Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

BYOD brings corporate contradictions

Tom Kaneshige | Dec. 2, 2014
CIOs naturally want a BYOD policy in place to give them some level of control, but the reality is that employees will do whatever they want regardless of the policy.

byod keyboard
Credit: Thinkstock

During a roundtable discussion on the Bring Your Own Device (BYOD) trend, a tech leader candidly offered this bit of real-world insight: "My wife is a nurse. There is no BYOD policy at the hospital. But all of the nurses communicate with each other via SMS, because that's the most efficient way to do their job."

It's a good bet that those text messages, which are practically impossible for IT to monitor and record, are out of compliance with healthcare regulations. It's an even better bet that this kind of BYOD-related breach is happening en masse across the country, in virtually every industry.

BYOD Policy Needed but Do They Really Matter?
Organized by Wisegate, an IT advisory service, the roundtable discussion was chock full of contradictions. For instance, CIOs need a formal BYOD policy in place to give them some level of control and, presumably, to cover their butts when something goes wrong. Yet they're quick to point out that employees will do whatever they want regardless of the policy.

This has led many CIOs faced with BYOD to go into "a holding pattern," says Elden Nelson, editor in chief at Wisegate and a former Gartner analyst.

Even standard-fare BYOD practices are running into roadblocks.

A mobile device management (MDM) system is usually the first line of defense to ward off malware on the devices and prevent company data leaks from lost or stolen devices, but MDM has been met with resistance.

For instance, a Wisegate member says his company moved away from ActiveSync's total remote wipe to an MDM solution that identifies and segments corporate and personal data and apps and thus can remotely wipe only corporate data. Sounds like a win for BYOD-empowered employees, right? Wrong. Many employees saw MDM as the secret listening agent on their personal devices.

"There were many comments about a Big Brother approach," the Wisegate member says. "We found the users don't want the company they work for to know what is on their device. Some have chosen not to register with the MDM, either insisting on a company device or not having the access capability at all."

Most Users Don't Read BYOD Policies
Educating and training employees about BYOD policies is tricky business. Policies tend to be like every other IT policy, which is to say, excruciatingly difficult to comprehend. Most people scroll to the bottom of an IT policy, check the agreement box and click "OK" -- all without reading a single word.

"I don't think the users understand anything, because you have to read and learn," says another Wisegate member. "Generally speaking, our society no longer does that very well."

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.