Bring Your Own Delusion (BYOD)

Bring Your Own Delusion (BYOD)

Summary: Everyone I speak to these days is asking me to talk to them about BYOD (Bring your Own Device) and how it impacts on corporate networks and CIO’s decision making processes.What to me is the most interesting thing is that from any surfing around and looking for comments on the Internet, you’ll find two very distinct schools of thought have evolved and they seem to be pretty equally balanced.

TOPICS: Enterprise 2.0

Everyone I speak to these days is asking me to talk to them about BYOD (Bring your Own Device) and how it impacts on corporate networks and CIO’s decision making processes.

What to me is the most interesting thing is that from any surfing around and looking for comments on the Internet, you’ll find two very distinct schools of thought have evolved and they seem to be pretty equally balanced.

Too many devicesThe first school centres on the fact that BYOD introduces risk and complexity to organizations. This is because there is no common authentication, security and management across all devices and CIO’s feel they simply don’t have enough control.

The second looks rather to the positives that BYOD brings to the table. Things like allowing users to offset budget constraints through personal purchasing, enabling users to solve their own problems or simply taking advantage of all the additional options that BYOD brings.

The problem with technology choices like this is that they can be fairly emotional.

Emotional? In a corporate enterprise?

Yes, emotional. Most of us work in environments where there is an established status quo. Things have worked the way they have worked for some time and it is fairly rare that a new way of doing things makes its way into the corporate fabric wholesale. This is because we humans are change resistant; we avoid it like the plague. We don’t want to have anything impact on the predictability that we have managed to work into our daily routines.

Both BYOD schools of thought are (I believe) emotional responses to a technology headache/salve (depending on your view point) that has been around for a very long time and has vastly different ramifications in different geographies around the world.

Take for instance countries like South Africa, where it is not the norm to be provided with a company mobile. Sure, companies pay their staff for work related usage or they provide an allowance, but in most cases it is a system that relies on the user having a mobile device to begin with. In that economy, CIO’s and IT Managers have been dealing with user choices in device purchases for many years and they have simply been getting on with it because it is not a scary new thing for them to contemplate.

In the United Kingdom, a large number of people walk around with multiple devices, one for our personal use and one for work. We segregate our communications this way because we don’t want to tell everyone we know that our number has changed every time we move jobs - a problem that doesn’t exist for our South African counterparts as they take their numbers with them. Because workers have been provided with corporate communications as a standard for so many organizations for so long, CIO’s and IT managers have invested and understood how to best manage the risks and control the environment for their situation. Understandably they are now loath to change their stance and allow a whole new set of unknown challenges to enter their organizations.

Many folks are focussing their thoughts on BYOD on the influx of new devices into consumers hands. They believe because the new devices do more, expose more functionality, can carry more data, they are where the BYOD drive is coming from.

I don’t believe it is. Sure, it is an enabler, but if your users had nothing of yours that they wanted to connect to from these devices, there would be no real problem would there?

An interesting change has been introduced into this age old topic and that is the introduction of corporate sanctioned cloud-based services…

Where a company has placed trust in a cloud service provider, they have also opened up a world of possibility for their user base to interact DIRECTLY with that cloud service. Sure, we want our users to interact with the services that we provide to our organizations but we want them to do it on our terms.

Always a classic example for me is Salesforce, the poster child for SaaS. There are apps available for every mobile platform and all you need to install them is have an account. There is no permission necessary from your employer (caveat – I don’t know this to be true across all Salesforce related apps, this is an assumption based on what I have seen to date), you simply download and install, use your Salesforce credentials and start processing.

It is this lack of control over which devices and how (and indeed where) they authenticate that makes BYOD in the world of Cloud so much more interesting than bringing your own Parker pen to the office in 1989…

Take Microsoft Exchange and iPhone… If you connect your iPhone to the corporate Exchange server you are forced into having your phone have a pin lock so that you can’t let others view corporate sensitive data when you leave your phone at the bar when you take a well-earned comfort break.

Sure, remote wipe exists, but even that base level pin lock is enough to let corporates feel a little more comfortable that their security concerns are noted and at least partially actionable.

Cloud vendors will soon be following Mimecast’s example and writing their apps to ensure that not only are corporate applications locked down to centrally governed standards, but also that authentication mechanisms will not be run in isolation and will in fact be tightly integrated into existing active directory systems.

So with all of these thoughts bandying about inside my head, my talks about BYOD usually conclude with me saying that it actually impacts CIO’s far less than many would have them believe as there have been elements of this happening in corporate networks for a long time. The CIO’s decision making process is, however, being affected a little more because they are now being made aware early on about the potential to expose services through devices outside of their control.

How a vendor or service provider handles this could well be the point on which a choice between two vendors is made…

Topic: Enterprise 2.0


About BarryGill

Barry Gill is an enterprise consultant at leading cloud-based email management provider, Mimecast Services Limited. He has been involved in product management, development and marketing roles within the technology industry sector for over 15 years.

In his role as enterprise consultant, Barry spends time working with organisations to ensure that the technology developed within Mimecast is addressing real business needs and providing genuine competitive edge.

Before joining Mimecast in 2005, Barry worked in the networking and telecommunications sector in a variety of senior engineering roles. Barry is an IT enthusiast and is involved in several key industry community groups.

I can be found on twitter (!/Barry_Gill) and on LinkedIn (

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • It’s fair to say that there are a lot of pros and cons to adopting BYOD but instead of making an emotional response, it’s best take a logical and more practical approach. IT departments naturally want to minimise any security concerns by strengthening authentication of users before they access important business information. They also want to reduce the amount of time spent configuring devices. The solution is to implement a comprehensive BYOD policy from the top down so that this new way of working can be implemented in a cost effective and secure manner whilst also offering employees a great user experience. SharePlus, the mobile app for SharePoint, is already proving its ability to extend the benefits of this well-regarded platform for navigating and sharing corporate information which suggests that the move to BYOD might not be such a challenge after all.
    Kiril Matev, Technical Evangelist, Infragistics
  • Mobile device usage is like ants marching. You can't stop it. So true. This is how I explain the Bring Your Own Device (BYOD) issue to upper management.

    This is a big issue in the healthcare industry, where HIPAA and patient data confidentiality can lead to major law suits for loss or unsecured use of data by mobile devices.

    The problem is that the data is on the BYOD device, and if it is lost or stolen, then the data can be accessed.

    The problem is that the large centralized BYOD systems are expensive and very restricting for the users.

    Like ants, we can't stop doctors and nurse from emailing or texting confidential patient data from their smart phones and iPads.

    Instead, we try to provide them with tools to help them keep the data secure.

    Example, for text messaging we got all the doctors to use Tigertext, which is HIPAA compliant since it is a secure closed network that works on most smartphones, and deletes the text message after a period of time. At $10 a user it is very cost effective and saving the hospital from millions in law suits.

    I think BYOD policy and technologies are going to be the major focus of IT departments for sometime to come, and cost effective and easy to use and implement solutions that work on personal devices will be key to solving the security issues related to BYOD.
    Shannon Walters
  • It's true, the notion of BYOD has been around for many years, but the pace of adoption is certainly picking up because of the penetration of smartphones and tablets across the enterprise, combined with the advent of productivity applications on these devices. In fact, I recently came across some stats from Vertic which predict that tablets in the enterprise are due to rise from 13.6 million units in 2011 to 96.3 million in 2016, representing a compound annual growth rate of a huge 48%.

    Every business is different. Based on the points raised above, most CIOs need to choose their own pragmatic deployment strategy. They should pace their own adoption of BYOD, based on their own business and user role requirements. As vendors, our approach is to provide them with the options to meet whatever strategy they choose to implement. Whether they go BYOD or not BYOD they need secure communication applications across multiple devices and cost effective infrastructure to support that choice.

    The level of security and device management required also depends on their own business and user needs. For example, a school or university has relatively low management costs, no integrity check is needed and the data is the responsibility of the user, compared to a financial company where a full integrity check with web based authentication is needed for each individual user.

    Yes cost is ultimately a factor in looking at a BYOD approach, but there is cost effective technology out there to manage and provide secure access and management in a BYOD environment. Such infrastructure can provide secure collaborative conversation applications on employees' device of choice – the same infrastructure which can integrate voice and data platforms and provide video.

    We need to help enterprises with a BYOD policy before actual implementation. And if they do choose a BYOD approach, it's key that CIOs ensure they have made employees aware of the dos and don'ts of BYOD through comprehensive company policy procedures. Only then will enterprises able to ensure optimal employee productivity based on those users that need BYOD and those that don’t.
    Manish Sablok