthemdeliveronthepromisethat
ITCholdsfor business. Quocircasclients includeOracle, IBM, CA,O2, T-Mobile,HP, Xerox,RicohandSymantec,
alongwithotherlargeandmediumsizedvendors,serviceprovidersandmorespecialistfirms.
DetailsofQuocircasworkandtheservicesitofferscanbefoundat http://www.quocirca.com
Disclaimer:
Thisreporthasbeenwrittenindependentlyby QuocircaLtd.Duringthepreparationof thisreport,Quocircamay
have used a number of sources for the information and views provided. Although Quocirca has attempted
whereverpossibletovalidatetheinformationreceivedfromeachvendor,Quocircacannotbeheldresponsiblefor
anyerrorsininformationreceivedinthismanner.
AlthoughQuocircahastakenwhatstepsitcantoensurethattheinformationprovidedinthisreportistrueandreflects real marketconditions, Quocircacannottake anyresponsibility forthe ultimate reliabilityof thedetails
presented.Therefore,Quocircaexpresslydisclaimsallwarrantiesandclaimsastothevalidityofthedatapresented
here,includinganyandallconsequentiallossesincurredbyanyorganisationorindividualtakinganyactionbased
onsuchdataandadvice.
Allbrandandproductnamesarerecognisedandacknowledgedastrademarksorservicemarksoftheirrespective
holders.
REPORT NOTE:This report has been writtenindependently by Quocirca Ltd
to provide an overview of theissues facing organisationsseeking to maximise theeffectiveness of todaysdynamic workforce.
The report draws on Quocircasextensive knowledge of thetechnology and businessarenas, and provides advice onthe approach that organisationsshould take to create a moreeffective and efficientenvironment for future growth.