Categories
Uncategorized

BYOD: Why employees hate it, how many do it without IT approval, and how to make it work

Why employees hate BYOD

pitchforks and torches

In a CIO article, Tom Kaneshige opens his article about the dislike of BYOD with a couple of examples where employees were “burned by BYOD”:

At a New York banking firm, a couple of executives lost their jobs because they didn’t report lost phones within 24 hours, in violation of a draconian BYOD policy. At a California law firm, the CIO knew every time one of its lawyers slipped away to play golf, exposed by watchful BYOD management software.

Employee issues with BYOD, as Kaneshige points out, isn’t so much about technology as it is about trust — or the lack thereof. People hate BYOD when it encroaches on their privacy, particularly with:

  • GPS location tracking, which many people liken to prisoner monitoring ankle bracelets,
  • App inventory, which can be a bit too revealing about your personal life: “No one wants to be approached in the cafeteria by a co-worker sympathizing with you about your cancer, just because word got out that you have a cancer-related app on your iPhone,” and
  • Bad user experience, which is worsening as more management and security controls are added to BYOD solutions, which are already viewed as electronic shackles.

What causes “Shadow BYOD”?

shadow it

Bad BYOD experiences or outright bans on the work-related use of personal mobile devices often lead to “Shadow IT” or “Shadow BYOD”, a term used to describe when employees use their own devices and applications for work and to access corporate resources without IT’s knowledge or approval. A recent survey by custom business application company TrackVia features these statistics on the mobile work habits of millennials, who are expect to make the majority of the workforce in a few short years:

  • Nearly 70% of millennials surveyed have admitted that they bring applications from outside the enterprise to support their work, such as Box, Evernote, and Google Drive.
  • 69% of millennials surveyed said that they never work with IT to select new business apps.
  • 60% of millennials surveyed weren’t concerned about corporate security when they used personal apps instead of corporate-approved apps.
  • 35% of millennials use their own apps to support use across different devices, something that the corporate-approved apps didn’t support.

You can see TrackVia’s complete survey results on their site, where you’ll find the infographic shown below:

rebels with a cause

For BYOD to really work, there’s got to be trust and training

lots of devices

“Like many other aspects of IT, BYOD operates across a spectrum from ‘definitely not’ to ‘anything goes’,” says Rob Bamforth, an analyst at the research firm Quocirca. “There will be some for whom BYOD is not the route to go down, principally due to concerns over their ability to implement effective data segmentation and access monitoring.”

Bamforth’s observation is important to keep in mind. A simplistic, restrictive, one-size-fits-all approach to BYOD is more than likely to backfire, as employees find work-arounds to such restrictions and as a result, expose the company to risk as they store company data in unsafe places, using unsafe apps, on unsecured devices. While there are certain lines of work where the security and liability requirements are too strict to allow employees to bring their own devices, most businesses can accommodate a BYOD program that balances security with usability.

SecureData’s head of cloud services, Alan Carter, suggests that setting mobile device policy should first. “Before even thinking about investing in technology, get the policy sorted. Doing it the other way around will result in anything but a perfect rollout.” We agree: an user base who’ve been taught about secure mobile use and who are working under a policy that treats them as intelligent people — and hey, if they’re not, why’d you hire them? — is as important a part of mobile security as any mobile device management solution.

Recommended reading

this article also appears in the GSG blog