BYOD Initiatives Require Careful Thought, Implementation

While bring-your-own-device initiatives offer multiple benefits for organizations, there are pitfalls that only careful implementation can help avoid, according to Grudi Associates.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

Security issues, unseen expenses and control issues can more than mitigate the savings enterprises could reap through bring-your-own-device initiatives, according to a report from telecom and IT services provider Grudi Associates. While there has been explosion in the number of BYOD programs over the past year, there are growing concerns among IT departments that letting employees use a range of personal devices for work purposes can leave company networks exposed and sensitive data unguarded.

The report found there are several clear benefits to BYOD programs, including increased worker productivity—workers who use their own devices tend to work more hours and more productively—higher worker satisfaction, which comes from being able to use the device of their choosing, as well as potential cost savings

"It is easy to understand why the BYOD concept would have a lot of appeal to cost-conscious occupants of the C-suite, but there is more to the story than is apparent on the surface," Walt Grudi, president of Grudi Associates, said in a prepared statement. “There are real concerns in a variety of areas, from security and indirect costs to ownership and access rights, that are making prudent business leaders take a careful look before leaping."

As noted in the report, security is a major downside risk to BYOD initiatives. About 1.3 million cellular phones are stolen each year and more than half of stolen laptops result in data breaches, the report stated. That isn’t the only potential negative of a BYOD program, however. Data protection, human resources issues, compliance regulations and employee-usage policies can all complicate BYOD initiatives and erode whatever cost advantage the program would produce. The Aberdeen Group found that BYOD costs companies 33 percent more, on average, than a company-owned device.

"There is growing evidence that BYOD is not for everyone," Grudi said. "And there is an important difference between policies that permit employees to use their devices for work (while still supplying company-owned devices) and policies that require workers to exclusively use their own smartphones, tablets, laptops, etc. We've found that BYOD-only policies, which are more extreme, can be much more difficult to address."

A report earlier this month from Trend Micro and Osterman Research also suggested security is a major issue confronting BYOD implementation. According to the study, cyber-criminals employ multiple compromised endpoints and social-networking sites to infect a wide range of targets, including the most popular mobile devices such as those running Google Android and Apple iOS. These attacks often translate into down time or hours wasted trying to secure the network or device: Osterman Research found that it takes a mean elapsed time of 72 minutes to remediate a single endpoint, and 5.2 percent of IT staff time during a typical week is spent on email security management.