Many organisations, especially in the Caribbean, have informal Bring-Your-Own-Device arrangements. Although there may be cost saving benefits to such arrangements, there are a number of far-reaching consequences that should be considered.
Historically, an individual’s first exposure to IT was either in the work place or at school (university or college). The equipment was expensive, and was not readily affordable to the average household. As a result, equpiment (and even software) manufacturers catered almost exclusively to the needs of the business sector in terms of the features and functionality of their product offerings.
Over the last decade, computing equipment have become more affordable. However in the last five years or so, heralded by the release of the iPhone, there was a distinct change of focus to towards developing products primarily for the mass market, which has been loosely refrred to “IT consumerism”. As a result, the needs and interests of the consumer markets are driving IT innovation, and new developments are being targeted at that market first, and thereafter the private and public sectors.
With more individuals being able to afford technology, the phenomenon, Bring Your Own Devices (BYOD), where employees use their own personal devices – such as mobile/cellular phones, smartphones, tablets and laptops – in the workplace, has begun to emerge. On first thought, organisations, especially those in the Caribbean, might welcome this changing paradigm, as it could signal reduced expenditure and a changing obligation to provide ICT equipment to employees. However, there are a number of implications that employers ought to consider, some of which are highlighted below.
As indicated above, organisations might initially be quick to accept and implement a BYOD policy, due to the savings that may be realised from not having to supply employees with devices, and to varying degrees, subscriptions to telecoms services. However, there is a wealth of equipment choices and platforms from which employees can choose. As a result, instead of supporting one platform, such as the BlackBerry Enterprise Server, an organisation should be prepared to invest in a number of additional platforms in order to provide their employees with the requisite interface to successfully connect to the company’s network.
With very few exceptions, organisations typically seek to maintain control over how their resources are accessed and used. Hence a particular focus of most IT departments is establishing and maintaining a suitably rigorous security framework that governs connectivity to the workplace’s network and equipment. However, in a BYOD context, the integrity of that system could be greatly undermined by the differing security features and options offered by the employee’s choice of equipment.
As highlighted in The future of the enterprise-ready smartphone, some of today’s popular portable devices might not be particularly suited for the corporate environment. Their greatest challenge is that they have limited security and management features, which might be due in part to a focus on the mass market, or a particular demographic, rather than on the needs of the corporate client.
The incorporation of additional platforms and Operating Systems into a existing enterprise network has implications to an organisation’s IT department, or the team that maintains the network. With the introduction of a BYOD policy, provision must be made to upgrade and broaden the skills and expertise of IT personnel to ensure proficiency with the other platforms and their coherent integration into the existing system. Additional training might be necessary, but organisations may also need to secure new specialist skills to address their changing IT needs, which will also have financial implications.
Acceptable use policies
In many organisations, it is the norm to establish policies that govern the use of its equipment, Internet access, and its email facilities. Many of those policies aim to establish what might be acceptable use within the workplace and with an organisation’s resources. However, as reflected in 7 useful tips when implementing policies for Internet/email use, the premise of such policies is that the employer has supplied employees with certain facilities, and thus can stipulate certain conduct. However, in a BYOD setting, the organisation might find it difficult to dictate what might be acceptable use of an employee’s own personal device.
Coupled with the implications for network security, it is also important to consider the impact of BYOD policies on data security, especially in environments that might have established compliance measures. Examples where stringent measures usually exist are in financial services and health care sectors, but it would also include any industry where organisations must manage personal or highly sensitive data. In a BYOD setting, an organisation might not be seen as have ultimate control of that data, since is does not own, and would have limited control of, the devices used to access and manipulate that information.
The situation becomes even more acute when an employee leaves an organisation. Data may need to be retrieved from that employee’s devices. However, when the employee owns such facilities, it can again be problematic to maintain the integrity of any information security and management system that has been established.
Although it can be argued that the above points make an excellent case not to pursue BYOD in the workplace, the truth is that the BYOD trend is growing. Many organisations already provide their senior managers with smartphones and/or tablets (usually as a perk), but usually cannot afford to provide such amenities to their mid-level and lower tiered staff. However, it is often a de facto practice, especially in the Caribbean, for organisations to piggyback on the fact that employees have their own devices, and expect them to be used in the conduct of the organisation’s business.
Having said this, it is strongly recommended that organisations develop a clear framework for any BYOD scheme it supports. The issues outlined above should have highlighted some of the ramifications of BYOD, be they formal or informal, on both the integrity of an organisation’s information network, and its operations. Hence a comprehensive examination of the issues, corporate imperatives and priorities, the interests of employees, along with the trade-offs that must be made, can lead to a workable policy to the mutual benefit of all concerned.