Living With BYOD in Your Organization


Published on

Discover the growing trend towards BYOD, its benefits and risks, and advice on how to manage it within your organization.

Published in: Business, Technology, Career
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Living With BYOD in Your Organization

  1. 1. WHITE PAPER Living With BYOD in Your Organization ON An Osterman Research White Paper Published January 2014 SPONSORED BY SPON sponsored by sponsored by Osterman Research, Inc. P.O. Box 1058 • Black Diamond, Washington • 98010-1058 • USA Tel: +1 253 630 5839 • Fax: +1 253 458 0934 • •
  2. 2. Living With BYOD In Your Organization EXECUTIVE SUMMARY The wave toward Bring Your Own Devices (BYOD) and Bring Your Own Applications (BYOA) – which we have dubbed BYODA – has been building since roughly 2007, but has now become a tsunami. In many organizations, personally owned smartphones and tablets used for work-related purposes outnumber those that are provided by employers. A growing number and variety of cloud-based and mobile applications are used to access and produce content in corporate applications and data stores. In short, BYODA has become the norm for tens of thousands of organizations, including many enterprises, and is becoming so for most of the rest. IT departments have more or less acquiesced to the BYODA trend and are generally not as vigorous in their opposition to the use of personally owned devices and employee-deployed applications. Many organizations are realizing the variety of benefits provided by BYODA and are embracing them. In short, many IT decision makers have simply decided to live the with new realities of “consumerized” IT. However, while IT may have warmed to the idea of BYODA, they must deal with a variety of problems that BYODA creates: • Supporting all of the devices that employees use for work purposes, including personally owned and company-supplied iPhones, iPads, Android smartphones, Android tablets, Windows Phones and BlackBerry smartphones. IT departments faced with BYODA must support a much larger array of devices and applications than in organizations that restrict the use of personally owned devices. • Supporting multiple versions of mobile operating systems (a particularly serious problem for organizations that permit the use of Android devices). • Supporting the growing array of cloud-based and mobile applications that are designed to synchronize files between corporate data stores and cloud-based repositories, send large files that cannot be sent through corporate email, or provide other features and functions that employees want, but cannot get from their IT department. While useful, these applications can make support much more difficult than it would be if only IT-deployed applications were permitted. BYODA offers a number of benefits, but IT’s ability to support the new realities of the consumerized IT environment is sorely lacking. The bottom line is that BYODA offers a number of benefits, but IT’s ability to support the new realities of the consumerized IT environment is sorely lacking. IT staff must have a way to efficiently and cost-effectively manage the new infrastructure without placing restrictions on how employees operate and the tools they use to do their work. IT must be able to meet the challenges of the more complex service desk environment that BYODA creates. Finally, IT must be able to monitor, track and manage everything on their network – the systems they implement and those that employees use on the corporate network and to access corporate systems. ABOUT THIS WHITE PAPER This white paper discusses the growing trend toward BYODA, its benefits and risks, the disconnect between what organizations would like to do and what they are doing in the context of BYODA management, and some advice on how to better manage BYODA. The white paper also provides a brief overview of Citrix, the sponsor of this paper, and its GoToAssist offering. GROWING USE OF PERSONAL DEVICES AND APPLICATIONS IN THE WORKPLACE EXACTLY WHAT ARE BYOD AND BYODA? BYOD and BYOA – or BYODA – are increasingly common as companies allow employees to use their own devices and cloud-based applications to access corporate content and other resources like email, databases and various applications. This ©2014 Osterman Research, Inc. 1
  3. 3. Living With BYOD In Your Organization “consumerization” of IT is not just about devices, but also includes social technologies, cloud-based tools to access content, and a growing tide of consumeroriented expectations for how work is performed. The popularity of the BYODA trend is demonstrated in the following figures that show the popularity of personally owned mobile platforms, as well as the penetration of personally deployed applications. Figure 1 Primary Mobile Device in Use as Reported by End Users The “consumerization” of IT is not just about devices, but also includes social technologies, cloud-based tools to access content, and a growing tide of consumeroriented expectations for how work is performed. Figure 2 Percentage of Organizations With Personally Deployed Applications ©2014 Osterman Research, Inc. 2
  4. 4. Living With BYOD In Your Organization FACTORS DRIVING THE MOVE TOWARD BYOD AND BYODA BYODA is being driven by several factors: • The growth of the telework movement is fueling the BYODA trend as employees work from home one or more days per week and employ their own desktop computers, laptops, tablets, smartphones and other tools to do their work. Forrester Research has found that 37% of employees work from more than one location and 53% do so with multiple devicesi. Add to this the fact that employees working away from the corporate network are not subject to the same level of IT supervision imposed upon them as when they are in the office, and so, in the absence of direct IT oversight, will find it easier to deploy cloudbased applications, mobile apps, etc. on their personal devices. Many employees who employ personally deployed tools at home will install them on their office computers, as well. • Many employees and contractors often own better and more capable mobile platforms than those supplied to them by their IT department, assuming that their IT department has even provided them with a mobile device. Many of these platforms include the latest iPhones or Android devices, iPads, Android-based tablets and, in some cases, the latest BlackBerry or Window Phone devices. Forrester Research has found that more than one-third of workers are willing to purchase the computer they wantii. • There is a growing trend for employees to have an expectation of always being connected and of always having access to all of their work-related and personal content on a mobile device or in the cloud. This blurring of the work-life separation makes access to corporate data and resources essential on all devices used by employees. • Many IT departments often cannot afford the latest and greatest hardware because of tight IT budgets. For example, although a TEKsystems survey found that 62% of organizations anticipate an increase in their IT spending during 2014, 38% will either hold steady with their 2013 budget or will actually cut itiii. • Unlike most consumers, many organizations apply sound financial principles like return-on-investment considerations to purchase decisions for hardware and other infrastructure and simply won’t opt for new mobile devices every 12-18 months. Where hardware purchase decision are not the limiting factor, often the cost of managing a wide range of different devices and operating system versions is simply too costly for an IT department to consider. The growth of the telework movement is fueling the BYODA trend as employees work from home one or more days per week. THE GROWTH OF PERSONALLY DEPLOYED AND MANAGED APPLICATIONS Thousands of cloud-based apps, mobile apps and other tools are available for use by employees – many of these tools permit employees to be more efficient or they provide supplementary capabilities that IT cannot or will not implement. These applications provide enhanced email services, cloud-based file storage, file synchronization, content collaboration, the ability to transfer large files and other capabilities that IT departments often do not have the bandwidth to deploy or support. It is important to note that few employees who deploy their own applications are actually trying to subvert IT wishes. Instead, they are trying to be more efficient by having ready access to all of their work-related content from any platform, have a backup email capability available to them in the event the corporate email system goes down, or have the ability to send very large files that their primary email system will not support. As shown in the following table, many leading “consumer-focused” applications have been deployed by IT, but quite often they are deployed without IT’s knowledge or consent. ©2014 Osterman Research, Inc. 3
  5. 5. Living With BYOD In Your Organization Figure 3 Selected Cloud-Based Applications in Use Based on % of Organizations Application Dropbox Deployed by IT Used with IT’s blessing Used w/o IT’s blessing Not used Apple iCloud Deployed by IT Used with IT’s blessing Used w/o IT’s blessing Not used Google Drive Deployed by IT Used with IT’s blessing Used w/o IT’s blessing Not used Microsoft SkyDrive Deployed by IT Used with IT’s blessing Used w/o IT’s blessing Not used Citrix ShareFile Deployed by IT Used with IT’s blessing Used w/o IT’s blessing Not used Up to 99 Employees 100-999 Employees 1,000+ Employees 17% 40% 21% 22% 12% 26% 31% 30% 6% 13% 43% 38% 10% 34% 20% 35% 14% 22% 24% 40% 7% 21% 33% 39% 8% 28% 21% 44% 7% 21% 28% 45% 7% 11% 38% 45% 21% 33% 7% 38% 11% 25% 17% 47% 11% 11% 28% 50% 10% 4% 0% 86% 12% 4% 1%6 82% 13% 6% % 75% WHY ARE CLOUD-BASED TOOLS SO POPULAR? The growing use of cloud-based file sync, storage, sharing and other tools is being driven by a number of factors: • Many IT departments impose limits on what users can do in email and other systems. For example, in many organizations there is a limit on the size of files that can be sent through corporate email. While the reasons for imposing these limits are sound, they can prevent users from sending very large files. As a result, many users will deploy their own free or low-cost, cloud-based file transfer tool to overcome IT-imposed limits. Here again, users do this to remain productive, not to frivolously bypass the IT department’s policies or restrictions. • Some users are simply not satisfied with the capabilities offered to them by their IT department and so want to provide their own superset of features and functions that will make them more efficient and productive. For example, users who work from home or when traveling may not want to take files with them on a USB stick and manually synchronize them with office-based systems, and so may instead opt to use a cloud-based file synchronization service to do this for them. • For some users, the ease of use and optimized interface of cloud-based applications is preferable to the somewhat antiquated interfaces available on legacy systems. It is important to note that most IT decision makers realize the importance of cloudbased applications, particularly those focused on file sync and share, and so are deploying enterprise-grade replacements for the tools that many employees have already deployed. For example, as shown in the table above, Citrix ShareFile – an enterprise-grade tool that provides file sync and share functionality – is deployed ©2014 Osterman Research, Inc. 4
  6. 6. Living With BYOD In Your Organization more by IT than it is by individual users, the opposite of what is occurring for the other tools in the table. This indicates that IT is in the process of upgrading employees’ consumer-focused file sync and share capabilities to enterprise-grade equivalents to a much greater extent than it is trying to block use of the former. The bottom line is that employees are significantly influencing the tools that are deployed in the enterprise. Most employees will be much more satisfied, and in turn more productive in their work, when they can influence the applications that will be used in their work – assuming, of course, that IT can satisfy the organization’s overall security and information governance requirements. BYOD CAN BE A GOOD THING USERS CAN WORK MORE EFFICIENTLY There can be significant benefits (and enormous return-on-investment for organizations) to be gained from the use of personally owned devices and various employee-managed applications when used for work purposes: • Anytime, Anywhere Access BYODA means that not only will employees be continually connected to their work, but they’re able to bring their work with them while they’re working remotely. For example, salespeople can access their content stored in a cloudbased application to showcase the latest marketing collateral and updated pricing information to prospective clients without having to bring these files with them when leaving the office. Doctors can view videos or review notes directly from their device before going into a procedure instead of going to a workstation in an emergency, operating or patient room. Field engineers can access project drawings, specifications, quality records, and predictive safety analysis all via applications on their tablet while on the job site. • Improved employee productivity Most users can be more efficient and effective in their work if they have capabilities that give them access to all of their files, communications tools and other services from any platform or any location. Because IT often does not have the budget to enable every capability for every user, BYODA helps to fill in the gaps that might exist in the corporate infrastructure. A good case in point is Intel Corporation: the company has embraced BYODA and has realized a productivity increase of 57 minutes per employee per day as a result, giving the company a three-fold return on its consumerization investmentsiv. • Mobile is no longer just an access point, but instead the primary platform for many employees. Innovation Mobile technologies are changing the way people work. Mobile is no longer just an access point, but instead the primary platform for many employees, enabling them to get their work done faster and better through accessing the right tools and technologies from wherever they are. Osterman Research has found that one-half of companies surveyed see mobile as truly transformative, a way to get ahead of the competition and maintain competitive advantage. Mobile is solving multiple business problems and, through the use of BYODA, organizations are able to reexamine how they engage with customers, partners and suppliers, and think through the impact of how they can make critical core services available on smartphones and tablets. Osterman Research has found that a large proportion of organizations consider several key attributes of BYODA to be important or very important reasons to support the use of personally owned devices, as shown in the following table. ©2014 Osterman Research, Inc. 5
  7. 7. Living With BYOD In Your Organization Figure 4 Reasons for Supporting Personally Owned Devices % Responding Important or Very Important Driver for Supporting BYOD Keep employees happy by permitting them to bring their own mobile devices to work Increasing productivity and making employees more productive on mobile devices View mobile enablement as way to get ahead of competition and sustain competitive advantage Trying to reduce spend on our telecom bill Reexamining how we engage with our customers, partners and suppliers and thinking through the impact of making core critical services available on these devices We are committed to leveraging the cloud for IT services and enabling enterprise mobility is a critical piece of our journey to moving workloads onto the cloud Keeping the stress off the file-sharing infrastructure and reducing storage costs Reducing the strain on our email server Up to 99 Employees 100-999 Employees 1,000+ Employees 85% 60% 60% 62% 72% 68% 54% 52% 47% 38% 44% 35% 31% 42% 48% 31% 32% 35% 15% 14% 21% 15% 16% 17% CORPORATE IT COSTS CAN BE REDUCED BYODA offers important cost benefits simply because the costs of smartphones and tablets are borne by employees who are willing to supply them. In fact, Osterman Research found in a large survey that 35% of respondents whose companies have 1,000+ employees are trying to reduce spending on their telecom bill, a key benefit that BYODA can provide. This applies even when employees are reimbursed by the company with a monthly stipend to cover their mobile device charges, since the mobile service is managed by the employee, not his or her employer. This provides an important corporate benefit when employees leave an organization. For example, Osterman Research has found that 11% of organizations are not sure if they are still paying for mobile services for employees who are no longer employed – for organizations with 2,000 or more employees, this figure is 17%v. When employees are personally responsible for their own account, their employer does not run the risk of incurring unnecessary mobile platform costs. When employees are personally responsible for their own account, their employer does not run the risk of incurring unnecessary mobile platform costs. Another important cost benefit from BYODA is that it can reduce the strain on email servers, bandwidth and other parts of the IT infrastructure by migrating some services to the cloud. This will potentially reduce costs by postponing enhancements to or replacements of email servers, storage systems, etc. For example, 35% of organizations with 1,000+ employees are committed to leveraging the cloud for IT services and moving their workloads onto the cloud and away from on-premises systems. EMPLOYEE MORALE AND RETENTION CAN BE IMPROVED Most users want to select the device on which they do their work instead of working on a device with which they are not comfortable or familiar. The result is that most employees no longer have to carry a separate “work” phone and “personal” phone, since BYODA ensures they are always online and always connected to their work since they are using only one device. As discovered in an Osterman Research survey, approximately two-thirds of employees said they were kept happy by being allowed to bring their own device into work. Employees who are permitted to use their own devices and applications will likely have higher morale and will be less likely to seek employment elsewhere – important issues in a strengthening economy that will offer more choices for employees. ©2014 Osterman Research, Inc. 6
  8. 8. Living With BYOD In Your Organization THE DOWNSIDE OF BYOD It is important to note that the rewards of BYODA far outweigh the risks, and with a bit of planning in place, IT and the organization as a whole will realize the lasting benefits that it brings. However, there are some risks associated with BYODA for those organizations that do not address and manage them properly. SUPPORTING USERS A serious implication of BYODA is that IT is less able to support the array of devices and applications in use. Many IT departments have not implemented the processes and tools necessary to support users who are employing their own devices and applications. This can negatively impact employee productivity and cause other problems because IT simply does not have an efficient way to manage their service desk or support users who are using their own platforms. SECURITY AND MALWARE PROTECTION Personally owned/managed devices and cloud applications often use non-corporate networks for communication and storage. Consequently, BYODA can create securityrelated risks because they bypass corporate defenses. This means, for example, that inbound content on personally owned devices or applications might not be scanned for malware as when the data is sent through the corporate network. Similarly, outbound content may bypass corporate policies that will automatically encrypt or scan content that may be sensitive or confidential. This creates a higher level of risk for both data and financial loss. Organizations that allow or must deal with BYODA can experience a reduced level of governance. CONTENT RETENTION AND MANAGEMENT A fundamental risk of BYODA is that organizations may be less able to manage their content as they would like. For example, content that is created and stored on personally owned tablets, stored in a cloud-based file synchronization, or sent via personal Webmail systems is less accessible to the entire organization. This makes it more difficult for the organization to inventory the content it has available for eDiscovery or regulatory audits, makes it more difficult to access this data when required, and makes content retention more difficult to enforce. This can lead to a greater risk of evidence spoliation during litigation, greater risks in satisfying regulatory obligations, greater difficulty in authenticating critical information, and greater difficulty in managing content retention periods. CORPORATE GOVERNANCE Organizations that allow or must deal with BYODA can experience a reduced level of governance as a result of IT’s loss of control over personally owned devices or the corporate data that is stored on them or in the cloud. The loss of control over access to corporate applications and the potential loss of intellectual property that can result from the physical loss of a device that cannot be wiped put an organization at risk. It is important to note that the threat of regulatory or legal sanctions because of inadequate recordkeeping or supervision resulting from unmanaged use of BYODA is another serious risk. Because courts and regulators treat work content on personally owned devices and in personally managed applications just like they treat content on company-managed systems, organizations must take into account regulatory rules and eDiscovery guidelines when implementing their BYODA policies and procedures. THE DISCONNECT BETWEEN CURRENT PRACTICE AND BEST PRACTICE Osterman Research has found that many organizations are not protecting themselves adequately from the risks associated with unmanaged BYODA. When asked to rate the seriousness of problems on a scale of 1 (not serious at all) to 5 (very serious), as well as their management of these problems on a scale of 1 (not well at all) to 5 (very well), we discovered a number of disconnects between these problems and how ©2014 Osterman Research, Inc. 7
  9. 9. Living With BYOD In Your Organization well they are managed. As shown in the following figure, organizations view a variety of issues in BYODA management as serious or very serious, but a much smaller proportion consider that they manage these issues well or very well. Figure 5 Seriousness of Issues vs. How Well They are Managed There are major gaps created by BYODA that organizations have yet to fill. There are major gaps created by BYODA that organizations have yet to fill, particularly in the context of data security and content management. Osterman Research has found that the problem is even more serious for smaller organizations that often do not have the IT staff, budgets or expertise to match their requirements with the appropriate controls to protect data and other corporate assets. IMPORTANT STEPS FOR MANAGING BYOD DECISION MAKERS MUST UNDERSTAND THE BENEFITS AND RISKS A key first step in approaching the BYODA issue is for decision makers to appreciate just how pervasive it is – something that many may not realize. While most believe that many of their employees are using personal smartphones and tablets (given that senior managers themselves often were the early adopters of BYODA), they may not completely understand just how widespread this phenomenon has become within their own organizations. Senior managers must understand: • How personally owned smartphones and tablets, as well as personally deployed applications, are used throughout the organization. • The many (typically beneficial) reasons for their use. • What types of data that employees access and store on these devices. • The technologies and applications that are adopted/demanded by users while still meeting the requirements and the needs of IT. ©2014 Osterman Research, Inc. 8
  10. 10. Living With BYOD In Your Organization It is important that decision makers consider their options for managing BYODA. While some may opt for draconian policies that limit or prohibit employees from using personally owned platforms or cloud-based applications, Osterman Research recommends the opposite approach: that is, embrace BYODA and the overall trend toward the consumerization of IT, realizing that the trend is not going away and that it can provide numerous benefits. In fact, an improving economy that provides employees more choice on where and how they work makes opposing BYODA even more difficult for senior managers who might just lose employees as a result of overly strict or unreasonable BYODA usage policies. An important component of the BYODA analysis process is to survey employees about what their work requires in the context of mobile platforms, the capabilities that cloud-based applications offer, and so forth. For example: • How will the use of personally owned devices and employee-deployed applications improve or impede current business processes? • Do employees need specific applications that will enable them to be more productive? • How important to end users are various capabilities, such as viewing documents, sharing status updates with others, or collaborating with colleagues? Ensuring that management understands how BYODA impacts end users is critical to helping them develop the correct policies to both protect the organization and enable end users with the tools they need to be more efficient and productive. It is essential to deploy the appropriate technologies that will enable organizations to manage BYODA properly. IMPLEMENT POLICIES DESIGNED TO PROTECT THE ORGANIZATION It is essential that organizations implement BYODA policies focused on acceptable use of personally owned devices and employee-deployed applications. This could include creating a list of approved devices, operating systems and operating system versions, cloud-based applications, mobile apps, etc. These policies should be as detailed and complete as necessary, and should be included in an organization’s overall set of acceptable use policies that are designed to govern use of all corporate computing resources and employee access to them. A key element of these policies should be that any mobile device – whether company-supplied or employee-owned – must be “wipe-able” by the IT department in the event of its loss – a failure to wipe a lost or misplaced device can carry with it the damaging effects of an expensive and well-publicized data breach. Moreover, all devices must be scannable for malware, content should be scannable for data leakage, and content must be archived. EDUCATE USERS ABOUT BEST PRACTICES Educating users is another important step in managing BYODA properly. This training should include how to properly access and manage corporate data and other resources, which applications represent a risk to corporate security and which are safe to use, the types of communications that are appropriate over various types of cloud-based applications and mobile apps, where it is not appropriate to access sensitive corporate applications or databases (e.g., via public Wi-Fi or in certain countries, for example), etc. The goal of user education is not simply to create a list of do’s and don’ts, but rather to help gain employee buy-in and adherence to corporate policies. DEPLOY THE APPROPRIATE TECHNOLOGIES Finally, it is essential to deploy the appropriate technologies that will enable organizations to manage BYODA properly. This includes: ©2014 Osterman Research, Inc. 9
  11. 11. Living With BYOD In Your Organization • • • • • • • • • Malware detection and remediation Managing service desk issues Archiving File sharing and collaboration Content inspection Encryption Support for remote workers Monitor systems and network usage Other tools, as appropriate. SUMMARY BYODA is not the future of IT – it is rapidly becoming the norm and most organizations are learning to live with its benefits, risks and the other issues that it raises. However, most IT departments have not yet implemented the tools necessary to fully monitor and support the diverse array of devices and applications that BYODA brings to their organization. Implementing these tools is an essential step toward helping organizations to manage BYODA more effectively and to realize its benefits. ABOUT CITRIX GOTOASSIST Citrix GoToAssist provides easy-to-use cloud-based solutions that enable organizations of all sizes to connect with customers, employees and machines online. With GoToAssist, IT professionals can deliver fast, secure remote support and monitor IT infrastructures from anywhere. GoToAssist is recognized as the worldwide market leader by IDC and ranked highest in customer satisfaction according to TSIA research. To learn more, visit ©2014 Osterman Research, Inc. BYODA is not the future of IT – it is rapidly becoming the norm. 10
  12. 12. Living With BYOD In Your Organization © 2014 Osterman Research, Inc. All rights reserved. No part of this document may be reproduced in any form by any means, nor may it be distributed without the permission of Osterman Research, Inc., nor may it be resold or distributed by any entity other than Osterman Research, Inc., without prior written authorization of Osterman Research, Inc. Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes legal advice, nor shall this document or any software product or other offering referenced herein serve as a substitute for the reader’s compliance with any laws (including but not limited to any act, statue, regulation, rule, directive, administrative order, executive order, etc. (collectively, “Laws”)) referenced in this document. If necessary, the reader should consult with competent legal counsel regarding any Laws referenced herein. Osterman Research, Inc. makes no representation or warranty regarding the completeness or accuracy of the information contained in this document. THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL. i ii iii iv v Schadler, Ted. 2013 Mobile Workforce Adoption Trends. Forrester Research. Feb 4, 2013 Ibid Internally funded survey conducted during 2012, Osterman Research, Inc. ©2014 Osterman Research, Inc. 11