BYOD - Run What Ya Brung

By Chris Walker posted 05-30-2012 22:18



In the interests of full disclosure; I use a corporately issued laptop, a self-provisioned smartphone (employer pays service), a self-provisioned tablet, and a personal laptop. My tablet, while being hugely convenient and making my life easier, is not necessary for me to live or work. This post was written on a laptop and a tablet. I used MS Word and OnCloud to write it. The Word file is stored on Google Drive. Yeah, I believe in BYOD (Bring Your Own Device). I also think the cloud’s a good thing.

One day I’d really like to see what percentage of the overall workforce really needs to bring their own device to work, or would even benefit (need vs want) from doing so. 9-5ers, bank tellers, receptionists (can we still call them that?), gov’t front counter staff, fast food employees, gas station attendants, call centre staff, billing clerks, accounts payable clerks, refuse collection agents, ... these and a whole bunch more jobs have no stake in BYOD.

Anyone whose work ties them to a desk, executing fairly structured tasks can get by quite nicely with whatever hardware their employer has plunked down for them (assumes that HW and apps are suitable for the job). Oh, they may want to bring in their tablets or smartphones, load up on apps, and do their work from the sidewalk while having a cigarette. But I really don’t give a rat’s ass and neither should you. Can you honestly tell me that someone who processes invoices is going to benefit from being able to do so on a tablet instead of on a PC? I thought not.

Don’t get me wrong; I am not diminishing the value of the jobs that people do or what they contribute to their organizations and/or society at large. What gets me is this whole consumerization of IT thing that’s going on. The next time you hear “I have such cool gadgets at home, why can’t I have them at work?”, consider this answer; “YOU DON”T BLOODY NEED IT!!!”. You know what they need? They need the right information, proper training & support, a decent organizational culture, paths for self-fulfilment, and recognition that what they do means something.

On the other hand, there are many job functions that can definitely benefit from BYOD. Most of you reading this are probably in one. I’m in one of those roles, but there’s still lots of stuff that I need to do at work that can’t get done on my phone or tablet. When I say that, I mean it’s either just not possible or so cumbersome as to be not worth the effort. Taking meeting notes, writing docs, & emailing are all pretty good on my tablet, a little less so on my phone. Running demos, drawing diagrams, entering timesheets, and doing expenses just can’t be done. That does not mean I will give up my tablet or phone. Hell no! What it means is that unless my job changes I am going to have to be content with running multiple devices to get my job done. Oh, I could just go back to using only my laptop, but that would be silly.

Assuming BYOD is the right path ...

Security and privacy are major concerns. What’s going to happen if someone loses their tablet or phone? What’s going to happen if there is a discovery order or FOI request and employee procured devices are in scope? Employees who use their own devices are going to be accessing & storing corporate content as well as personal content on the same device. Some of them are going to let friends and family use those devices for all sorts of stuff. You can’t tell your employees not to because they paid for the devices. What are you gonna do about it?

One of the really nice things about having a tablet or smartphone is that I can be mobile. That means that I don’t need to be connected to my corporate LAN and I can still get the stuff I need to do my work. Not all the stuff, but most of it. It’s not just content that I’m referring to, it’s applications as well. If you’re going to make a move to BYOD it’s on your shoulders to make sure that your team has access to the content, applications, and processes that they need to do the job. If your BYOD is limited to a single platform (e.g.: iOS) you may be lucky because you’ll only need to provision apps that work on a limited set of devices. If, however, you’re going true BYOD, well ... you could run into some difficulty. Not only are you going to have to deal with security and privacy issues, you’ll also have to get into the app development business, unless there are already apps available from the usual sources (which I really doubt). I’ve used apps developed by organizations that theoretically work across multiple devices; many have fallen short and the user experience simply sucks. Think of them as additional UI’s and functions that you’ll need to build, maintain, and support.

Another nice thing about BYOD, depending on your perspective, is that lotsa people have their favourite device(s) with them pretty much all the time. That means they can respond to stuff from bed, the beach, while watching TV, while watching the kids at the playground (saw this woman almost get smoked by her kid on a swing while she was occupied with her iPhone – yes, I would have laughed), what/where/whenever. It’s really cool that you can get someone to respond at anytime, but remember that YOU ARE INFRINGING ON THEIR PERSONAL TIME. Granted that it’s likely their fault because they’re using the same device to watch Formula 1 videos on Youtube and respond to RFP’s but you can’t do anything about it because I bought the device so there. Nyah. Nyah, nyah! Sorry. Anyways, there are times that folks need to respond immediately, and BYOD certainly facilitates this. But, there are also time when folks need to chill without worrying about work. You’re the boss so I expect you to set the right tone and provide the right example.

So what’s my point? BYOD is a good thing in the right circumstances. Refuse collection specialists won’t benefit, but knowledge workers and field staff likely will. It’s also a pretty safe bet that if you allow your people to work with tools that they actually like and see as cool, they’ll be a bit happier and maybe even a bit more productive.

BYOD is appropriate based on the role, not the organization. In my job as a consultant it’s perfectly reasonable to allow me to use whatever device I choose. However, the same can’t be said for the people that process invoices, even though they bring as much value to the organization as anyone else. Have at ‘er and consider the following before going all BYOD:

1.       Are devices your major issue? You’re freakin’ lucky if they are. Most orgs have way more serious stuff going on than what can be solved by allowing someone to do their job on a tablet.

2.       Can you secure your stuff properly? My wife doesn’t want to see quarterly sales projections and my boss doesn’t want to see my wife & I [fill in the blank with whatever you want, you dirty devil, you].

3.       Do you want to get into app development? You do? How many platforms & form factors & screen sizes/resolutions do you want to develop for? Oh, and support? And maintain?

4.       Privacy. Closely related to the security thing. Yes, they are different. Go look it up if you don’t believe me.

5.       If you go BYOD, can your users still access everything they need to do their work?

6.       What’s the impact to employee working hours going to be? They’ll have the gadgets with them 24/7, will you expect them to be available/reactive 24/7? Shame on you if you will.

I’m not saying that BYOD is a bad thing, just think about it a bit before you commit.

#privacy #InformationGovernance #BYOD #Security #tablet #mobile #content #access #smartphone


06-22-2012 14:08

Yeah, so, my subject above was missing a few characters ... it's Friday and my fingers moved faster than my brain. Unfortunately I can't edit my comment once posted, so the intended effect between the subject and content are now an incongruent mess. Bleh.

06-22-2012 14:03

For me, the underlying control concerns are what annoy me about most of the current “consumerization of IT” stories and topics, like BYOD, and dare I say it, Big Data. In a lot of ways, “consumerization of IT” just means that users finally won the war. They beat the company down to the point where IT’s overlord status has been dramatically diminished. I’m okay with that, for the most part. IT should support the business, not construct artificial barriers to getting the job done because to do it the way the user wants to do it would be hard (to develop/procure, to implement, to maintain). BUT, IT is still the organization who is charged with deploying appropriate security and privacy controls – TO ENABLE THE COMPANY TO ACHIEVE ITS GOALS – so they can’t be left out of it entirely; and IT can’t just toss up their hands and say “whatevs, users, do whatever you want to do”.
I’ll also say that for as sophisticated as many users fashion themselves to be, they are often only sophisticated on one side of the issue. They know what they need/want to do their jobs the way they want to do them, but they don’t understand the technological complexities required to do it and still be compliant with HIPAA, Sarbanes-Oxley, and other real and potentially painful obligations, like the complexities and nuances of data collection and preservation obligations in litigation. They don’t understand and they generally don’t care, but they should respect the fact that it is a real issue and someone needs to deal with it.
So, my soapbox comment here really comes down to this: Just because you can, doesn’t mean you should; and just because it’s hard, doesn’t mean you shouldn’t. Thoughtful application of appropriate controls are ALWAYS valuable to the overall organization. Just because you can provision tablets to everyone doesn’t mean you should. Just because it’s hard to write policy and develop security protocols to protect a wide swath of devices doesn’t mean you shouldn’t expend the effort. What I’d like to see is more commentary on HOW to do that, not just furthering the hype of the awesome POTENTIAL that is in front of us due to the consumerization of IT. Show me the measured value, and I’ll come along. Show me smoke and mirrors and offer a bunch of promises, and I’m not buying.

06-01-2012 16:12

Since when was a game of Angry Birds ever quick?

06-01-2012 15:08

Not only can you bring your own devices; but your own cloud too. How many employees are putting company documents on personal Box accounts?
And I hear you on the near-compulsion to be always on. While I enjoy the freedom and the ability to clean out my inbox a bit at night or on the weekend while waiting on some combination of the three ladies in my household to be ready to go somewhere; it's a fine line between doing that all the time and sometimes just putting the device down and not picking it back up again -- unless for a quick game of Angry Birds.

05-31-2012 14:08

Iv'e seen a number of folks turn tablets in as they did not work out for their role (aka, wrong tool). It was cool to rush out and get one but the fun and glamor wore off. Why? As you state, not enough thought went into the decision.
Security issues are a real problem and so some companies use a virtual setup so nothing really sits on your device. Other companies have you sign long winded agreements on turning over your device or having it erased, etc. Yup, doesn't take long for the dilemma of the employee saying 'no way in hell' when the e-discovery team shows up. Your point in #6 has taken place too. An hourly paid employee putting in for overtime for checking emails Saturday via their device. Leading to more policy writing/rewriting and clearer instructions. Sigh. Again, no one thought it through.
There is also the issue of being able to prove your record's integrity and authenticity when challenged (litigation/investigation). How many companies are testing and documenting the process used by the device and system to prove it?
As with everything, the mad rush to new causes stumbling and fumbling but once thinking really sets in, it works out and gets better.