Organisations have yet to master BYOD policies – survey

19 Dec 2012

Richard Absalom, analyst with Ovum's consumer impact technology practice

With 57pc of employees saying they use a smartphone or tablet to access company data, IT departments need to work with users in the business to meet the challenges of the ‘bring your own device’ [BYOD] trend.

Of that number, only 20pc said there was a company policy in place to deal with the mobile devices. The findings come from a survey conducted by technology research house Ovum which polled more than 4,000 full-time workers across 18 countries.

Ovum has also polled IT departments and found mixed feedback. “What we do know is that people are coming around to understanding that they have to deal with this in some way. They know it’s on the horizon,” said Richard Absalom, analyst with Ovum’s consumer impact technology practice.

Absalom is the keynote speaker scheduled for the Enterprise Mobility Summit taking place on Wednesday, 23 January, at the Croke Park Conference Centre. The event aims to address the issues surrounding the fast-growing trend by giving business decision makers and IT leaders guidance on how best to make the trend work in their organisations.

“There is a real mix between early-adopting CIOs and IT departments who are taking the bull by the horns and putting a business case forward and the majority who, to be honest, are still working out a policy on this and finding a way to address it,” Absalom told  

BYOD management

In businesses where BYOD isn’t managed yet, the first step is to ask questions about how the devices are being used, Absalom advised. That begins at all levels of the company and not just among senior management.

“The first thing is to engage the workforce. This is a consumer-driven trend,” said Absalom. “There’s no-one-size-fits-all policy – every organisation is different, and has a different risk and usage profile. You have to have the right set of questions.”

There are proven technologies for managing mobile devices, said Absalom. However, focusing purely on technology to manage the problem isn’t the answer. “Any kind of policy goes beyond technology, it becomes part of a corporate employment contract,” said Absalom.

The kinds of issues CIOs must address include whether the business has the right to protect data if it’s stored on a device the employee bought for themselves, and whether it’s allowed to remotely wipe the device if it’s lost or the incorrect password has been entered.

Staff contracts should make it clear if the business intends to monitor or access files on a tablet or smartphone belonging to a member of staff. “You have to protect any corporate data which could be personally sensitive, but if you’re going to lock down someone’s mobile device, then you have to respect the privacy rights of employees, so you have to tread a fine line,” said Absalom.

“It’s not just from the security point of view. Look at this from the long term. We see a fair amount of panic buying, where the reaction is to get everything locked down as much as possible. You have to deal with it from a security point of view but there’s actually a real opportunity here in terms of business benefits, and employee productivity and engagement,” he said.  

He said IT teams should work with HR departments to ensure staff are made aware when a BYOD policy is introduced.

“Because this is a consumer-driven trend, you need to work out what your employees are doing with the data. It’s always going to be a compromise between managing corporate data and keeping employees happy. There has to be a bit of give and take on both sides,” he said.

Above all, IT teams should consider BYOD in a wider context than purely securing the device. “Don’t just think about security, but about how you let people do their jobs better by giving them access to the tools and apps they need. Like any change it’s obviously going to cause risks and there will be issues, but I think the clever IT leaders will work out how to turn it to their benefit,” said Absalom.

Gordon Smith was a contributor to Silicon Republic