Since BYOD (Bring-Your-Own-Device) was introduced to the business world, organizations both public and private have been trying to identify ways that it can be leveraged for cost savings or revenue-generation. One of the prevailing opinions about BYOD is that it must be tailored to the specific organization; there is no “one size fits all” BYOD policy. However, as organizations implement BYOD and develop standards to support success, consistencies have been found.
The United States Government has released a “toolkit” for supporting federal agencies during BYOD implementation. The guideline is a standardization of the processes in use in the private sector that are simply explained to ease adoption. The points seem relevant to other types of organizations and across industries. The three main points are quoted below, with boldface added to important points by IAITAM:
BYOD is about offering choice to customers. By embracing the consumerization of Information Technology (IT), the government can address the personal preferences of its employees, offering them increased mobility and better integration of their personal and work lives. It also enables employees the flexibility to work in a way that optimizes their productivity.
BYOD can and should be cost-effective, so a cost-benefit analysis is essential as the policy is deployed. Such a cost-benefit analysis should take into account both potential increases in employee productivity and potential cost shifts. For example, providing employees access to government services on their personal devices should help reduce the number of government devices that are provided to staff as well as the life-cycle asset management costs associated with these devices. BYOD programs may, however, necessitate government reimbursement for voice/data costs incurred when employees use their personal mobile devices instead of government-issued mobile devices and additional enterprise infrastructure costs in handling the support of BYOD users. Additionally, overall costs may significantly increase for personnel who frequently communicate outside of the coverage area of their primary service provider and incur roaming charges.
Implementation of a BYOD program presents agencies with a myriad of security, policy, technical, and legal challenges not only to internal communications, but also to relationships and trust with business and government partners. The magnitude of the issues is a function of both the sensitivity of the underlying data and the amount of processing and data storage allowed on the personal device based on the technical approach adopted. Generally speaking, there are three high-level means of implementing a BYOD program:
- Virtualization: Provide remote access to computing resources so that no data or corporate application processing is stored or conducted on the personal device;
- Walled garden: Contain data or corporate application processing within a secure application on the personal device so that it is segregated from personal data;
- Limited separation: Allow comingled corporate and personal data and/or application processing on the personal device with policies enacted to ensure minimum security controls are still satisfied.
There are other examples and more specific policies as well as a complete explanation of the State of Delaware’s BYOD program on their website.
These points describe an expectation for certain issues, decisions and values from BYOD. Perhaps the often difficult operation of BYOD in organizations may be beginning to standardize. There will are organizationally-specific considerations, but the concept of BYOD is maturing and taking shape in a fairly standard way across multiple business sectors. Similar expectations and processes across organizations is often one of the first indicators that widespread adoption is just around the corner.