For the past two-three years, Bring Your Own Device (BYOD) has been a hot topic for government IT leaders. In May 2013, Gartner called BYOD “the single most radical change to the economics and culture of client computing since PCs invaded the workplace” – even predicting that by 2017, 50 percent of employers will require employees to supply their own devices for work purposes.
More recently, there seems to be cooling enthusiasm for BYOD as issues and trade-offs become more apparent. Governments, in particular, have been slow to implement BYOD. Both the U.K. and U.S. government guidelines are cautious, with one U.K. report noting that “while BYOD strategies are possible for public sector organizations, they are not recommended.” Canadian government CIOs have likewise been generally cautious, with a few noteworthy exceptions (e.g., City of Mississauga).
Although a BYOD strategy could be applied to any device, it has generally been focused on smartphones and tablets due to:
- Ubiquity of such devices (everyone has one) and associated desire to avoid having two devices, one for work and a second for personal use;
- Lack of a dominant platform and associated strong user attachment to the platform/device of their choice (Apple, Android, Windows, Blackberry).
Suggested benefits of BYOD include:
- Employee attraction or retention (especially younger employees) – although surveys indicate that while BYOD may increase job satisfaction, it doesn’t necessarily influence job choice or retention;
- Since users may get the latest technologies first (and upgrade more frequently), the organization can benefit from newer features and capabilities;
- Users can have the devices they prefer and on which they are most productive;
- Users can configure their own devices – potentially relieving IT of this responsibility. However, suggestions that BYOD can reduce IT support seem unrealistic. Some support is inevitable, especially for senior staff, and may be more complex given the range of devices, operating systems and applications;
- Potential for cost savings. Generally, the employee should purchase/own the device with the company covering a portion of usage costs – consistent with CRA rulings that suggest no taxable benefit for reimbursement for “reasonable voice and data services required for employment purposes.” Any cost savings may, however, be offset by increased costs required to maintain security and protect government information stored on such devices – e.g., licensing and implementations costs for Mobile Device Management (MDM) solutions.
Resistance to BYOD arises primarily from security concerns, including fear of losing sensitive data or intrusions resulting from improperly protected devices. Unlike corporately-owned devices, personally-owed devices will inevitably be used for both personal and work related purposes – meaning that the device will likely contain personal-use applications not previously approved by the organization, as well as a mix of both corporate and personal information (with associated privacy and liability implications).
One approach to addressing such concerns involves partitioning the device into corporate and personal partitions (“containers”), allowing tight control over the corporate partition with increased flexibility on the personal side. This approach (supported by various devices/applications) can allow remote wipe/reset of the corporate side without touching personal information (e.g. if the device if assumed lost or stolen). Similarly, it can allow access to corporate data (e.g., for a discovery process), without compromising the employee’s personal information.
Overall, in considering BYOD solutions, CIOs must balance their desire to respond to employee needs/expectations against corporate expectations for security and protection of sensitive information. These are not easy trade-offs. While it seems likely that BYOD may eventually win out, especially for smartphones, this will only occur when security and device management solutions have matured sufficiently to address current concerns. In this context, Gartner’s 2013 prediction seems overly optimistic.