This is the thirteenth posting in my series on Bring Your Own Device (BYOD). In a recent post I looked at 5 myths about BYOD that I had come across a lot. Kenneth quite rightly pointed out that I had looked at only technology related myths, and challenged me to look at more business related ones, as he believed that they were just as important. He is quite right, though because of my day job I wasn’t running into as many of that kind of myth. He helpfully got me started with some suggestions in a comment on my BYOD myths post.
I can use my BYOD device for work without changing a thing. You won’t be able to use your personal device in exactly the same way for work as for your personal use. At the very least you will have to modify your behaviour, as the risks and concerns are different. You may have to put up with passwords, or more complex passwords. You may have to install special software and use that for certain tasks rather than your favourite email client. In short, there will be some change. It may be minor, or it may be major, depending on the organisation and their approach to BYOD, but there will ahve to be differences.
BYOD saves money. BYOD doesn’t in and of itself save your organisation money. In general any money that you might save from not having to purchase devices will be more balanced out by the additional cost of supporting BYOD, higher telecommunication costs, and the costs of any technologies needed to deliver functionality. I have been convinced that you can save money by using BYOD, but only if that is your primary aim and you pursue it aggressively.
There are no real security issues with BYOD. Many people outside of IT wonder what all the fuss is about. They do not understand the signifcant security risks that are introduced by the use of smart mobile devices. These include the installation of malware that can steal information or use of costly services; the removal of corporate data from a compromised device; or unauthorised people accessing corporate applications or data. These risks are real and encountered everyday. For a look at some of the risks and scenarios around security of mobile devices you can look at some material from Trend Micro here, or for a higher level look at the kinds of threats faced by mobile devices you can look at this material from the Cloud Security Alliance here.
You can’t do BYOD as the security risks are too great. Let’s not beat about the bush: as we’ve seen above there are significant security issues with BYOD. They are, however, only marginally greater than the security risks associated with centrally provided mobile devices. It is true that there are additional challenges in providing solutions that address those risks for BYOD, but in most cases I think those challenges are worth it because of the business benefits that can be derived from BYOD.
I can choose not to do BYOD. Chances are that your staff are already bring their own devices to work. If you don’t have a formal programme in place, then they will be doing so in a way that you have no visibility over, have no control over and will struggle to influence. You don’t have a choice about whether BYOD will happen, you just have a choice as to how you will react to it.