Generation Y: Are we a BYOD policy nightmare?

Generation Y: Are we a BYOD policy nightmare?

Summary: What issues do businesses face when they link bring your own device policies (BYOD) and the Generation-Y?


Bring-your-own-device (BYOD) policies are fast becoming a trend entrenched in the fabric of modern business practices.

Before, it was a fairly casual occurrence. Employees would usually have a personal mobile device with them when they attended work, either stowed away in a bag or for taking calls when slinking out of office cubicles with sallow lighting for lunch.

However, with the inclusion of high data allowances and improvements to Internet access, mobiles that were once only for individual use became smartphones and tablets that linked work and personal lives together.

Businesses realized this trend could be used to advantage; saving them from investing in the expensive process of mass-distribution smartphones and tablets that many employees are now expected to be equipped with -- allowing flexible schedules and on-call contact.

This can be problematic. Once the personal becomes meshed with the corporate, logistical concerns begin to seep through the cracks of a trend which can save businesses money -- but may also cause them a loss of profit and headaches in turn.

Why? Simply put, a lack of control over devices used to handle business-related activities. A number of different platforms, applications and storage lockers -- and more importantly, the question of security.

Generation Y members, who are either already in the workplace or attempting to enter it, are a particular group that has caused concern, according to new research.

Those in the twenty-something bracket expect to be able to use their own devices at work, and a third would ignore security policies if they barred the use of personal mobile devices in the workplace.

More than half of the 3,800 employees involved in the survey conducted on behalf of Fortinet, view BYOD as a "right" rather than a "privilege".

Almost 75 percent of those surveyed actively use personal mobile devices in the workplace. The primary driver for this behaviour appears to be the need to stay connected -- being able to access their favourite applications, social media and private exchanges, even within allotted working hours.

35 percent stated they couldn't go a day without checking their social media networks, and 47 percent wouldn't be able to manage 24 hours without sending a text.

The Gen Y's addiction to connection -- if it exists -- can be exploited by businesses worldwide, especially considering they will be the next group to take the reins in leadership, developmental and management roles. Many of them understand the nature of digital networks better than their older counterparts, and this is an area which can be used to expand and increase profitability by tapping into new markets and improving customer relations.

However, this doesn't mean their ability to talk of of deeper-rooted issues that impact businesses is so fluent. More than applying a business framework to the Internet, concerns including security, copyright and adhering to protocol are not quite as important to a generation styled as more 'individual' and demanding than others.

Awareness may not keep them from breaking the rules for personal benefit. But, it isn't all doom and gloom. The research also discovered another interesting attribute of Gen Y -- they may break the rules to suit personal preferences, but this inclination for individual action also breaches the realms of responsibility.

66 percent considered themselves, and not the company, to be responsible for personal devices they use for work purposes, whereas only 22 percent believe the corporation should be held responsible.

If the majority of twenty-somethings feel devices are their concern, why not utilize this in BYOD policy, in order to make the ever-insistent group take responsibility formally -- and any content or activity that takes place through them -- rather than trying to stamp out the trend?

Patrice Perche, Fortinet vice president of international sales and support said:

"The survey clearly reveals the great challenge faced by organizations to reconcile security and BYOD. While users want and expect to use their own devices for work, mostly for personal convenience, they do not want to hand over responsibility for security on their own devices to the organization.

Organizations cannot rely on a single technology to address the security challenges of BYOD. The most effective network security strategy requires granular control over users and applications, not just devices."

Businesses need to keep in mind this sense of entitlement, if they are to maintain a firm grip on the ways their employees work, and how corporate information is used, transferred and stored.

In the same manner as recent research showed the huge amount of free file-sharing programs used to share corporate documents by BYOD employees, if Gen Y have little regard for security policy, who knows where sensitive information may end up?

Image credit: Jeremy Keith


Topics: Security, Mobility, Smartphones

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • "who knows where sensitive information may end up?"

    That's an easy one. The same place it does now, hacked out of your Windows platform like security wasn't even there. Might as well post your company data to facebook for all the security current systems give a company. Honestly, can you name a single company that hasn't been hacked so bad you gotta wonder why they even bother?
    Tony Burzio
    • Wow...

      ...hate much? Seriously.

      Yes, Windows is currently the predominant computer platform and has been for a very long time and that is why it's been the primary target of hackers, however (and this is a really big however) now that Apple is starting to make a showing, the black hats are targeting Apple, and because Android based phones are "open garden" they are also targeted regularly.

      The only computer system that's truly safe is the computer system that has no power.
  • BYOD will only work under following conditions:

    1: Each employee must be required to sign written notice accepting full responsibility for the security of any corporate data stored on a personal device.
    2: Such written notice must contain clearly stated standards for security.
    3: Such written notice should also contain what personal use of devices is allowed on company time.
    4: Such written notice should also specify the penalties for failure to comply with the BYOD policy, which should certainly include immediate termination for cause for any employee whose violation of the BYOD policy results in a security breach for the corporation.
    5: The organization must have a zero-tolerance policy regarding violations of the BYOD policy.
    Keep in mind that it's a tight job market with more available workforce than positions so the Gen Yers need to realize a job is a privilege not an entitlement--nobody owes them anything.
    As for Gen Yers being the next generation of leadership, that is dubious thinking at best. The oldest Gen Yers are just now in their mid-20s--and are at least 10-20 years away from being any major force in determining corporate policies.
    • You do realise that you're a bit nos compos mentis

      Points 4/5: First person to get hit by this will be the bosses, and they get a pass. Ergo, your 5 points are worthless and unenforceable. Not the least because of the number of breaches for other reasons that have no consequence. Besides, the BYOD silliness has been happening a lot longer than the "age of mobile" but you probably missed those entire generations of people doing the BYOD shuffle.
      • Never heard of bosses/CEOs being sent to prison?

        For many companies, data security requirements aren't so much to prevent corporate espionage as to comply with state & federal regulations. Breaking laws = committing crime = no free pass just because they're the boss.
  • If it's fun, don't bring it in

    For those of us working in a secure environment there is a simple rule:
    If it's fun, it can't come in.
    Work is work. Leave your personal items in your personal space.
  • BYOD and Gen Y

    Hi Charlie - very interesting piece on Generation Y's impact on the BYOD trend. Members of this generation are often glued to their iPhones, so it's unsurprising that nearly half of them wouldn't be able to go a day without sending a text message. However, I did find it interesting that many of them said they'd ignore policies saying they cant use their devices at work. The younger generations in the workplace, Gen Y included, certainly have made us change the way we think about technology in the enterprise. For example, I think its imperative that video conferencing solutions are available on a host of devices, including the new iPhones and iPads (as they are far more widely used in the workplace than ever before). Thanks for this piece, Charlie. Ill be watching with you to see where this trend goes next.
  • It's not BYOD

    It's BYOT or "I wanna bring my toys" to work.

    No-one will complain if you bring an approved device that complies with existing security requirements and integrates with your secure network. That really doesn't include any of the entertaining toys that exist at the moment, no matter how expensive Apple or Google make them.

    The new Windows 8 Phones and Surface are finally turning toys into tools.

    And the continuing attempt to portray Gen Y as somehow different is getting rather tedious.
  • The X, Y and Z's of BYOD

    Charlie, the survey by Fortinet provides some valuable insight about Generation Y???s thoughts on BYOD. Since 75% of those surveyed are bringing their own devices to the work place, it???s imperative that companies??? IT departments put in place solutions that manage both applications and devices. And let???s be honest, we can???t rely on Gen Y to understand the implications BYOD has on security and privacy. The simple answer to this is deploying a mobile application management (MAM) solution. An effective MAM tool can help a company???s IT department manage their security and data directives by making certain that employee???s personal information is separate from corporate files on any device. Gen X, Y and Z are going to bring their new toys to work, regardless, so may as well get ahead, deploy a MAM solution and make the nightmare go away. David Baeza, Apperian
    David Baeza
  • Growing BYOD Trend

    Great article on this growing trend. There seems to be a lot of talk about this in recent times on all the tech blogs. You should check out this interesting eBook on BYOD
  • The benefits of BYOD

    I'm glad David Baeza wrote his reply- being on the wrong end of BYOD, it seems liks a badly thought out "strategy" based not on need but on inability to stop the tidal wave.

    I can actually see the benefits of BYOD, but only with policies being set down at the start, not after the horse has bolted. Which is totally not what is happening at the moment. If our company is anything to go by, staff are able to bring in pretty much any device and we have to kludge a solution together that works for that device. Then someone brings in something else and we have to kludge another solution.

    This is NOT a strategy; it's a combination of pandering and reacting to whimsical demand. From what I can see, most BYOD devices don't bring any tangible benefits beyond possibly email; the iPad doesn't support much out of the box without purchasing additional apps. So who pays for these apps? If they're solely for business then it should be the business, but doesn't the business have a right to say what it spends it's own on? Not forgetting that having to support several different devices with different software will incur a higher cost than supporting 1 piece of software on 1 device.

    I'm hoping that either (a) Microsoft Surface and/or Windows 8 will actually provide decent apps out of the box (WebDAV, Office etc) or that (b) we go Citrix, at which point we won't care what devices people have because Citrix will handle it. I'm glad David brought up managament too, because this is something else people never think about.