BYOD which stands for Bring Your Own Device is a common topic lately amongst the IT Crowd.  It’s one particular method for dealing with the escalating interest of employees wanting to do more work from tablets or smartphones.  The strategy is as straight forward as it gets, let the employees bring whatever device they choose to work on, and the IT department will decide what and how the employee can or can’t do that work.  While great on paper, the practical reality of a BYOD strategy is what makes it so ineffective.

If you’re still reading this, I’m going to assume you have an interest in IT, and particular the future of mobile technology in the workplace.  It’s likely you have  read articles, watched Gartner webcasts, and possibly even participated to some extent in a BYOD scenario.  It’s also very possible you are reading the above and thought to yourself “Whoa! What the heck are you talking about, BYOD is a bad idea?”

BYOD on paper is a great idea, but it’s impractical to think it will simultaneously meet all of an IT departments security needs and the productivity desires of employees.  The technology used for BYOD, known as a “secure container” is a special app or space on a device where all the company apps are stored in.  The container is easily thought of as a locked box inside your device, where the IT department squirrels away the company data.  Unfortunately the container really isn’t where most of your employees are going to do their work.

The concept of BYOD is impractical because it derives from the belief that staff members will only do their work in the way that an IT department believes staff should do their work.  BYOD revolves around how an organization can predict or worse dictate how their staff will utilize a mobile device to accomplish their work.  A BYOD strategy is incapable of acknowledging all the faster, easier, and sexier ways employees can and will get this work done outside the container.  Because of this impractical expectation, BYOD programs are less secure than the IT staff behind them intend.

BYOD exists as a reaction from the world of IT Security and other IT groups over their ever burgeoning workload. They have allowed themselves to be distracted by the belief that work functions will be safe and secure if it is only accessed through this container. This is impractical and counter-productive on a device that is designed to allow people freedom to work however they want.

It’s impractical to believe this container is going to provide all the technology necessary for employees to fully realize the capabilities mobility can bring them.  The container doesn’t matter when your business counts on enabling the versatility of your employees. When an employee is at an important event, they don’t have time to enter the container every time they need to take a note or a picture.  They will use whatever app they are used to, and they will “copy that to the container later.”  The container has not prevented data leakage.

When was the last time you emailed something to your work address from your personal address?  It’s a very easy thing to do.  It doesn’t matter if staff sign an agreement, once the data is outside the container, it is outside the control of IT.  The harder it is for someone to use their mobile device to perform work functions, the more encouraged they may be to find a way around your controls. Is it easier to work on your full-featured document editing app that came with the tablet, or the restricted editor in the container?  People send documents through Dropbox or their Google Drive all the time because it is easier and often faster than using the mechanisms provided by their company.  It really doesn’t matter how great your written policy is, people will work how they want to work.  Shadow IT is a term today because IT departments are spending too much time restricting the tools people want to use to be more productive.

Because BYOD is impractical and drives your staff further away from playing by the rules, the alternative of company-provided equipment is the only way to securely enable mobility for your people. If you are asking your staff to work on a device, give them a secure device that does its best to stay out of the way of the person using it.  To provide a secure device that provides as much capability as possible is a difficult recipe to get correct, and any IT department is going to approach these devices in a new, but similar fashion to traditional endpoints like desktops and laptops.

The alternative to BYOD, that of corporate-owned devices is a follow-on topic to this. Look for that shortly!