CYOD to rise amid 'death' of BYOD in 2014, forecasts IDC

CYOD to rise amid 'death' of BYOD in 2014, forecasts IDC

Summary: "Choose" rather than "bring" your own device will become the main enterprise mobile strategy, because it enables better security and mobilization of applications, according to IDC's Asia-Pacific Predictions for 2014.


SINGAPORE--Expect to see the death of bring your own device (BYOD) as an enterprise mobility strategy next year, which will be instead be taken over by a new trend Choose Your Own Device (CYOD), according to IDC's Asia-Pacific Predictions for 2014.

"I hate to be the bearer of bad news but one thing is that BYOD doesn't have a great [return on investment] ROI, there isn't one," said Charles Anderson, head of telecoms and mobility for IDC Asia-Pacific. He was speaking as a panelist at the research agency's event, which highlighted CYOD as one of 10 key trends for next year.

CYOD to rise amid 'death' of BYOD in 2014, forecasts IDC.

Anderson pointed out there were also costs associated with supporting users, devices, security when accomodating BYOD. Beyond mobilizing a person, there was little value in that, he added. "These people are going to bring their devices into the enterprise and what are they going to do with them? You give them access to e-mail, but they're already at work, so they probably have access to e-mail already."

He noted what happened more often that not, was that devices would be used for non-intended purposes at work such as streaming movies and watching TV. The analyst pointed out one of his clients in Singapore saw its network bandwidth double in the month after they launched a BYOD initiative because "people were basically watching YouTube videos all day long".

CYOD helps IT deliver tangible biz benefits

While BYOD policies will still be around, many factors will push CYOD to become the main adoption model. The process typically involves the enterprise allowing users to choose from a small pool of approved company issued devices, usually based on an operating system or two.

The degree of standardized environments, allows for easier management and security planning for the IT department. Different job profiles would also be eligible for different devices, and some groups may not even qualify to get any company issued gear but instead be given limited access on their own equipment.

"What CYOD is really about, it's IT regaining some of that control and securing applications, and delivering tangible business benefits," explained Anderson.

Having a limited pool of pre-approved OSes and devices can help IT departments mobilize more business processes and applications. For example, devices would be able to load up work applications based on the user's profile.

Anderson brought up SAP as a case study of a company which had successfully implemented CYOD. The software firm had a challenge about a year and a half ago, when they were all using one type of device that the employees did not like that much, he explained. The company was afraid of the security risks in opening up to BYOD, so it outlined 3 different OSes and 10 different devices that employees could choose from such as smartphones, phablets and tablets.

"So what they want to do is mobilize the person and process in one step. They also have this challenge; they don't want to push this device on everybody, people have preferences, form factors, operating systems, and they're really opening up and allowing them to use them. It's taking off and last I heard they're managing 70,000 devices under this," the analyst said.

One consideration when weighing between a BYOD and CYOD policy is that in developed markets about 75 percent to 80 percent of devices are Samsung or Apple-branded, Anderson noted. That's compared with emerging markets where such brands will make up only 40 percent and will have more different types of devices and form factors to take into account, he added.

The 10 ICT predictions by IDC for 2014 in APAC:

  1. "Death" of BYOD, birth of CYOD
  2. One-on-one marketing redefined to become socially and contextually aware
  3. Geolocation data to drive opportunities, push regulations
  4. Big data as-a-service (BDaaS)
  5. New models from mobile and e-commerce boom
  6. Tech giants move to adjacent industries
  7. Internet of Everything driving products and biz models
  8. Partner community platforms to drive biz innovation
  9. Software-defined infrastructure formally on agenda
  10. Perfect storm for project failure from mobility, analytics, social and cloud

Topics: Consumerization, Mobility, Bring Your Own Device


Loves caption contests, leisurely strolls along supermarket aisles and watching How It's Made. Ryan has covered finance, politics, tech and sports for TV, radio and print. He is also co-author of best seller "Profit from the Panic". Ryan is an editor at ZDNet's Asia/Singapore office.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Not so sure.....

    This concept challenges some of the main reasons why we are migrating from company issued to BYOD.

    BYOD allows us to avoid constant number porting and the subsequent ETF of employees who get hired and leave within a two year period. Not only is this a time-suck for the helpdesk but ETFs can add up. CYOD brings this problem back. BYOD allows us to avoid overage charges primarily due to abuse / non-business related usage. We cap the reimbursement to the average cost of 4000 minutes, unlimited text and 2 - 4 GB of data. Overages are the employees responsibility. CYOD brings this problem back as well. BYOD allows the user to chose a carrier suitable for them and expense the charges (we automate this so as to no put an undue burden on AP). Not so if the company takes back control. This can have an effect on performance if the employee cannot rely on a good signal when out of the office. CYOD also puts the replacement cost of mishandled devices back on the shoulders of the company. We find that an employee owned phone is taken care of much better and lasts longer.

    The other challenge this poses is related to the recycling of devices. With high turn-over in our sales department, we would be left with a number of used devices of various models built for various carriers. If we wanted to recycle these back into the workforce, the user's choice would be limited to what is available, or we are throwing out perfectly good tech to maintain fairness in a CYOD scenario. This can also get expensive.

    With only 3 major platforms to chose from (here in the States), I think CYOD doesn't offer too much in the way of simplifying IT support. There are still multiple platforms, albeit "approved" that will need to be supported and as a result, most of the same issues are still there.

    As far as the example of excessive bandwidth usage on a BYOD scenario, this can be solved along with the security concerns that IT will have to address in either scenario. For starters, whether BY or CYOD, an MDM solution is still needed to manage the various platforms. IT should also be offering a guest VLAN which is firewalled from the corporate LAN, only allowing access to the web apps and services needed for productivity. The guest VLAN can also be throttled and supported by usage policies so it doesn't affect mission critical useage. This seems far simpler, more cost effective and user friendly than what is proposed here. I just don't see the value in this over BYOD.
  • The big flaw in BYOD is lack of isolation.

    CYOD, like the pre-BYOD system of company-chosen and company-issued devices, isolates company data from personal data, and company security from personal (possible lack of) security. Although I am retired from the corporate scene now, I can see the drawbacks, some of which can actually have LEGAL consequences for both parties.

    If an employee is carrying a COMPANY owned device (regardless of who chose it) off the company premises, with authorization of course, the employee has no way to defeat the company security which locks down the ability to upload or download company data EXCEPT while on company premises, to other company owned devices. Rogue employees cannot email company data to unauthorized parties (except by holding both devices side by side and retyping it). They cannot, accidentally or intentionally, load malware onto the company device that has not been screened by the IT department (and if they do, IT is responsible, since the employee only did what IT had allowed). The company has no way to get private, personal data off the employee's personal device, since there is no need for the COMPANY to back up the contents of that personal device, only the contents of THEIR device.

    With BYOD, the employee has to agree to make the IT department, possibly through their automated proxy, the backup process, privy to personal, private data, including but not limited to medical information, clues to political, religious, and political affiliation, race, or sexual orientation, etc. which may, or may not, be legal to use for human resource purposes. Since the company has the ABILITY to determine this information, the employee has grounds to suggest that a disciplinary move MAY be, in fact is LIKELY to be, retaliation for those personal factors rather than reasonable discipline. Essentially, the employee will not HAVE a personal life outside of the employer's scrutiny.

    Likewise, users of personal devices are often less diligent in screening programs or apps (or emails that may install malware) than IT departments; for one thing, they have fewer resources to be sure of the safety of their choices, besides often being more naive about cybersecurity (think of Dilbert's boss as an example). If his or her personal device should be hacked, the hacker can only harm the employee personally; but if it is also used to hold company information, the company (not always the employee, unless the employee violated a specific CLEAR instruction, as opposed to a generic "be careful" injunction) may be liable to other persons or companies for damages, or even to criminal prosecution (as in HIPAA violations because a doctor's personal phone with patient information was hacked).

    Preventing this would require company IT people to install locking software on every new employee's devices to be used for company business, and to UNINSTALL this software and wipe company data off the device when the employee leaves. Furthermore, sometimes the only way to wipe company data off the device is to wipe ALL the data off, so the employee loses all his or her personal pictures, contact lists, etc.

    And finally, requiring all employees to own such devices, even those who are only starting their careers and do not have the cash to purchase them for themselves, implies requiring them to be purchased new before they can start work with this company. While over 90 percent (probably closer to 99 percent) of IT professionals already possess such devices, those who have the "wrong" make or model, or who just object to "employerizing" their personal devices, would be forced to purchase new ones also. Essentially, making these employees PAY FOR the "company" devices that are used ONLY for work. And the rest would be "paying" in loss of privacy and loss of control over their own property.

    One more factor involving paychecks: in some jurisdictions, overtime must be paid for, and companies thus have an incentive to punish UNAUTHORIZED overtime. It may be too tempting for an employee to work on a proposal "off the clock" at home, or for a boss to EXPECT the employee to do so, when the company database is right on his/her phone or tablet. However, if a text message to the company-owned WORK phone is on the record, this is evidence that overtime WAS authorized. The only company-related communication that ought to be on an employee's personal phone would be (a) an employee calling in sick, or calling after a disaster or bad weather to ask whether to come into the office, or (b) the boss calling the employee in to work AT THE OFFICE, or on the COMPANY OWNED DEVICE at home, due to an unforeseen emergency for which the employee is "on call".
    • MDM

      I good Mobile Device Management Solution can address all of your concerns. In fact, much of what you had in your list was posed to AT&T and AirWatch last week. We left that conversation with more confidence that we can partition and restrict the enterprise data and can still use the built-in apps. Still not enough? AirWatch (and I am sure others) also has a mail app which can be forced on the user to present the data separately and securely with even more policy restrictions. The good thing is, although the devices of today reveal an apparent unified experience, the data for each account is still very much separate on the back-end which makes this all the more manageable by a good MDM solution.

      JD777 below made a good point. The same REAL problems exist, BYOD or CYOD. Provisioning and security tools are the key here. A BYOD approach would help limit the growth of an IT subculture.

      Thanks for your insight though. As I am going through this now, it is always good to hear the concerns from multiple points of view. Thanks!
  • Devices are not the issue...

    BYOD or CYOD, the real focus should be around provisioning tools versus devices. Employees will always find new ways to access and share data, regardless of what choices their IT department offer them. Setting BYOD/ CYOD policies are difficult, but setting policies around file sharing etc. is a lot easier.

    I read a study which claimed that despite the vast majority of employees accessing work from personal devices, only around 20% of their IT departments had authorized this. Which means the crux of the problem is employees going behind the backs of their IT departments. Full report is here - (1st download). Definitely worth a read.

    I think the biggest issue companies will face with a 'CYOD' trend is who owns what data on what device and the implications when people are forced to leave a company. We've all seen the horror stories...