We’ve seen the idea of BYOD grow from one person who began finishing their work on the tablet that was being carried back and forth to work, to company policies being created. It was a simple idea: “if I use my own tablet or smartphone, I can work on a project while I’m on the commuter line going home.”
Of course, once several people got on board the BYOD train it began to pick up momentum and as mentioned, companies now have policies concerning the corporate use of BYOD. If you’re an old IT manager, as I was, the first thought that most likely came to your head was, “How am I going to keep all these devices secure?”
Naturally, what the CIO wants is that you are responsible for your own device. This means that if you want to use a BYOD then it is your responsibility to make sure that all the data, as well as the corporate home front, is kept secure.
A recent article in Network World (News - Alert) asks the question of how this can be achieved. It seems they are looking at the two most common forms, but those two suggestions that are antithesis ideas are to have the CIO’s hand on a kill switch, or reward the worker by issuing a stipend that goes toward paying their mobile bill.
As you can see, one scenario is incredibly harsh, while the other is a reward of sorts, which brings us to the question, stick or carrot? Which do you think will offer greater compliance to company policy? AdaptiveMobile (News - Alert), which is a company that deals in mobile security, recently released the results of a survey that looked at 500 companies and employees to find out how secure both ends are.
The survey found that 80 percent do support BYOD. Unfortunately, it also found that about 50 percent of the companies experienced a breach in security within the last 12 months. We are not just talking about a peek at information; one company included in the study lost $80,000 when its financial database was hacked last year via a mobile device.
You can see that the risks involved in using a mobile device on an unprotected network are incredibly high. In fact, Centrify, a company that provides Unified Identity Services across data center, cloud and mobile, surveyed more than 500 employees at mid-to-large companies, and found that just less than half (43 percent) have accessed sensitive corporate data while on an unsecured public network.
This is the type of response that forces CIOs to think about using the stick method. Consider that Centrify’s survey found that personal account information or passwords were compromised for 15 percent of employees. The same amount feels that they have no minimal responsibility to protect data on their personal devices.
This is a case of a small number of people who do not want to follow the rules making it hard for the majority. With 15 percent feeling no obligation that means that 85 percent could lose the option of BYOD if all companies decide that is the way to go. The most extreme case would be that these employees could be fired.
One of the hard decisions that a CIO could make is to possibly include a corporate kill-switch on the employee’s mobile device. According to AdaptiveMobile, more than 60 percent of the surveyed companies already have a kill-switch function and lock device capabilities. The thing is that this is something that the employees are not aware of.
Gareth Maclachlan, chief commercial officer and co-founder at AdaptiveMobile, said "Companies already have more control and visibility than people realize as shown in our research, from monitoring apps installed through to potentially locking or resetting a device."
This, of course, brings up another interesting point which is, does a company have the right to do that? If you were to give them permission, then the answer would have to be yes. The way that most corporations are getting away with getting this permission is with a consent form.
Your company sends you a long (in very small print) BYOD policy request that you need to confirm. Like most people, you scroll down to the bottom and click on “Agree.” Somewhere in that lengthy document you gave the CIO permission to lock or kill your smartphone.
This is a method of trying to get your employees to abide by corporate policy that not everyone is in agreement with. Jeff Rubin, who is vice president at Beachhead Solutions, feels that "If company policy, agreed to in writing by the user, allows for the corporate administrator to kill the device when compromise is feared, then the company will own the kill switch. But obviously this is exactly the type of Big Brother action that inhibits the expansion and use of BYOD, because users may rightly feel that only they should control the fate of their devices."
If you think about it, doesn’t this actually defeat the purpose of BYOD? The acronym stands for bring your own device; if the company controls it, doesn’t it make it a company device? If the company does have a kill switch, or can wipe out the device’s data, what data will be erased? Will they have the right to delete emails, texts and contact lists in addition to company data? You can see the number of questions that something like this raises.
If we jump to the other side of the spectrum, we have the concept of rather than penalizing you for not following the rules, rewarding you for following them. Does money really talk? One company that believes it not only talks, but it actually shouts is Cass.
Josh Bouk, who is vice president of sales and marketing at Cass's expense management division, believes that money has a lot to say. Cass helps its employees and encourages the use of BYOD, so much so that they have created a portal for employees to enroll and accept a company's policies, go through an eligibility process and receive an appropriate stipend.
To make it even more appealing, Cass’ carrot bypasses expense reports by making the stipend show up on the employee’s phone bill. This means that all the employee has to do is comply with company BYOD policy to reap the rewards. Of course, if there is no compliance, then there is also no stipend.
This is an issue that has enterprise Mobile Device Management products from companies like MobileIron and Fiberlink, which was acquired by IBM early this year, making a huge impact. The thing is that thanks to the proliferation of BYOD, this always-connected, everywhere collective now spans the generations. By that I mean that as a workforce, at one time, we only had to be concerned with being connected while in the office. Once you left the office, you left your connection behind and in most cases, your work.
It actually benefits a company to have their employees always connected and BYOD has certainly accomplished that. Trying to find the method of having the employees adhere to the policies in order to ensure that the company is secure and another $80,000 mishap does not reoccur is something that can go either way. Which would you prefer, the stick or the carrot?