Bring your own device (BYOD) is the name given to the rising trend of employees using the same kind of electronic devices they use at home (such as tablets and smartphones) in the work environment as well. Growth in this area is set to continue, with the BYOD market on course to hit almost $367 billion by 2022, up from just $30 billion in 2014.
61% of Gen Y and 50% of 30+ workers believe the tech tools they use in their personal lives are more effective and productive than those used in their work life, and so organisations are increasingly under-pressure from employees to introduce a BYOD policy.
But what are the pros and cons of a BYOD policy and what should organisations consider before they implement it? Find out more in this blog.
What is BYOD?
Bring your own device (BYOD for short) is the adoption of a policy which allows employees to use the same tech as they would at home but for work. With a BYOD policy, the worker brings their own device and uses it for work functions. This may include smartphones and tablets instead of the typical company laptop.
What are the pros and cons of a BYOD policy?
There are both positives and negatives to implementing a BYOD policy into an organisation. Here we outline both the pros and cons that you must be aware of when considering introducing BYOD practices, but many of these depend on the particulars of the policy and how it is implemented.
Pros of BYOD
Reduces the cost of technology
The cost of supplying technology shifts to the individual employee (who would usually own the technology regardless). This means the organisation is no longer responsible for device costs, service fees, data plans, and so forth. Many businesses offer a subsidy to employees to cover a portion of this, so both the employee and company benefit. Companies favouring BYOD make an annual saving of $350 per year per employee.
Makes employees happier
When an organisation requires their employees to use the technology they have provided, it then means more devices they need to carry around and learn (if different operating systems). For example, if an employee must maintain a work laptop and a work cell phone, but also have a personal mobile, tablet, and laptop, that’s a lot of devices to lug around!
Once more, people feel comfortable using technology they already know.
By forcing users into devices and operating systems they aren’t familiar with, it will likely affect both happiness and productivity. There is also less financial pressure on them to replace a work device that might be lost or damaged outside of work hours.
Benefit from the latest technology
Employees often have the latest technology in their homes already, whilst companies are less likely to buy the top-end models of devices and are also less likely to upgrade as regularly as individuals. This means the employee will benefit from features such as speed upgrades, high-quality photographs, storage, and so on, that may help them to carry out their role more efficiently.
Accepting the inevitable
Employees are most likely using their own devices anyway, so embracing a BYOD policy proactively will benefit the company as employees will more likely follow the company’s security procedures than when doing it ‘under the radar’. This gives organisations more visibility and control than turning a blind eye or rejecting BYOD initiatives.
Cons of BYOD
Potential of security threats
Organisations run the risk of surrendering a lot of control in terms of how devices are set-up. Because users can be a weak link in the cyber security chain and end-points vulnerable to infection, this poses a risk to businesses operating a BYOD policy. End-points are particularly vulnerable when users are roaming or at home due to potentially unsecure networks being connected with.
Mentioned previously as a positive aspect of BYOD, employees are likely to upgrade their own devices regularly. But there are some that won’t and are still using a laptop from 2010 or an original iPad, for example. This creates an inconsistency in the technology used and could mean that out of a team of 50 using their own devices, there are 5 different operating systems being used across 30 different devices. This can then create a difficult environment to provide efficient support should they need it.
Certain businesses may have specific software that is integral to operations or completing projects. BYOD creates an environment where the user may run into difficulty installing this software on their own device (related to the above point) and in a worse case scenario may not be able to install the software at all due to incompatibility. Although utilising the right SaaS solutions can be helpful to alleviating this issue.
What should organisations consider before they implement a BYOD policy?
There are technology solutions you can employ to help with implementing a BYOD policy. For example, you can use a Virtual Private Network (VPN) system for secure, encrypted access to corporate data across the internet. If you do so, quite often the VPN client software on each endpoint can be also be configured to enforce a policy on users’ devices to ensure the device is compliant with corporate policy (e.g. has the correct type and version of antivirus), and refuse connections on that endpoint, even if access credentials are valid, if the device does not pass these policy compliance checks. This creates visibility of the environment the user is operating in and ensures compliance with company policies.
Some organisations go one step further and establish what is know as a ‘zero-trust’ network policy. The term ‘zero-trust’ can mean different things in different contexts, but in this context refers to a policy whereby corporate sites are no more ‘trusted’ than a coffee shop, and all users must always employ encrypted VPNs and strong (multifactor) authentication to gain access to corporate data and applications, wherever they are.
In this scenario the traditional corporate security boundary shrinks, and where users and remote sites were once on the inside, as part of the ‘trusted’ domain, they are now on the outside, along with customers and the rest of the internet. Access to data and applications is always determined by authentication and user credentials, not by location.
Organisations also need to consider how their applications are set-up. For example, if an application is 100% web-based and using strong authentication and web application firewalls, it may not actually matter what device is being used to access it.
Assessing application security is an important step when considering whether to adopt the ‘zero-trust’ network approach described above, or anything similar in relation to adopting a BYOD policy.
It’s not just about looking at the end-users. It’s also about looking at what those end-users have access to and the environment that it sits in, and whether that environment has been secured for the possibility of users accessing it from an unsanctioned end-point. For many, this is a more viable approach than trying to regulate the endpoint itself.
Finally, look to partner with an organisation that has experience assisting companies make the digital transformation from traditional IT models to modern, flexible workplace environments. Contact one of our experts to see how we can help.