Hold the Phones: BYOD Deserves More Caution

Every new technology and trend deserves a careful look, but one telecommunications consultancy says enterprises interested in savings and user options with BYOD may have “neglected” serious, unique concerns with data and business systems.

In an industry assessment, entitled “BYOD ASAP? Not So Fast,” Grudi Associates pours a bit of cold water on the hot trend of employees using their own devices to access enterprise information.

Grudi Associates is hardly the first advisory firm to sound caution when it comes to BYOD. But Grudi’s report specifically points to the need for real answers on the trends concerning “exaggerated cost savings, security concerns, compliance issues and other pitfalls,” writes President Walt Grudi.

“It is easy to understand why the BYOD concept would have a lot of appeal to cost-conscious occupants of the C-suite, but as usual, there is more to the story than is apparent on the surface,” Grudi wrote. “Cost savings may not be what they appear, and there can be numerous other pitfalls that more than mitigate the potential benefits.”

Security leads as the biggest potential downside to rushing into BYOD acceptance. Control over device security is especially dangerous given the millions of phones lost or stolen annually, and the lack of encryption in much of the data exchanged through devices, Grudi stated. Grudi also deemed the protection of the data on these devices as “nearly impossible.”

Parsing other research figures, the Grudi report also warned that additional security and governance on BYOD cancels out the savings enterprises would have found compared with buying their own phones and tablets. Additional expenses mount from policy administration, monitoring, training and ensuring device compatibility.

Other elements that aren’t always apparent at the start of a BYOD policy include the loss or change in device numbers once an employee is gone, employees falling out of favor with particular devices, or how personal use can butt heads with data and bandwidth limits in phone plans. Down the road, government compliance in certain industries and HR expectations in-house could submarine other aspects of phone use.

Grudi said these seven questions should lead enterprise reviews of formulating BYOD policy:

1. How important is network and data security to your company?

2. Can your existing security systems accommodate BYOD?

3. Can your IT and administrative structure support BYOD?

4. Is your company culture right for BYOD?

5. Does your company have to deal with compliance and regulatory issues?

6. Have you considered all the indirect and hidden costs of converting to BYOD?

7. Do you want a subsidized or zero-contribution BYOD policy?

With those answers, Grudi goes on to recommend that enterprises moving forward with a mobile plan that includes employees’ devices should consider virtual desktop systems for efficiencies and compatibility, a test run of policy on a small group of devices, and outside telecom industry input.

This story originally appeared on the Information Management website.

For reprint and licensing requests for this article, click here.
Core systems Security risk Data security Policy adminstration Compliance
MORE FROM DIGITAL INSURANCE