Bring your own device (BYOD) is the business policy of letting employees bring their own devices at workplace for doing work. The concept has gained popularity in recent years mainly due to the following reasons:
- Employees are more willing to spend on their devices as they have the ownership of the device.
- Maintenance and protection of these devices is taken better care of as the employees only will be liable for the losses if they happen to lose them.
- Enables employees to be more flexible and add more productive hours at work as they contribute more to the organization growth from anywhere, anytime.
- A correctly implemented BYOD policy can foster a culture of eagerness to work, producing efficient and productive employees as their needs are directly addressed by the company.
- Makes the organization a “fun” place to work.
- Reduces the burden of IT inventory maintenance such as commissioning / decommissioning corporate devices used for work. Subsequently, hardware purchase costs are also lowered down.
- A start-up, small or medium size company, can avoid high purchase costs for IT devices for its employees since employees can have the flexibility to use their own devices at workplace.
- The current smart devices often provide better processing speed and power for accomplishing the tasks better.
- Substantial savings are made on carrier/ISP charges with very little need to invest in elaborate corporate data plans for its employees.
However, it needs to be remembered that the corporate data which is residing on user’s own device remains the property of the company. Hence adequate protection measures need to be in place for protecting that sensitive corporate data.
The most common reason which causes the failure of successful implementation of any BYOD policy is that senior management and end users routinely fail to grasp the fundamental concept which drives the BYOD policy; it’s all about device ownership. BYOD fundamentally means that the ownership of device now resides with end-users instead of the organization. But ownership of corporate data will still remain with the company.
Going for the BYOD policy is an important business decision which will directly affect the growth of the organization. Just by going by the industry trend “Hey, everybody is doing it, let’s implement this in our organization” attitude can spell disaster for organization’s growth if no advance planning measures are taken place. For this, a strong business case is needed to reap the benefits of BYOD policy implementation. Senior management must accept the risk that by implementing BYOD, more avenues are opened for the data leakage from employees’ devices. Hence, appropriate solutions, tools and techniques to prevent and contain this business information leakage must be implemented as well.
For a successful BYOD policy rollout generating maximum return on business (ROI), we must follow these steps:
- Assess organization readiness and define leadership
- Develop BYOD Charter
- Setting up BYOD governing body
- BYOD IT Process Group
- Managing BYOD policy
- Post Deployment Support
BYOD might seem very attractive proposition at first glance, but it is advisable to exercise proper care during its implementation in your company. Left unhandled, BYOD can act as a constant fund drain for the organization.
Implementing BYOD policy seems inevitable in coming years as the technology advancement in “smart” devices helps the employees to achieve better productivity with flexibility at the workplace. No doubt, we do need clearly defined rules and accountability factors which should be enforced via legal and technological means for protecting the sensitive corporate data residing on people devices.
As nature of doing business is constantly evolves with technological advancement, it’s in everybody’s best interest to accept BYOD policy as it directly addresses the need to collaborate and communicate at times when it matters most. After all, when it comes to business; time is money!
Manasdeep currently serves as a Security Analyst in the Technical Assessment team at Network Intelligence India, Mumbai. His work focuses on conducting Security Audits, Vulnerability Assessment and Penetration Testing for NII’s premier clients.
He possesses strong analytical skills and likes to keep himself involved in learning new attack vectors, tools and technologies. He has flair in technical writing and shares his thoughts on his blog “Experiencing Computing…” at http://manasdeeps.blogspot.in.