insurance-canada.ca - Where Insurance & Technology Meet

Several Dimensions of Theory Vs. Reality For BYOD

It seems like a straightforward question:  Should employees be allowed or encouraged to use their own electronic devices at and for work?  Informal conversations with our peers suggest it is not so easy to come up with a simple answer and, as a result, there doesn’t seem to be a consensus among Canadian insurers and brokers on a direction, much less policies.  Our question:  Will reality provide the answer faster than we can decide on the theory?  And what is that reality anyway?

It Seemed Like a Good Idea ….

It’s easy to find reasons why BYOD (bring your own device) should be allowed and possibly encouraged for smart phones, tablets, laptops, etc.:

  • Improving productivity – Employees will work better with devices they are already using.  Plus, consumer devices tend to lead with new functionality (see our blog post on  Consumerization).
  • Young employee demand – Millennials will be turned off by employers who are not providing their preferred devices.
  • Employees will find a way to use the devices anyway – With common standards for the web,  it is relatively easy to access common applications from different devices.

Then Corporate Reality Hit ….

IT has some legitimate concerns.  Security is paramount.  Cited  in a recent PropertyCasualty360.com,  Larry Collins, vice president of e-solutions and risk engineering at Zurich NA, noted that each of these devices is a small computer and is a target for hackers, putting corporate data at risk.

In addition, portable devices are easily lost or stolen.  A May 2012 Wall Street Journal report notes that “Airlines say they are warehousing hundreds of iPads and other tablet computers and e-readers left behind by travelers. Carriers try to reunite the devices with their owners but are often thwarted by the lack of ID tags, password protection and Apple Inc.’s reluctance to track down owners based on serial numbers.”

But security is only the start.  Some consultants are suggesting that the whole construct of BYOD is questionable.  Insurance&Technology recently published an article based on a discussion with Jason Malo, research director at CEB’s TowerGroup.  Malo summarizes his overall view of BYOD as:  “Everybody’s saying ‘How do I do it?’ I say, ‘Don’t.'”

Malo feels that the productivity argument is spurious.  Increases in productivity are a result of mobility itself.  “it’s not about whether it’s their device or not,” he says.   In regards to cost savings, Malo cites Aberdeen Group research which indicates personal devices are actually more expensive than corporate issue.  He notes that virtual maintenance, management, and security drive the increased costs.

Malo dismisses the demands by Millennials by noting that in the current economic environment, younger workers have less leverage in negotiating terms of employment.

But Reality Can Be, Well, Relative …

So is that the end?  We don’t think so, and Malo himself provides some of the back up.  When dismissing the demand by Millennial employees, he adds that, “According to the CEB Global Employee Data Survey, senior-level employees are nearly twice as likely to be early adopters of ‘consumer’ devices as Gen Y employees.”

Seems to us that it would be more difficult to dismiss this group’s requests than a few twenty-somethings.

Moreover, Malo acknowledges that non-corporate devices are already penetrating enterprises and getting around security measures.  Malo’s response is Interesting.  “All security provisions have their weaknesses, so that can never a reason not to implement it,” Malo advises. “Weakening your security outlook is not going to help.”

Malo seems to be counseling IT to continue to escalate the security war against its own employees, including senior executives.  We suggest the kids at home not try this without supervision.

What do you think?

There are lots of issues with BYOD, some technical, many managerial (such as the discussion about unpaid overtime for ‘connected’ workers).  Our question is this:  Will the Reality of BYOD upset the Theory of  perfect IT security?  Or can the Reality of the Big Corporation crush the Theory of BYOD?

What are you doing and what is your organization doing?  And what will the Reality be a year from now? Leave a comment below.