BYOD is being used more and more for businesses in both terminology and practice.
But what exactly is BYOD, and what does it mean for companies? BYOD stands for Bring Your Own Device, and it allows employees to do work on their own devices to access a company’s network and data rather than rely on the company to provide the hardware. Upwork estimates that 1 in 4 Americans will be working remotely thru 2021 which further supports the popularity of BYOD. Millennials are also driving the trend, thinking their personal devices are more effective and easier to use than devices provided by their employers.
What does BYOD include?
The type of device for BYOD could be a smartphone, a tablet, laptop, or even a desk phone in certain circumstances, which is why BYOD is often expanded to Bring Your Own Phone (BYOP Bring Your Own Personal Computer (BYOPC), or even Bring Your Own Technology (BYOT). While BYOD is the most commonly used phrase to capture the breadth of considerations there are actually four types of programs companies can choose when dealing with the complexities of employee-used-devices: BYOD (Bring Your Own Device), CYOD (Choose Your Own Device), CLEO (Corporate Liable Employee Owned), and COPE (Corporate Owned Personally-Enabled).
As popular and advantageous as the BYOD option is, it does not come without its own set of challenges. With employees bringing their own devices, the IT department is forced to mitigate network and system compatibility issues with the multitude of devices in use. It also brings to the surface the rising issue of data and network security. Because employees are using their own devices, they can download third party apps, increasing exposure to malware and access to sensitive company information, increasing the risk of potential theft of intellectual property and customer data breaches.
Employees who own their devices are also less inclined to respond to work messages after hours. Additional implications include having to install specific company policies for BYOD and determining how to handle licensing and potential privacy considerations across different devices, for both the employee and employer. These risks are why many companies are rethinking their device program and considering a more hybrid approach.
Choose Your Own Device (CYOD) is a modification of BOYD that Employers are exploring. The program is very similar to BYOD except that the Employer provides a limited list of devices from which the employee can choose, decreasing the risks and time-intensive labor it takes to address the connectivity and security issues with a straight BYOD program. It also keeps the cost down for issuing licensing and policy compliance. This CYOD approach is much more manageable for the IT department, to keep track of devices and issues with the compatibility of software applications.
Added benefits of this program are that the employer decreases the number of devices that the IT department must mitigate if there are connectivity issues, while the employee still has the freedom to choose the best option for their lifestyle and communication needs. Time with the Help Desk is decreased while the employee is satisfied with having a choice.
Corporate Liable Employee Owned (CLEO) is another option that companies are considering but is not quite as popular as CYOD. In this program the employees own the devices, but the employer is responsible, or liable, to pay for monthly service costs. The benefit is that the employee does not have to pay the monthly charges for their device - and that can be quite a perk for many considering employment. The downside for the company is that they again assume all the legal and security risks associated with connectivity and functionality of connecting to the network and having access to sensitive data or trade information.
Striking a Balance
COPE or Corporate Owned Personally-Enabled, has been gaining in popularity because of the benefits for both the employer and the employee. With a COPE program, the employer owns the device while it is fully used and managed by the employee. This means the company no longer has the legal or security risks associated with employees using their own devices. The business can load applications that ensure both data security and connectivity to company servers and networks. Since the company owns the phone, they can keep any dangerous apps from being downloaded on the device. With risks mitigated, IT and legal no longer worry about trade secrets being stolen from third party apps. Licensing also becomes a much easier and less expensive and employers can leverage volume discounts for the purchase of the devices, services and management.
Another benefit of a Hybrid plan such as COPE is that the employer can offer bulk enterprise discounts on the plans. This means that the employee can save a lot of money no matter what plan is used. For instance, a $40 a month service plan becomes $20 that can be deducted from payroll. The employee saves upwards of $240 per year on plan costs. The employee benefits because they get a high-quality device at discounted plan rates, and the employer mitigates any risk while still having inventory visibility and plan adoption.
The deployment and exit strategies for each of these plans also have their own sets of challenges and benefits. Bring Your Own Device can be challenging when a new employee starts because setting up each device for company access can be time consuming. The employer usually loads applications that are specific to the company network and communication. This can include email, video conferencing and instant messaging applications, as well as applications that are company or industry specific. Also depending upon the age and type of device that the employee has, enablement can be complicated by compatibility issues.
Corporate Liable Employee-Owned and Choose Your Own Device programs also install applications allowing access to company servers and communications when an employee starts. Companies must make sure employees can access all networks, servers and company information needed for job duties. The IT department will load all applications on the devices, test for usage and compatibility and then give them back to them employee.
With the Corporate Owned Personally-Enabled program, the employer owns the device, so enrolling a new employee into the program is a relatively easy and controlled process. Since the company already owns the device, the IT department already knows that all the applications needed are compatible with the device and all networks involved. It is a simple process of assigning and activating a device to an individual. Once that is complete and the device is connected, the company can simply manage the device, often remotely, as needed.
When an employee leaves the company, and they brought their own device, the employer must disable or remove any application that allowed access to company networks. The same goes for the Choose Your Own Device and Corporate Liable Employee-Owned plans. When the employee owns the device, steps must be taken to make sure no company information can be shared or exposed. This is especially true for the finance and healthcare industries. Stiff penalties and fines can be issued if company or client data is compromised because a device was not properly off-loaded.
Companies participating in Corporate Owned Personally-Enabled do not have such security worries. Since the employer owns the device, they can simply wipe it once it is returned. On the chance that someone keeps the device past their employment, or it is gets lost or stolen, the company can either remotely disable or wipe the device so access is not possible. The company is then no longer at risk and can reassign the device once a new employee is hired.
No matter which program a company chooses, BYO is here to stay, so it needs to be strategically evaluated at a corporate level. With most employees upgrading devices every 12-18 months, implementing, tracking, and mitigating a BYO company policy is a large and complex task. Therefore it is extremely important to understand the choices available, as well as the benefits and risks associated with each.