BYOD: Business Opportunity or Big Headache?

CASE STUDY

Just about everyone who has a smartphone wants to be able to bring it to work and use it on
the job. And why not? Employees using their own smartphones would allow companies to
enjoy all the same benefits of a mobile workforce without spending their own money to
purchase these devices. Smaller companies are able to go mobile without making large
investments in devices and mobile services. According to Gartner, Inc., by 2017, 50 percent of
employers will require employees to supply their own mobile devices for the workplace.
BYOD is becoming the “new normal.”
But … wait a minute. Half of all enterprises believe that BYOD represents a growing problem
for their organizations, according to a number of studies. Although BYOD can improve
employee job satisfaction and productivity, it also can cause a number of problems if not
managed properly. Support for personally owned devices is more difficult than it is for
company-supplied devices, the cost of managing mobile devices can increase, and protecting
corporate data and networks becomes more difficult. Research conducted by the Aberdeen
Group found that on average, an enterprise with 1,000 mobile devices spends an extra
$170,000 per year when it allows BYOD. So it’s not that simple.
BYOD requires a significant portion of corporate IT resources dedicated to managing and
maintaining a large number of devices within the organization. In the past, companies tried to
limit business smartphone use to a single platform. This made it easier to keep track of each
mobile device and to roll out software upgrades or fixes because all employees were using
the same devices or, at the very least, the same operating system. Today, the mobile digital
landscape is much more complicated, with a variety of devices and operating systems on the
market that do not have well-developed tools for administration and security. Android has 80
percent of the worldwide smartphone market, but it is more difficult to use for corporate
work than Apple mobile devices using the iOS operating system. IOS is considered a closed
system and runs only on a limited number of different Apple mobile devices. In contrast,
Android’s fragmentation makes it more difficult and costly for corporate IT to manage. There
are about 25,000 different models of Android-based devices available around the world,
according to a report by OpenSignal, which researches wireless networks and devices.
Android’s huge consumer market share attracts many hackers. Android is also vulnerable
because it has an open source architecture and comes in multiple versions.
If employees are allowed to work with more than one type of mobile device and operating
system, companies need an effective way to keep track of all the devices employees are
using. To access company information, the company’s networks must be configured to
receive connections from that device. When employees make changes to their personal
phone, such as switching cellular carriers, changing their phone number, or buying a new
mobile device altogether, companies will need to quickly and flexibly ensure that their
employees are still able to remain productive. Firms need a system that keeps track of which
devices employees are using, where the device is located, whether it is being used, and what
software it is equipped with. For unprepared companies, keeping track of who gets access to
what data could be a nightmare.
With the large variety of phones and operating systems available, providing adequate
technical support for every employee could be difficult. When employees are not able to
access critical data or encounter other problems with their mobile devices, they will need
assistance from the information systems department. Companies that rely on desktop
computers tend to have many of the same computers with the same specs and operating
systems, making tech support that much easier. Mobility introduces a new layer of variety
and complexity to tech support that companies need to be prepared to handle.
There are significant concerns with securing company information accessed with mobile
devices. If a device is stolen or compromised, companies need ways to ensure that sensitive
or confidential information isn’t freely available to anyone. Mobility puts assets and data at
greater risk than if they were only located within company walls and on company machines.
Marble Security Labs analyzed 1.2 million Android and iOS apps and found that the consumer
apps on mobile devices did not adequately protect business information. Companies often
use technologies that allow them to wipe data from devices remotely or encrypt data so that
if the device is stolen, it cannot be used.
Management at Michelin North America believes BYOD will make the business more flexible
and productive. Initially, all 4,000 mobile devices used by the company were company-owned
and obsolete, with a large number of traditional cell phones that could only be used for voice
transmission and messaging. Only 90 employees were allowed access to e-mail on mobile
devices, and fewer than 400 were allowed access to calendars on these devices. Service costs
were high, and the business received little value from its mobility program. Management had
identified significant business benefits from increasing mobility in sales, customer support,
and operations.
In mid-2011, the company created a team composed of executives and representatives from
the IT, human resources, finance, and legal departments as well as the business units to share
in the development, rollout, and management of a new mobile strategy for corporate-owned
and personal mobile devices. The team decided to transition the mobility business model
from corporate-owned to personal-liable.
According to Gartner, Inc. consultants, about half of organizations with a formal BYOD
program compensate their employees for the amount of time they use their personal devices
on their jobs using stipends, reimbursements, or allowances. Handling employee
reimbursement for using personal devices for corporate purposes has proved to be one of the
most problematic aspects of BYOD mobile programs. Although most companies use expense
reports or payroll stipends to reimburse employees for BYOD, these methods have
drawbacks. Expense reports are an administrative burden for both the employee and the
employer, and payroll stipends can have tax consequences for both as well.
For some companies, the best option is to make direct payments to wireless carriers to
reimburse employees for the expense they incur when they use their own wireless devices for
company business. The employer provides funds to the wireless carrier, which then applies a
credit to the employee’s account. When the employee’s bill arrives, the employee pays the
amount owed less the credit amount that was funded by the employer.
Michelin opted for a managed service from Cass Information Systems that enables the
company to make payments directly to wireless carriers. Cass Information Systems is a
leading provider of transportation, utility , waste , and telecom expense management and
related business intelligence services. A single employee portal handles enrollment of
corporate and BYOD devices and provides tracking and reporting of all ongoing mobile and
related inventory and expenses. The portal can automatically register employees, verify user
eligibility, ensure policy acknowledgment, and distribute credits directly to employees’
wireless accounts for the amount of service they used for their jobs.
Since implementing its version of BYOD, Michelin North America increased the number of
mobile enabled employees to 7,000. Employee efficiency, productivity, and satisfaction have
improved from updating the mobile technology and functionality available to employees and
giving them choices in mobile devices and wireless carrier plans, The program is cost-neutral.
Michelin has obtained new vendor discounts across all wireless vendors in the United States
and Canada and has reduced the cost of deploying each mobile device by more than 30
percent.
Iftekhar Khan, IT director at Toronto’s Chelsea Hotel, remains less sanguine. He believes BYOD
might work for his company down the road but not in the immediate future. Khan notes that
the hospitality industry and many others still want employees to use corporate-owned
devices for any laptop, tablet, or smartphone requiring access to the corporate network. His
business has sensitive information and needs that level of control. Although the hotel might
possibly save money with BYOD, it’s ultimately all about productivity.
Management at Rosendin Electric, a Silicon Valley electrical contractor, worried that BYOD
would become a big headache. Rosendin has thousands of employees and deploys hundreds
of smartphones, more than 400 iPads, and a few Microsoft Surface tablets. These mobile
devices have greatly enhanced the company’s productivity by enabling employees to order
equipment and supplies on the spot at a job site or check on-site to see whether ordered
items have arrived. However, CIO Sam Lamonica does not believe BYOD would work for this
company. He worries employees would be too careless using apps, cloud, and technology
devices. (An Aruba Networks study of 11,500 workers in 23 countries found that 60 percent
share their work and personal devices with others regularly, nearly 20 percent don’t have
passwords on devices, and 31 percent have lost data due to misuse of a mobile device.)
Lamonica feels more confident about equipping employees with company-owned devices
because they can be more easily managed and secured. Rosendin uses MobileIron mobile
device management (MDM) software for its smartphones and tablets. If a device is lost or
stolen, the MDM software is able to wipe the devices remotely. Because MobileIron allows
Rosendin to separate and isolate business apps and data from personal apps and data, the
company allows employees to use certain consumer apps and store personal photos on
company owned tablets. Rosendin has found that employees of companies that are able to
personalize company owned iPads are more likely to treat them as prized possessions, and
this has helped lower the number of devices that become broken or lost. The company has
the right to wipe the devices if they are lost.
Rosendin’s mobile security is not iron-clad. An employee might be able to put company data
in his or her personal Dropbox account instead of the company-authorized Box account.
However, MobileIron is able to encrypt data before it gets into a Dropbox account, and this
lowers the risk. With company-owned and managed devices, Rosendin still benefits from
volume discounts from wireless carriers and does not have to do the extra work involved in
reimbursing employees when they use their own devices for work.

Sources: Ryan Patrick, “Is a BYOD Strategy Best for Business?” IT World Canada, March 22,
2016; “5 BYOD Management Case Studies,” Sunviewsoftware.com, accessed May 5, 2016;
Aruba Networks, “Enterprise Security Threat Level Directly Linked to User Demographics,
Industry and Geography,” Business Wire, April 14, 2015; Alan F., “Open Signal: 24,093 Unique
and Different Android- Powered Devices Are Available,” Phonearena.com , August 5, 2015;
Tom Kaneshige, “Why One CIO Is Saying ‘No’ to BYOD,” CIO, June 24, 2014; “CIO Meets
Mobile Challenges Head-On,” CIO, July 7, 2014; and “Cass BYOD: How Michelin Became a
Mobile-First Enterprise,” Cass Information Systems Inc., 2014.