BYOC - what does it mean for the industry?

As I travel from event to event, I've begun to notice a pattern. Attendees tell me that they're using a device such as a computer, an internet tablet, a netbook or a smartphone that they themselves purchased rather than using a company-supplied device. This trend is known as "bring your own computer" or BYOC. The "C" by the way could be a desktop computer, a laptop, a netbook, an internet tablet and/or a smartphone.

Quite often, I'm told that the device their organization supplied was selected to meet the broadest possible set of requirements for the largest number of staff members while having the lowest possible cost. In the end, the "C" acquired by the organization wasn't really satisfactory for many different staff members. So, some went out and purchased their own "C" pressed it into service.

When asked, the folks I've spoken with at conferences and business meetings tell me that they prefer the performance, size, weight or functional characteristics of their personally-selected device over that offered by their organization. So the organization's machine languishes in some drawer or closet somewhere. What a waste of time and money!

This, in my view, has some pretty strong implications and I thought that I'd list just a few of them here:

• Corporate data that resides on these devices is unlikely to have been backed up and may be subject to loss or theft. It is rather unlikely that the data is being handled according to the organization's data retention policies. This could pose a serious problem if the organization is audited for compliance to relevant regulations. A painful loss of productivity is also quite likely as the staff member faces recovering lost data on his/her own.
• These devices often are not subject to the same level of security and could become vectors for viruses, worms and other malware.  I'm sure there are those in the "black hat" community that have or are already working on ways to use those devices as a way to break into organizational networks by going "under the radar." These devices could be thought of in the terms used to market a now-ancient talking machine -- "the gift that keeps on giving."
• These devices may have compatibility issues with the organization's collaborative software, its data management software or something else and turn into a headache for IT support staff.  The larger and more diverse the population of devices staff members are using, the larger the headache IT faces. I remember hearing the groans from my friends in IT when Apple updated its iPhone software and broke access to the company's exchange server.

Simply telling staff members that these devices are not welcome isn't workable in most environments. These devices are increasingly seen as fashion statements or status symbols as much as functional tools of the trade. Many organizations appear be ignoring this issue today. Is yours?

Forward thinking companies, such as Citrix, have tested out and deployed BYOC policies. (see the post Bring Your Own Computer - Citrix's experiement in computing for more information about Citrix's experience with BYOC.)

What is your organization doing to manage the entry of these devices into the work environment, support those using these devices, etc.?