How to Drive BYOD in Your Organization
By Frank Diana
Take a seat in any conference room, office, meeting or event, and you’ll be surrounded by mobile devices—tablets, laptops and smartphones. And, if you look a bit closer, odds are that the users of these mobile devices are checking their work email while updating Facebook and reading the latest news articles.
At its core, this is the essence of the bring-your-own-device trend. It lets users access their personal and professional data from the device they’ve chosen to use and, in most cases, own. The mobile workforce is becoming the new norm, but are IT leaders and their organizations equipped to handle the potholes and traffic jams that could arise as they navigate the tricky BYOD roads? Not quite.
In general, companies have little understanding of BYOD costs or ROI and, for many, the move to a BYOD model is not driven by the bottom line but rather by soft goals such as employee satisfaction and attracting young workers. This creates a unique set of obstacles, because BYOD is running ahead of organizational thinking and, more importantly, regulatory policy.
So, what can companies do to get ahead of the BYOD movement and ensure that they are driving the change rather than trying to catch up? Here are some guidelines:
Set objectives and define goals.
The objectives associated with BYOD programs are varied: cost savings, attracting employees, productivity gains, innovation, work-life balance, employee retention, etc. Therefore, executives need to understand exactly what BYOD will do for their company and identify clear goals and objectives.
This means having an understanding of the metrics that will be used to measure success (attrition rates, productivity gains, cost savings, etc.) and ensuring that the process is being measured and monitored. Be careful of the business-case trap: Many digital initiatives are a cost of doing business today and lack a clear business case at the onset.
Establish governance models.
Establishing executive buy-in is critical for BYOD programs, and it goes hand in hand with the need to create strong policies as a starting point for effective governance. Clear, easy-to-understand and enforceable policies need to be the foundation of the program.
Developing these policies must be a collaborative effort that involves IT, legal, HR, finance and the lines of business. These policies must then be communicated, enforced and reviewed on a regular basis. In addition, dynamic policy enforcement is required to govern the lockdown of data and applications.
The broader governance discussion is connected to an enterprise-level issue that deals with governance in the digital age. BYOD must be part of this broader discussion. For example, some thought leaders advocate creating cross-enterprise governance boards to set the company’s digital direction.
Identify potential security risks.
Security is the most often discussed piece of the BYOD story. Loss of data, confidential information and intellectual property tops the list of concerns, with increased exposure to malware infections following closely behind. BYOD programs must address complex issues associated with network security and employee privacy. Some of the methods used by leading companies to address these issues are:
- A focus on managing data by controlling the apps that can access that data, versus the employees and their devices (MDM: mobile device management). Mobile application management (MAM) is an emerging solution to a broad set of challenges, as we are likely to shift from bringing our own devices to using our own applications.
- The creation of two virtual phones running simultaneously on the same physical hardware. One phone is for the employee side, on which the worker may use Facebook, Twitter and other consumer-facing applications. The other virtual phone is for the business side, which is dedicated to enterprise applications and data.
- Virtualization of the desktop and delivery as a service. Employees then have the ability to access that virtual desktop via different devices—from a physical desktop or laptop to a tablet or smartphone.
Evaluate MDM and MAM.
Some solution providers have focused on what they are calling BYOD 2.0—or the movement from managing the entire device to managing the business applications and the data. The impetus behind this move is the difficulty in applying security across different devices running on different platforms. In addition, employees struggle with the enterprise control imposed on their personal devices, applications and information. The primary objective with MDM is to manage and secure the endpoint device itself, including protecting data at rest. MAM builds on this, adding a new set of frameworks that enable IT organizations to wrap security around enterprise applications—thereby shifting focus from device level to application level. MAM allows the enterprise to manage only its own subset of the overall data and applications on the device, while management of the device, personal data and applications is left to the device owner.
Determine cost and ROI.
Organizations that have implemented BYOD programs are reporting increased productivity and employee satisfaction. Hard evidence is emerging to support these increased productivity claims in the form of employee time savings. For example, Intel reports an hour saved per day for 23,500 BYOD employees, which amounts to $700 million in added productivity.
At the same time, however, early claims that BYOD would save companies money are being called into question. Implementation and support costs required to manage in a BYOD world are going up. As with many digital initiatives pursued by companies (social, for instance), traditional ROI is sometimes difficult to calculate.
A number of softer benefits are associated with BYOD (innovation, employee satisfaction, speed, agility, etc.) that by themselves justify the move to BYOD. But all too often, companies look for the hard ROI to justify investment.
It goes back to clarity in goals and objectives: Know why you are enabling BYOD and understand how to measure progress against those goals.
Separately, each of these components accounts for a piece of the BYOD puzzle. To effectively create a comprehensive, holistic BYOD strategy, executives need to understand how this puzzle comes together.
Executives need to consider the various elements, work with internal stakeholders, evaluate risk and measure reward. In doing so, they will define what BYOD means for their business and begin to establish industrywide best practices.
Frank Diana heads the Digital Enterprise Solutions team at Tata Consultancy Services.