BYOD: One in three companies still don't get it

BYOD: One in three companies still don't get it

Summary: Staff want to use their own laptops, tablets and smartphones — and will find a way of doing it whether the IT department knows or not, according to new research. Meanwhile, businesses rather than consumers are showing most interest in wearable tech.

TOPICS: CXO, Mobility
IT is failing to come to terms with the now well-established BYOD trend. Image: Shutterstock

IT departments are still failing to get to grips with the concept of bring your own device (BYOD) — forcing staff to go it alone, according to research from tech analyst Ovum.

BYOD cuts across all industries, said Adrian Drury, consulting director at Ovum. "The big consumerisation challenge for IT is that you are in a competitive market now; people had to use what you gave them because there wasn't any other choice. That, of course, has all changed. If you're not being given the tools you need to get your job done, you'll go and find a way around that."

According to Ovum's research, around 30-35 percent of BYOD is invisible to IT. Although that represents an improvement on a couple of years ago, when the proportion was more like 50 percent, it still suggests that IT is failing to come to terms with the now well-established consumerisation trend.

Ovum found that more than half of staff are using a personal smartphone or tablet to access corporate data. But 62 percent of employees who use their own devices at work do not have a corporate IT policy governing that behaviour, the research commissioned by Samsung found.

"Employees are finding ways to do it whether IT knows about it or not," Drury said.

"Really what we are seeing is enterprise multi-screening in exactly the same way as we see multi-screening in the home. We are seeing multi-screening in the workplace [because] people just want to use the right screen at the right time to get the job done."

This desire for staff to use their own gadgets doesn't let employers off the hook when it comes to providing them with hardware, cautioned Drury, speaking at a Samsung-organised event.

"This is not about people wanting to use their own device or a particular device in a substitutional way, this is about using different screens in a complimentary way," he said. "If people are using their own laptop for work occassionally, that doesn't mean they don't want their business to provision them a device."

And it's not just hardware — nearly a quarter (22 percent) of full-time employees are finding their own file sync and share applications to use at work.

"That's an enormous amount of corporate data that's sitting up there that's completely unmanaged by IT, and that's happening because IT isn't giving them the tools to do their job," Drury warned.

Wearables in the workplace

While IT still struggles with smartphones and tablets, it will soon have to get to grips with wearables in the workplace too. In the consumer marketplace these will be sold as fashion and fitness-monitoring devices, but according to Drury it's actually business that has shown the most interest in developing useful applications for wearable devices.

"The place where we see the most interest is in the enterprise," said Drury, who added that there's a strong correlation between the organisations that have always bought ruggedised devices and those that are now interested in what new wearable tech platforms can do for them.

Across industries such as emergency services, logistics and agriculture, wearables could help workers be more productive by giving them access to vital information while keeping their hands free. Other potential uses for wearables being explored include patient safety monitoring and staff communications in healthcare.

Further reading

Topics: CXO, Mobility

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • You're better off that way

    Really you're better off not knowing because when there's a hack, you can deflect liability and just fire the employee that was accessing the system outside policy. If you add it to your policy, you add a ton of liability to make sure all those devices are secure.
    Buster Friendly
    • Am curious ...

      R U an attorney?
      Rabid Howler Monkey
    • Sorry, but poor advice...

      Taking a "head in the sandl" approach to security is a recipe for disaster. Given that the "liability" might very well involve sensitive internal or customer data, are you really willing to risk damage to reputation and financials just to avoid addressing this issue? And further, once you've had a breach, you're then forced to acknowledge future potential. While it _might_ be able to "deflect liability" in the first instance, there wouldn't be a second chance. Further, in the court of public opinion, it would likely be a one-strike-and-out.
  • lack of understanding

    In our workplace there are thousands of employees (hospital) who for the most part do not really understand the technology. They want to use iPads and other devices for purposes that they are not designed for on our networks. So they do it improperly. Eg: using dropbox to transfer files. In many cases the information policies do not permit such insecure use, but staff don't know or appreciate why. It is a real problem to put these ad-hoc devices onto secure networks with "apps' being so limited and staff being so un-informed of the issues. Windows tablets are easiest to deploy but staff are fixated by iPads which do not play nice or well with infrastructure and policy.
    • Maybe IT is outdated both in tech and thought

      Perhaps the issue is with IT that they do not keep up with the times. Most IT is fixated on Windows and have built careers supporting Windows desktops with Windows and Linux servers. They never saw it coming and even now they are at a loss to understand why everybody wants attractive iPads or Samsungs instead of the dull, lifeless, colorless and bureaucratic Windows workstations. If perhaps IT grows up and starts looking at non Windows devices instead of considering them as a threat, it may help IT itself in the long run. Otherwise, these non Windows devices will become a serious threat to IT itself in the long run.
      • Device makers don't make it easy

        Device makers like Apple and Microsoft don't make it easy for IT to really appreciate a device by preventing sideloading of apps or charging a premium for the right to do so.

        If IT could sideload there apps and manage security without being charged a premium maybe they'd play more nicely with these devices.

        Only Android allow sideloading without any special software but I'm not sure about managing security.
        • Windows support corporate sideloading

          Windows(8,RT,WP) support corporate sideloading.
          • Sideloading

            From a security standpoint, sideloading is a disaster. Look at what was going on with people sideloading Angry Birds (complete with malware) from non-appstore locations. Also, an Android "feature" is that one application can look at the data of another application, so if you are doing real work with real business data, that data can be picked up by malware-laden apps running along side of the other application.
      • I think you missed the point

        We are talking about a hospital setting where you have a lot of medical professionals with access to private data on patients. First off, they have no business revealing information they don't own in a public forum. A real world example is Nurses discussing patients on their Facebook pages because hey, only my "friends" can see this right? That's not made really happens. And when it does, it opens the hospital, clinic, etc to lawsuit's and liability...not to mention that it's a violation of professional ethics and just plain wrong. The hospital has not only a right but a legal obligation to prevent misuse of private data.

        In a corporate setting the ethics issue is lessened but doesn't go away. I am someone who's data was lost by the VA because an employee's unencrypted laptop was stolen with a big chunk of the VA's database on it. The VA lost my data again a couple of years later because while they had fixed the issue for employees, they failed to enforce their new policies on contractors - so another stolen unencrypted laptop with the DB, including my data on it. To top it off, after that the company I worked for had the same thing happen. And for things that aren't my personal HR information, the company owns the data and has every right to control it as they see fit. Today, employers are finally coming to grips with this.

        These issues have not one wit to do with "looking at non Windows devices" or any other particular device - weather its Windows, Mac, Android, iOS windows phone, brand X - is completely irrelevant to the discussion. Users with their iPhones and iPads or Android or whatever it is they are using are just as big a risk as anyone else if they are walking around with a device that isn't properly configured and with the correct security policies implemented and enforced. When you by an i device you don't magically become secure just for having iOS (though you might be amazed at just how many people believe it - I know because I talk to them every day).

        Finally, do some reading. In the Enterprise mobile device arena, iOS (iPad, iPhone) has a lead in market share over Android - which is just the reverse of the consumer market. This is mostly because Apple was early to the table with Mobile Device Management (MDM) functionality which enterprises need to control access and enforce policies. Android is in second place in this market and Windows Phone isn't even on the radar. I've been seing the Surface Pro making some inroads but in my company, it is actually treated as if were a laptop - not even in the same category as an iOS or Android device. For the most part Windows isn't even a player. So in the mobile device world you have things exactly backwards.
        • You are talking about a very serious matter

          With the new HIPAA regulations, those that are the investigators don't even have to have a complaint. They can come and inspect and if you are in violation and are fined it goes back to the agency that is investigating HIPAA violations. That is huge incentive for them to find violations.
      • Maybe IT is outdated both in tech and thought....

        "Most IT is fixated on Windows and have built careers supporting Windows desktops with Windows and Linux servers"
        that's because that's the environment in enterprise operate in. you state that they should start looking at non-windows devices, but the device is only part of the picture; does the device have the applications needed for the worker to do their job. what the point of deploying a device that you don't have applications to support to justify the cost. Consumer IT is a different world than enterprise IT; different requirements and different standards. There is so much beyond just the device....infrastructure, software and security.
      • Not really

        First, this isn't really about Windows vs iPads. Mobile devices and remote access is software/hardware agnostic. Apple/Mac networks can have the same problems, and Windows networks can also be accessed by attractive Windows devices. You can give credit to Apple for helping boost the mobile industry which only makes more popular, the remote access they has been around for a long time. Also, I'd argue it's more about those devices being convenient more than just more attractive.

        IT in general always has to balance new technologies, their risks and benefits, and the limited budgets. IT is usually a cost center; not a profit center - with indirect savings justifying the expense. Often, IT departments aren't giving the time or money they need to plan and adjust. Also, often the IT time is spent holding people's hands or doing work for them because they don't want to learn the basics themselves. It's something IT brings on themselves (I too am at fault), but we're also kind of pushed to justify the value of our jobs/departments. In my experience, if more everyday employees, would take the time to learn and improve their basic computer skills, IT departments would have more time to focus on the new technologies and support plans and the companies would be more efficient to boot.

        All that said, there are always those IT personnel who think they know it all and don't plan appropriately, but I don't it's on the scale that this article mentions.
      • No Way

        Suppose some employee was working on data and put a lot of it, including YOUR personal records: medical, dental, criminal(?), credit card numbers, etc., on an iPAD and took it home to work on and the device is lost or stolen and YOUR life becomes ruined for 4 years or so over it. Employers don't want critical data leaving the building. Not on devices and certainly not on public cloud providers like Google and Dropbox that are not certified by the federal government to hold that data.
      • Maybe you don't understand enterprise IT

        Windows is primarily built for business. You can run it on a virtual layer and trickle down OS updates and perform USMT profile transfers. Every aspect of the OS is remotely configurable. Even the lambasted IE is really built for corporate use as it has application hooks and GPO profile settings, etc. Even Macs, which are about as close to Windows as far as manageability, is a far cry of a enterprise solution compare to Windows.

        The best way really to currently do full PC BYOD is to just spin up some VDIs and give the connect info to your end users. Give them multiple ways to connect (app pulled down from the vendor site, a web page using HTML5, etc.).
        Rann Xeroxx
  • I, for one, would prefer not to use my own kit for corporate use

    I would, however, be comfortable using corporate kit for personal use whilst on-the-job in the following two cases:

    o BlackBerry 10 OS with its Balance feature
    o Samsung Knox

    Providing that corporate IT both permits and enables the devices for personal use.
    Rabid Howler Monkey
  • Actually the real problem is...

    ..."62 percent of employees who use their own devices at work do not have a corporate IT policy governing that behaviour." The this is the one thing there is no excuse for. I believe companies have a right to protect their data as they see fit. In some cases such as HR and/or medical data they have a legal obligation to protect it. But to have no policy at all is inexcusable, even if the policy is "no personal devices at all". If they have no policy and an employee looses or misuses data they will have a much harder time doing anything about it.
  • Safer For Corp, Employee To Discourage BYOD - Too Much Open Access to PII

    I work in a combination govt/corporate environment. I appreciate having a separate laptop/smartphone for all of my work for a few reasons.
    (1) Just easier to keep private/personal life separate from the office & official govt business. I can turn all my work devices off & be completely disconnected from the office - my sanity is crucial.
    (2) There are no data sharing conflicts that could threaten personal identifying information (PII) of other employees. People working in health-related fields/offices must follow HIPAA requirements, sharing patient info (even verbally encrypted) will get them dismissed - no investigation necessary.
    (3) Many employees don't understand the fundamental learning curve with using Windows PC/laptops vs iPads/iMacs. (a lot of Apple iPad interest is mostly socially motivated - its the "cool" device - but the iPad/MacAir has some functionality/hardware limitations) And with the increasing popularity of Chromebooks, most consumers assume all these different devices work like their old Windows based PC - which is not the case. A complete headache of IT dept to have to provide support for both corporate-issued devices and for personal devices as well b/c the staff doesn't completely know how to make everything work.

    In today's "quick-to-fire" environment, I'm safest using separate devices for work & play.
    • also...

      ...using the corporate IT devices is a good way for employees to protect their own information and personal use as well - keeps privacy at a higher level.

      And my corporate device has unlimited services for data/texting/calls which I can use when traveling anywhere. This permits me to maintain modest levels of service for my personal devices - meaning less out-of-pocket expenses.
  • Deniability?

    Sorry, that only works in the press. Your employees lose patient records and you suffer from HIPAA fines. You lose crimninal data and you get a visit from the FBI. You don't report any of these and they trace it back to you or your employees... I don't know what will happen in that case.
  • Here is Some Rea-World Issue

    Where I worked (100K employees), they wanted to implement BYOD because of the savings and employees complaining about carrying two devices )personal + business). So they offered a plan to pay the employees $35 per month to use their own cell phones. It was a disaster.

    Few wanted to do this. Why?? Because, if they are to put any business data on their personal phones, their cell phones could be confiscated in the event of a lawsuit. This is called "eDiscovery" so you may want to look that term up. Second, any loss or theft of the device would have to be immediately reported to the office and the police. Next, there was a reservation that, in case of loss or theft, the entire device would be remotely wiped by the office (not a big deal if you back everything up). Also, the security siftware would be added by work and policies would be established with this software (including how often to lock the device). Also, all data would need encryption.

    Sorry, guys, this has little to do with Windows vs. MAC vs. Android vs. IOS. It is all about what can happen to data and trade secrets (including computer code). These days there are laws that govern notification of consumers that their data was lost and laws issuing fines for data breaches (HIPAA/HITECH, CJIS, PCI-DSS, etc.). Companies cannot just throw up their arms and say, "Oh, Well!". You guys, as consumers should appreciate this. Quit thinking as employees and think of yourselves as consumers.