The document discusses the BYOD (Bring Your Own Device) trend and its evolution from BYOD to BYOT, bringing additional challenges for companies. It notes that BYOD started as an effect of technology democratization rather than a business need. Companies now need to develop BYOD policies to address security concerns around personal and business data separation and access to internal infrastructure, as well as flexibility with diverse personal devices and technologies. The best way for companies to provide security is through a comprehensive BYOD policy and tools like MDM for mobile device management.
1. IPnrSaicgthictasl
The term BYOD is expanding its scope, including
not only devices, but also cosumer-oriented
technologies, like apps and cloud services (i.e.
Google Docs or Microsoft Skydrive). The term
is evolving from BYOD to BYOT, making things
more challenging for companies and their IT
departments.
BYOD:
Highlights of “Consumerization”
At this phase of the information age, technology evolves and buzzwords and new concepts arise.
Moreover, in recent years, the increasing role that technologies play with human interactions is
creating the same effect in a wider, new space: the social space.
BYOD—Bring Your Own Device-- is one of these effects. It is a social hype, and not necessarily a
business phenomenon. This is because it has been not originated as a need of the corporations
itself but as a natural behavior of its employees, collaborators or even clients.
The concept of “Smartphone”, originally exploited by BlackBerry for business purposes, rapidly
began to expand for personal use. Devices improved and became more flexible, allowing users
to do even more with apps and functionalities than ever possible with a typical voice and email
communication on a feature phone. Mobility, though not new, is a concept that rapidly exploded,
putting information in the hands of practically “any” user.
Along with these phenomena, people started to bring their personal devices to work, preferring
their own devices over the one provided by the company for business purposes. This was further
propelled as the lines between work and personal needs blurred as employees had to be always
connected as a part of a global, mobile workforce.
Thus, BYOD didn´t start as a business need, but rather as an effect of the “democratization” of
technology. Thus, a new buzzword is born: “consumerization”, which could be defined as the
consequence of bringing consumer technology to the workplace, and using it for both personal
and work-related matters.
The term BYOD is expanding its scope, including not only devices, but also consumer-oriented
technologies, like apps and web services ( Google Docs or Microsoft Skydrive). The term is
evolving from BYOD to BYOT, making things more challenging for companies and their IT de-partments.
Rodrigo Rey
Corporate IT Director
2. “IT Departments have to develop an answer to organize the expon ential
growth of business and personal data of employees, collaborator s,
consumers, and not only corporate users. ”
‘Practical InSights’ is a Neoris publication. This material shall not be reproduced or
copied in whole or in part without Neoris’ express consent. Neoris is a business and IT consulting
company specialized in value-added consulting, emerging technologies and outsourcing solutions.
Headquartered in Miami, Fl. Neoris has operations in the U.S., Europe, Latin America, Africa, and
the Middle East. For local office information, please visit us at www.neoris.com
703 Waterford Way. Suite 700. Miami, FL 33126
Phone: (1) 305-728-6000 / Fax: (1) 786- 388-3139
Under this reality, the challenge for companies is to
give answers to this practice that is silently overtak-ing
the work landscape. And these answers have to
address two main aspects:
1) Security: this consideration brings three important
issues to the discussion:
a. Mobile Data Protection: Users who bring their
technology to access at work , build content and
store business information on their devices or other
services, like cloud storage solutions.
b. Separation of personal and business information:
Users held personal and work related information
on the same device, and this could imply risks to
the confidentiality of business information contained
in the device.
c. Protect internal infrastructure: Devices with access
to company ‘information, resources and network,
might encourage cyber criminals to use these devices
as a bridge to grant access to the enterprise infrastruc-ture.
2) Flexibility: Users bring different devices and other
technologies (like web services), and on the other
hand, companies need to manage this flexibility with
proper administration practices.
a. Diversity of Devices and Technologies: Devices
with different operating systems, mainly Android,
IOs and Windows, and thousands of apps down-loadable
from safe and known sites (like iTunes)
and other app stores are not necessarily secure.
b. Understand User Profiles: Users are different
and there is no “one size fits all.” It is important to
understand the different users’ profiles and needs,
and based on these aspects define eligibility for a
BYOD program.
Some statistics:
This trend is global. Although with some variations
in different geographies, the pattern is undoubtedly
able growing. Analysts such as Forrester reported
in Q4 2012 that in India for zexample, nearly 75%
of employees use their own smartphones, mobile
apps and online services or subscriptions for both
personal and work-related purposes. In the case of
tablets, this percentage drops to 62%.
In other geographies this trend is confirmed. Gartner
surveyed employees of companies of different indus-tries
around the world, concluding interesting results
the U.S., 55% of employees use their personal
Smartphone for work purposes, while in Brazil the
percentage raises to 71%. On the other hand, Euro-pean
countries show more conservative numbers.
But the common factor, in any case, is that the
trend is growing.
Gartner , for example, estimates that by 2015, the
number of employees using mobile applications in
the workplace will double. And by 2017 half of em-ployers
will require employees to supply their own
device for work purposes. In terms of administration
costs for companies, by 2016 the typical organiza-tion
will spend over $300 per year per employee
on mobile applications, security, management and
support.
Are there real benefits of adopting a BYOD program?
As it was expressed above, BOYD is a product of
a modern social behavior more than a business re-quirement.
Some analysts that defend BYOD mention
several of benefits directly or indirectly associated to
this trend:
• Bring your own device (BYOD) drives innovation
for businesses by increasing the number of mobile
application users in the workforce.
• BYOD improves employee satisfaction, given the
possibility for each employee of using the technology
that best fits his/her needs. And this satisfaction could
impact improved productivity.
• BYOD could lead to costs reductions, depending
on the extent of the program implementation, the
local culture and regulations.
The realization of these and other benefits will
depend on the way a company could implement
a successful BYOD program, and positive results
could be reinforced or mitigated depending on the
company´s DNA or culture.
What are companies doing to respond to this growing
trend?
IT Departments have to develop an answer to orga-nize
the exponential growth of business and personal
data of employees, collaborators, consumers, and
not only corporate users.
Under this situation, companies need to address the
challenges of BYOD by developing and implement-ing
a solid BYOD policy. This policy is prepared jointly
with IT, Legal, Finance and HR areas, addressing all
the possible aspects and impacts described above,
and additionally considering local regulations.
This policy should take into account the following
considerations:
1) Define type of users. Usually called “persona
analysis” shall be executed to ensure a proper iden-tification
of different profiles and user needs, and
then define the level of involvement that these users
will have in a BYOD program.
2) Define eligible devices and technologies: not all
devices or technologies are appropriate to ensure
an acceptable level of security required to deal with
companies’ critical information out of enterprise fa-cilities.
3) Establish authorized apps stores and download
sites: the policy shall clearly prohibit “hijacking” of
mobile devices or download apps or information
from non-secure sites. Moreover, some companies
could provide exclusive company stores for apps,
disabling or limiting the possibility of downloading
apps outside this company´s apps store.
4) Define conditions and criteria to access business
data.
5) Besides the policy, companies should implement
a system to ensure the remote administration of
devices allowed to connect to business information
resources. This solutions should provide (as a mini-mum):
a. Information wipe-out in case of robbery or lost.
b. Allow download of only permitted apps.
c. Data “containerization” (in order to keep separated
personal and business information).
Companies need to respond to the BYOD phenome-non
not only by granting access to employees who
want to have their email on their personal devices.
Security is an important concern and should be
addressed as soon as the implementation of a
BYOD program is decided upon.
The best instrument to provide security is a BYOD
policy. After implementing a first version of the
policy, the next step is to analyze tools that could
help companies to ensure compliance to this policy.
These tools are known as MDM (mobile data mana
gement) and allow a proper management of business
information during the day-to-day activities and un-der
remarkable situations, such as loss or theft of
the device.
Companies need to respond to BYOD
phenomenon not only by granting
access to employees who want to
have their email on their personal
devices. Security is an important
concern and should be addressed
as soon as the implementation of a
BYOD program is decided upon.