The hidden danger to companies with BYOD

The hidden danger to companies with BYOD

Summary: Employees are bringing their own devices to work in ever greater numbers and companies are trying to keep things working on an even keel. There's one side effect they aren't taking into consideration.


The BYOD movement is growing at a fast pace as workers embrace bringing their own devices to the office. IT departments are scrambling to handle this influx of various mobile devices coming to work. Keeping the corporate environment secure is foremost on everyone's mind but there's another danger lurking in BYOD that few are considering.

There are plenty of reasons both pro and con for BYOD, where employees bring their own smartphones, tablets, and laptops to work. BYOD is not for every employee nor a good fit for every company but for others it's viewed as a good way to boost productivity.


While corporate IT departments struggle with the proper way to handle the influx of various different devices/platforms to keep corporate networks/information secure, workers involved are busy doing their jobs, often more productively than ever.

Companies with BYOD programs should regularly sit down with workers using their own gear and discuss what they are using and how they are using it.

Supporters of BYOD cite that increased productivity is a big plus for allowing employees to use their own equipment for work. Employees are familiar with their own device(s) and without any training can use them to maximum effect. That's a big potential win for both employers and workers. It's also a hidden danger for corporations.

Determining the best tools and practices for workers is a key endeavor for all businesses. This is vital to have work processes improve over the long term to keep productivity at top levels across all departments. This is normally accomplished by keeping an eye on how workers most effectively use the limited tools assigned to them, both hardware and software.

In the BYOD setting this fine-tuning of best practice is not straightforward and may be overlooked by most businesses. After all, workers may be using a wide assortment of devices and while employees are familiar with their own gear the companies probably aren't. 

Even if businesses get their head around what devices are being used, they likely don't have any idea what software (apps) workers are using to get work done. While this doesn't matter in the short term, it's helping employees be more productive after all, it stymies the sharing of what works best for improvement company-wide.

Companies with BYOD programs should regularly sit down with workers using their own gear and discuss what they are using and why. Find out what apps are being used on each platform and how they are being leveraged to best get the work done. This should be done on a public basis so the information is shared with the workforce as well as with the IT folk keeping track of it all.

Workers know their gear better than anyone, and they will undoubtedly use whatever app works best for them. There may be approved official apps pushed by the company but if there's a better way to do things that's what employees will use on their own devices. Finding out what those apps are and how they are better is in the company's best interest to make everyone more productive.

It's important that this discussion not be held for the purpose of restricting what apps/devices good workers are using. The purpose is open sharing of best practices, not restricting how workers use their own gear. If companies begin rejecting what productive employees use and how, the workers will simply stop sharing the information. This guarantees that best practices will not be improved company-wide over time, and that's the danger inherent in BYOD.

Topics: Bring Your Own Device, Apps

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Sorry but...

    Sorry but, It really isn't happening here! I have yet to see one company advocate giving anything more than access to corporate emails on personal devices.
    • Same with me...

      we just don't have the IT staff to "vet" all the apps that
      are available. Malware has found its way even into the
      Apple App Store, and Apple has a much larger IT budget
      than I have.
    • Umm... yeah.

      Aside from email and/or messaging apps, what other apps would anyone be using to "get work done"? You have a laptop or desktop PC for getting work done, so the primary purpose of BYOD is just to get access to emails and calls.
      • just one example

        Where I work, outside IT department no employee has any specific ETL software. Most of them use Excel and Word. A few, like me, use our own text editors which support regular expression search and replace and column blocks.

        We get a lot of RFPs with detailed specs in PDF files which we need to analyzed. Pulling data out of PDFs is a chore made A LOT HARDER if all you have to work with are Excel and Word (and maybe writing your own VBScript code written with Notepad).

        I've been in discussions between IT and non-IT employees on the subject of working with outside data. For the most part, IT employees don't have any good ideas how to do it that don't involve departments spending well into 5-figures on dedicated ETL packages. Surprise, surprise! Those are recommended to IT by the outside support firms contracted to install and support most of the software we use.

        Bluntly, true in-house IT staffs have been reduced to putting out fires in HO and choosing the outside support vendor. Those outside support vendors really don't like FOSS or shareware or anything which in-house employees would find relatively easy to program. Cynical, but often reality lives up to our most pessimistic thoughts.
      • Getting things done

        I use Omnifocus on my personal laptop to get things done. It supports GTD methodology and it helps me to be more productive. But foremost, it helps me to stay focused.
      • What would *I* be using?

        I worked at a billion-dollar U.S. retailer's corporate HQ during 2005-2006. I was doing logistics analysis work. My toolset at the time was Excel '97, Access '97, and a reporting package called Impromptu (upon seeing it: "I didn't know Fisher-Price made reporting software"). It had been discontinued after version 8 and I was given version 5 (and no manual; found a PDF myself). My system was locked down to the point that I couldn't even set my task bar to auto-hide "for security reasons" despite the fact the reports I viewed needed that last inch to display the column headers and totals on the same screen.

        Database? 681 stores and corporate were being served from a very old version (pre-MVCC) of DB2 running on a solitary AS/400. Needless to say, queries were slow.

        I went through an unsuccessful effort to be provided with a copy of Delphi, which I'd developed logistics software with myself for another firm for eight years previously (although I'd have settled for almost any decent programming language). In house software here was being developed with the discontinued Visual Basic.

        What would I want to get work done? What I have on my own home desktop today for analysis work:

        Free Pascal (compatible with my old Delphi Pascal codebase)
        The R mathematical programming language and statistical analysis software
        PostgreSQL client/server database
        sqlite3 local database
        Rapidminer business intelligence/data mining suite
        BIRT reporting software

        along with lots of other things I use less often like computer algebra system Mathomatic, Qt UI framework, etc. Everything I use today is not only cross-platform (some of it JAVA-based), but it's also all FREE. It also blows the current versions of Access and Excel out of the water (python>VBA, BIRT>Access reports>Impromptu, R>Excel, sqlite>Access Jet, postgreSQL>DB2). I've got tools for everything from mind-mapping to documentation generation, publication-quality graphing, mind-mapping, version control (something else sorely needed at the time), etc. on my system today, again all cross-platform and free.

        A few days before I quit I talked to a friend there who found the answer to every software tool problem was to be given an additional computer (run Access query on one, while that's churning start another copy on the second computer, etc.). He had two at the time but he was up to three right after I left. The company couldn't even provide him with a KVM switch! I was just getting into what open source had to offer and installed a software-based open source solution, synergy, that let him move his mouse pointer right from the monitor on one computer over to the monitor on the second one and his keyboard would direct its keystrokes to whichever machine had the pointer by sending them over the local network. He loved it and still uses it years later.

        A more senior logistics analyst snuck in mapping software because we really didn't have any; another routing program had limited licenses and it seemed out entire department could only have one employee using it a time. I still had my own copy of Delphi and license from my previous employment and snuck that in. Heck, we didn't even have all the STATIONARY SUPPLIES we needed; our software tools were anemic and everyone seemed to be sneaking something onto their machine to get some work done. I remember one project was stalled because we didn't have access to a list of Canadian zipcodes. While directors debated and talked about cutting features and scaling back plans, I whipped out my credit card, went online to a site I'd used in my previous job for routing data and purchased a list of all Canadian zips/cities/lat-long coords. etc. for $75. "Hey Noel, look what I just found!" :-) Noel was the poor guy working on the project; I never even bothered telling anyone except him how I got the list as actually procuring the data would have taken much paperwork and a few weeks and the directors loved to cancel any project, no matter how useful or vital, at the slightest hint that there was any problem (no doubt blaming their underlings for the failure).

        Software, data, the woman who had an entire drawer filled with pens, highlighters, etc. and gave them away for free because it was easier than getting anything out of a company with a billion dollars in cash, no debt and a policy that only the legal department was allowed to have post-it notes! The rest of us made our own with scrap paper and scissors - seriously.

        So many of us, even in companies flush with cash, may have a PC for getting work done, but it's unusable for the task. The IT people who supply the tools end up with products for a myriad of internal political reasons and most managers won't stick their neck out to get the right tools for the job. They'll do the only things they have personal authority to do - hire an extra temp worker, ask for an additional PC, etc. to make up for slow or outdated tools. The IT department also has no idea what most employees do nor does it bother (or have time) to find out so a handful of generic tools become supported and any other requests are turned down because they lack the expertise to support it or the time to learn.

        Meanwhile I've got a data mining, ETL, machine learning, reporting and cross-platform programming powerhouse software suite sitting on my home desk today from which I do all my work tremendously more efficiently than I did at the billion-dollar firm. The software is all open source and didn't cost me a penny either. If I ever wanted to go back to a mega-corp again I'd insist on BYOD only because I know the odds are great I'd be saddled with antique copies of Access and Excel and no tools really designed for my job (and almost 100% certain no programming language at all outside of VBA in Access, much less a modern scripting or mathematical language while my work can benefit from both).
        • Long post...

          With a few holes... literally. I agree that some companies are... well... crazy with policies and politics. But not al IT Departments are bad. I'm a SysAdmin in a team that bends over backwards t help users. Simply put: Come to us with an outcome you'd like, and some ideas on how you might get there... and we'll do everything in our power to make it happen.

          Those that don't get the warm and fuzzy reception are the ones that say "I'm doing this, so I can achieve that... deal with it". You know, the types that buy a Blackberry, even we've recommended that people don't because of compatibility issues, and then demand we make it work with the site's Exchange server, portal, and other services (which the device is incapable of without dedicated server-side components from RIM). Or the ones that bring in a MacBook Pro and demand we make it work for them... even though the bazilion services we use would work better with single-sign-on (Kerberos) which Macs aren't awesome at, and/or they require software that is not available (nor has anything compatible) in Mac-land (or visa-vera).

          BYOD may work in some areas, as stated int he previous article... but it is still probably better to discuss your desirable outcomes with the IT Department before going off and getting your own stuff and trying to make it all work.

          As for Synergy, as you suggested, I use it too and love it. What I don't love is that the computers, even though probably sitting right next to each other, are sending every keystroke unencrypted to the core and back... so I hope that NOBODY is using that to enter confidential information (or even enter logon credentials). It took some funky SSH tunneling and firewall rules on all systems before I was happy to use it at work... and I had a keyboard on each system for entering credentials directly. If someone at work started to use a program like that (or TeamViewer, LogMeIn, etc.) WITHOUT discussing it with us first (and letting us either find a more secure/appropriate solution, or at least deal with the security issues), then I'd probably be unkind on our next meeting.

          BYOD is like a box of chocolates.
    • We are trying it here. Right now only a handful are playing

      with the tools to see if BYOD would work. We are primarily a SAP shop and SalesForce for global CRM work then a TON of Office (some Google Docs. It has had a luke warm reception at best). Working with Citrx tools to front the solutions. Outsourced the hosting but the performance was horrible. Moved the hosting back in-house and it's acceptable so far; they work pretty well, but we are basically just testing and playing with the notion right now.
  • Better not to tell

    If you tell IT what you're using, you're more likely to be forced to stop than to change their minds. Employees know this and, therefore, will lie.
    • Correct

      I have to play both sides of this game, the best part of my job. Tell IT what they need to hear so I get access and then help them circumvent the actions from the deception. If BYOD is to be implemented (it be smartphone, tablet or laptop) for laptops we are finding best practice to have an agreement with the end-users. In a nutshell, the end-user agrees to have our virus protection, joined to domain and "other" software installed. We dont need malicious or indirect malicious end-users getting basic access and infecting or compromising the networks because they weren't aware their device was infected or compromised itself. It's a all or nothing pretty much.

      To a point, one can see this as invasive but security is our 1st priority next to productivity without it affecting the productivity side. For those who like to BYOD but not agree to terms, simply just get email access via webmail, which is pointless IMO. However, that seems to work for some. A bully tactic, yes but its about security 1st. So far, few have opt out of the agreement and the rest had no issues with it. The end-user sees this as a big plus. "Oh, now I can work from home" is the first response they say. I laugh and say "yes, but only if it's allowed by your manager/boss initially." and in most cases, it's not but has come in handy when one is truly sick and has been sent home.

      In the end, BYOD will not be for every company and every industry.
      Free Webapps
    • That's a little harsh

      Not all IT Departments are ful of policy-mad, anti-everything, road-blocking, ego-maniacs. I do agree that some companies have them. But the concept of "don't tell IT" is as stereotypical as Windows users having horn-rimmed glasses and pocket protectors... or Mac users having stupid hair and Starbucks Frequent Sippers cards. Minority.

      Here's the thing about IT, from someone that plays in that minefield;

      1) Nothing pleases an IT person more than being able to give helpful advice, solve a problem, or help someone achieve what they want. Those that don't get enjoyment from that ought to exit the field. So here's the trick with IT people: Go to them and explain an outcome you'd like to achieve, and work WITH the to get the solution you want. If you make it seem like THEY came up with the idea, you'll more than likely get it approved.

      2) In stark contrast from number (1) above, is what happens more often than not - and it should be avoided at all costs: NEVER, EVER, demand something from an IT Department. Never say "I want an iPad because...". As soon as you make a demand, particularly if it can be summed up as "want", you'll not get anywhere NEAR the level of suport you could have received. See my first point on this. Never say "I want this" when you can ask "How can I achieve this". It wil make dealing with IT a lot easier and happier for all.

      3) Realise that IT are ignored and effectively considered a waste of space when things work, and are the first ones shot at the first indication of a dropped packet (even if it happened on a weekend, at 10pm - when the company is a Mon-Fri centre). Give them a break. If they are in great fear of getting shat on from a great height (and IT are often WAAAAAAY down the food-chain), then they might have to enforce the policies they are told to. We don't like to (well, most of us) give users bad news, throw up road-blocks, etc. Sometimes that's the way it is.

      I've had to deny clients requests to install a certain piece of (admittedly awesome) "free" software on their computers. I did NOT like delivering that bad news to them. Behind the scenes, I had downloaded the package and read through the End User License Agreement (yes, I do that) and found it was not able to be distributed - yes, that's correct... not al "free" software is actually "free to use whenever". I even had several escalating communications with the vendor in negotiating a redistribution agreement - often sending legal-speak documents back and forth and some printed copies in triplicate. After HOURS of work, I usually end up being allowed to use the software... bu in this case they wanted us to pay several thousand dollars for the otherwise "free" software, and we didn't have the budget for that. So... sometimes you need to accept the IT decision. Some of us work our butts off to try and give everyone what they need (and some things they want). But it's not always possible, and denials happen. My only advice is try something else... or see point (1) above.

      4) A Part of avoiding the pain I touched on in (3), many IT Departments have built up a very reliable infrastructure to protect the company and their own butts. Often this means sticking with a few tier-1 vendors, building up an operating environment around one platform, and ensuring they hire people specialised in those particular platforms to maintain everything. Asking a veteran iOS/OSX professional to suddenly support RIM gear, or an Exchange Server will be not very fun, or productive, or reliable. Constantly nagging your Windows-based IT Department to let you (or your department) use a MacBook - where it's pretty much assured that no one has the appropriate skills... also not cool - especially when you don't understand al the stuff that currently "sort-of works" under Windows may not work at ALL under OSX... not everything "Just works", and there isn't always "An app for that". So sometimes... SOMETIMES... you have to accept that your chosen tools can't be supported or endorsed like you want. Not immediately and with great reliability and performance anyway. And sometimes, we IT people have standards and don't want to push out a solution that is NOT reliable, able to be supported, etc. Sometimes we also just have to protect people from their wel-intentioned self.

      So... don't go behind IT's back. Don't be fearful of IT. We can be your best ally and a great source of information for your desired outcomes and objectives. Just approach us as reasonable people, limit your demands, work collaboratively on a solution (and be open-minded... sometimes a Windows PC can and will do what you need, even if you were angling for a Mac). We love a challenge, and we love helping people.
  • Danger ?

    Not sure this is a real "Danger". There is a possibility of losing some of the gains of BYOD as users may have to pass data among dissimilar systems by only providing end results or by csv or other format. Publishing a list of common applications isn't bad, but you have already indicated that this is BYOD so company has little control, especially if applications cost money and the company isn't willing to pay for the apps on a reimbursement basis.
  • Who's flocking?

    My company is shoving the issue replacing blackberry service fully. To add in the added network plan is a pain and when or if reimbursements are cut people will not be happy. (I predicted that course years ago; move em over then cut reimbursement money... Bait and switch...)
  • Undoubtedly not!

    "Workers know their gear better than anyone, and they will undoubtedly use whatever app works best for them. "

    More likely they will use whatever they could find for cheap or free that loosely approximates what they really need. They might need the likes of Autocad or Adobe Creative Suite to do their jobs most effectively, but if it's coming out of their pocket, they'll settle for 50% (or less) proficiency using much cheaper software packages.
    • PCs vs devices

      PCs first.

      In my experience, most people outside IT install no more than screen savers which cycle through their personal photos which they've copied onto their work PCs. Generally harmless except to the Big Brothers who want as little personal/human clutter in cubicles as possible.

      Only the few tend to add software to their own PCs to make themselves more efficient. There are a few free Excel add-ins which can be hugely useful that IT would never approve. Programmers' text editors with advanced search and replace and block marking functionality can be very useful.

      Yes, it'd be best to use the best tool for the task. But if the company isn't going to pay for the best tools for all the employees who could benefit from them (because most of those employees wouldn't benefit enough to pass ROI analysis), employees are going to make their own choices in terms of cost-benefit. They may not buy the best tool for the task, but they'll get and use the tools that provide the most benefit given the cost. And there's a lot of very good free software: point me to any survey showing higher satisfaction with SAS or SPSS than with R in terms of stats software.

      Devices in closing.

      Phones are generally used for different things than PCs, and that won't change unless employers provided docking stations for phones. So contact management, calendars, maps and driving directions, expense reports for example. Do employees need calendars with personal and work entries? Absolutely, but it's almost always better to add work items to personal calendars than the reverse since nothing is private in company systems. Ditto contacts. As for maps, different people may have different preferences. Why limit choice?

      As for tablets, if they're more useful for presentations to clients/customers than screwing around hauling laptops and projectors and trying to make them work at client/customer sites, then part of the problem may be IT being unwilling to admit they have obsolete hardware and clearly inferior facilities for market-facing employees. In my experience, IT people are about the worst at ever admitting they make mistakes.
  • Discuss - but don't mandate. That's "more heads are better than one"

    I work in an environment with company laptops, that are tightly controlled (employees are NOT local admins, and therefore can't install their own software), and with BYOD devices for Email access for remote support when needed, and/or for travel.
    I think it's important that those two tiers be respected.

    I like the notion of discussing with employees, but not mandating.

    Employees - like the article mentions - WILL be more familiar with their options for their familiar device, and will be more likely to accordingly fine-tune what they use to their particular use cases.

    By contrast, if they are told to specifically use some particular tool, they may have to modify their usage to suit the tool, which is more likely than not less efficient - at minimum taking time before the new use case becomes as committed to memory as the otherwise-intuitive one.

    It's good feedback to management to discuss usage with employees, to learn and understand what everyone is using, and perhaps to compare at a high level to suggest best practices to employees (but again, not mandating). If they are best practices, employees will jump on suggestions that actually improve their usage.
  • Something flipped...

    The article says: "Companies with BYOD programs should regularly sit down with workers using their own gear and discuss what they are using and how they are using it."

    I never understood why it wasn't more a case of: Workers sit down with representatives of companies and explain why they are considering BYOD, what they intend to use, and how they intend to use it.

    When did supporting users (and now, BYOD) change IT into a reactionary stance? One of the most logical suggestions I've seen for the rise in BYOD is simply: Workers are fed up with what they are given. It's almost like a revolt or something.

    It used to be the case that good computers were prohibitively expensive, and the work ones were WAY better than the average person could afford. These days, with companies monitoring the bottom line with such scrutiny (despite the CEOs getting huge bonuses), computers being purchased are now cheap and not what you'd call amazing devices. Often over-burdened with rubbish AV software, NSA-based polices, monitoring tools, and out-dated software (because if it still works, why upgrade, right?). The average home user now has a new "productivity device" as capable, or better, than they get at work. So why WOULDN'T they want to use it instead? I've seen users toting a quad-core notebook running the latest OS, with an upgraded SSD and extra RAM... that go to work and use an old P4 running a slow and buggy install of Windows XP (I've even still seen Windows 2000 Workstation kicking around), and usually full of ancient additions of the productivity suites. It's a no-brainer.

    On the flip-side, some companies are embracing BYOD, and not all of them have the worker's best interest at heart. You see, some have worked out that they could potentially (if note completely) remove the cost of work-provided resources and put the burden on users instead... a "workers tax" if you like. It makes perfect sense that some scrooge-like companies are running with this concept. It's better for their bottom line. And if everyone has MacBooks and iPads, under AppleCare contracts, then they can also fire the internal IT Department too. Yay, more cost-saving! Until something breaks, or stops working, or reaches EOL and needs to be replaced, or has unexpected issues, etc.

    Places of work, where users are embracing BYOD in droves, speak WAY more about the company and their IT Department than the devices they are choosing. From my experience, those with amazingly poor service, or resources for that matter, are the most positive BYOD sites. Maybe that's a good thing for those sites. But for the rest of the companies with good-to-great infrastructure, BYOD is a bad idea.

    FOR CLARITY: When I talk BYOD, in this instance, I'm not talking about web/email devices - which we describe as "Bring Your Own Other Device" or BYOOD (or Browser i.e. BYOB)... because supporting smartphones via Exchange ActiveSync is child's-play - I'm talking allowing computers of substance on site, or modifying the business to incorporate inflexible technologies like iPads as a main tool.
  • VoIP & BYOD

    I think the main point of BYOD is for easy of communication (Call Center, Office2Office, Security, Etc Etc..) as an example you could keep an eye on all your security cameras, Hold Video conference calls, Take calls from your call center, Have dedicated lines forwarded to your cell phone and so on.
    if you use a secure service provider than you do not have to worry about data leakage etc etc.
    Check out Broadconnect
    With BYOD you can ensure you will never have downtime in any of your departments because you can have access to your employees at all times and they can have access to work from anywhere.