BYOD The Good, The Bad and The Ugly

    

Today I read an article in NetworkWorld entitled “BYOD early adopters cite sticker shock”. I have discussed BYOD with many of our customers and, personally, I can’t buy into it. To explain, here is my take on BYOD, the good, the bad and the ugly.

The Good

  • Lower capital budget
  • Increase customer satisfaction

pexels-photo.jpgThe reasons to support a BYOD policy are obvious. There is no arguing these expected benefits. If you users are bringing in their own devices, at their own cost, then that is a cost savings on the organization’s capital expenditure budget. The reality I have found though is that the BYOD implementations are not meant to reduce the existing budget but rather to keep it from increasing. The organizations are still buying workstations/laptops for their end-users but they are making the decision not to buy smartphones or tablets in addition to the workstations.

“Survey reveals BYOD goal is money savings, but two-thirds find none and one-quarter see costs rise more than 20%” --.”

End-users today expect to be able to use their smartphones and tablets for personal and work use. Certain tasks, such as email and calendar, are a no-brainer. Integration with email systems from outside the corporate network is nothing new. Employers have long since embraced allowing access to email from the outside. This access has progressed and the new desire is for end-users to access their applications, printers and files that only exist inside the corporate network. Enabling this access for end-users via their own devices seemingly increases internal customer satisfaction... at least initially! That satisfaction is soon diminished as end-users experience complicated configurations, performance degradation, incompatibility and other unforeseen factors.

The Bad

  • Costs to reimburse employee data plans
  • Increases number of Help Desk calls
  • Increases IT Technician resolution times

Some companies, approximately 8%, are picking up the tab for data usage. This, as we all know from our personal data plans, can be very costly. When employees know they will get reimbursed they are also not motivated to sign up for the most cost-effective plans.

“One in 10 answering the survey said their companies had gone "fully BYOD" in allowing employees to use their own devices at work, and expected employees to pay all their monthly network service charges in full themselves, while another 8% practiced BYOD with reimbursement.”

As mentioned earlier, end-users quickly become frustrated when learning how to enable corporate services such as wireless, VPN, etc. They also lack the proper clients for dealing with applications and files. This results in net new Help Desk calls. This also requires Help Desk staff to be savvy with multiple brands and OS’s since there is no limit to the diversity in a BYOD model.

“More than two-thirds (70%) answering the survey said they saw no change with BYOD, but 28% said costs increased by 20%. "By rights, users who bring their own devices to work shouldn't automatically expect technical support from their IT staffs," the report remarks. "On the other hand, what is the support staff supposed to say when users experiencing connectivity problems or performance degradation come calling?"...”

When calls get escalated to the IT Technician, this again causes *additional* overhead. Similar to the Help Desk staff, the IT Technician is *expected* to be able to handle issues with devices owned by the end-user. Organizations have learned over the years to buy hardware from the same vendors so that the costs associated with support are lowered. Your IT staff become very familiar with what is in place. Hardware configurations are usually made similar down to the same types of wireless adapters and video cards. Again, this reduces the costs associated with troubleshooting device issues. In a previous professional life, my organization was so standardized across our workstations that if you couldn’t resolve an issue within a few minutes you simply re-imaged the machine and the end-user is back up and working in a matter of minutes. This is not the case when in a BYOD model.

“The IT staff is increasingly in a situation where they have to "do their best to support a multi-OS mobile environment, particularly since it's not necessarily evident to the end-user whether the cause of problems lies in the device itself, the public cellular network or in the corporate network."

The Ugly

  • Increases internal security risks
  • Requires significant infrastructure changes

My biggest concern with BYOD is the inherent security implications. If the user brings in their own devices, you lose control of what is installed on the device and how well that device is protected from viruses, malware, etc.

When my K12 customers talk about BYOD for students, my first thought is 1,000’s of hackers they are about to let into their environment. High school kids are extremely tech savvy. With their own machines they will have the entire network mapped and have a report of every vulnerability known for each server they found. This isn’t limited to just students; employees are just as likely to do the same thing. SCARY!!!

“According to the survey, 52% said they have a written mobile usage policy that users must sign as part of the management process. Security is a top reason not to go into BYOD.”

The *only* way to limit (you can’t stop it 100%) the risk to your network in a BYOD environment is to change the way you firewall your internal services from your internal users. You must separate your user network from the server network, almost as like they are coming in straight from the Internet. In fact, you should absolutely consider a BYOD on your network *just* like you consider any other device on the Internet. This is not how most intranets are designed since the assumption is that you control all devices on your network. This “new” design will require a significant investment in resources and dollars.

In short, I believe the concept behind BYOD is not a bad concept; however, without a significant investment in infrastructure, resources and training, I do not believe it will provide the cost savings organizations are hoping for. So, my question is, once you’ve made the appropriate investments, is there still value in implementing a BYOD model?

is-your-legacy-iam-system-doing-more-harm-than-good

Comments

Subscribe Here!