The Downside of BYOD

Despite the general popularity of BYOD programs (and the productivity gains they reportedly bring), many companies are beginning to see a decline in the performance of some important applications, bringing down the productivity of mobile-device users at the same time.

At least, that’s according to a survey conducted by global IT market-research firm Vanson Bourne and sponsored by networking giants Cisco Systems and British Telecom, both of which have an interest in promoting the perception of need for more networking equipment and services.

But the survey, which involved 2,200 IT managers, presents conclusions backed up by other surveys conducted without vendor sponsorship.

Nearly all those surveys show that both IT staff and end users believe there is some benefit to BYOD, and that the added demand on IT resources—including IT support, network bandwidth, remote-access servers and enterprise applications often used by mobile workers—is increasing far faster than most IT departments can keep up.

IT Likes BYOD—Usually

The survey sponsored by Cisco and British Telecom showed 84 percent of IT managers thought a BYOD policy made their companies more competitive, while 60 percet thought smart devices make both IT and business-unit workers more productive. The demand has driven 84 percent of companies worldwide to increase their bandwidth, although many haven’t reconfigured applications or networks sufficiently to keep the influx of mobile devices from having a major negative impact on the performance of internal IT systems and networks.

Fifty-six percent of IT managers have noticed a decline in performance from some applications, which ripples out to slow the performance of mobile devices and reduce the productivity of workers using them. Human factors have negatively influenced both the performance and security of companies with widely used BYOD policies, as well.

IT Sets Policies; End Users Ignore Them

In addition, only 26 percent of IT managers believed end users really understand the limitations or policies for using mobile devices safely or within policies set by the corporation.

A May study from Kaspersky Labs found 60 percent of SMBs have only a vague idea of what data is on employee devices, and have no way to manage or account for that data; only 35 percent said they had defined policies to deal with the potential for data leakage.

Another May study from CTIA-The Wireless Association found that a huge percentage of end users had never heard the term “BYOD” or policies to encourage (or limit) personal devices in an office context. Supermajorities of users and IT staffers disagreed on whether IT or the device owner should even be responsible for security. More than half of the end users polled said they use their own personal devices for work—including storing data and accessing corporate networks—regardless of the company’s BYOD policy.

Yesterday, Check Point software released a survey asking about the BYOD experiences of 790 security professionals–only 7 percent of whom had no problem with network-connected BYOD hardware.vSixty-seven percent thought BYOD increased the risk to corporate data; 63 percent worried about controlling access to networks and online resources and 96 percent said the number and variety of connected devices is growing.

Seventy-nine percent also said they’d had a security incident during the past year involving mobile devices. For 42 percent of those businesses the security incidents cost a total of more than $100,000; 16 percent said mobile-security breaches cost more than $500,000.

Some Business Don’t Even Have Best-Use Policies

A Gartner report from last December, which looked more broadly at BYOD and mobile policies, found that 70 percent of organizations allow BYOD but only a third have policies that keep those devices from becoming a security threat. “Shifting from an enterprise-owned mobile device fleet to having employees bringing their own devices has a major impact on the way of thinking and acting about mobile security,” wrote Dionisio Zumerle, principal research analyst at Gartner.

Even Vanson Bourne—in an annual report not sponsored by networking vendors—found that 80 percent of companies have mobile-device policies of some kind in place. Fifty-two-percent of those companies reported that the mobile strategy and policies they created are a high priority for their IT organizations.

Caution About BYOD Grows Among IT Staff

However important BYOD and mobile devices are to IT administrators or end users, those reasons—and BYOD’s ultimate impact—may not be good for the company. Surveys indicate that IT managers think mobile devices are a security challenge, with many spending more time giving technical support to employees after BYOD than before. The biggest issue seems to be that a surprisingly large percentage of companies approved BYOD policies without thinking about the immediate or long-term impact—or putting policies in place to manage that impact.

How does BYOD impact IT?

According to Gartner, BYOD has three major effects on major corporations that must be addressed on a policy level, long before the increased security risks or performance degradation become notable. Those impacts are:

First, the right of users to bring their own devices inevitably conflicts with the need of the organization to keep its systems locked down in order to reduce security risks.

Second, the use of consumer devices with inadequate security built in, which makes it almost impossible to make some devices secure, no matter how devoted the user.

Third, having an employee own the device on which he or she stores and works on company data raises privacy concerns, and make it difficult for IT to take steps to secure that data.

All of those seem fairly obvious. But so far, few companies have made much progress in changing the perceptions or behavior of end users (or their managers), at least when it comes to BYOD devices.


Image: everything possible/