Thursday, October 18, 2012

BYOD Policies – More than an IT Issue Part 3: Economics

#BYOD or Bring Your Own Device has moved from trend to an permanent fixture in today's corporate IT infrastructure. It is not strictly an IT issue however. Many groups within an organization need to be involved as they grapple with the risk of mixing personal devices with sensitive information.  In my opinion, BYOD follows the classic Freedom vs. Control dilemma. The freedom for user to choose and use their desired device of choice verses an organization's responsibility to protect and control access to sensitive resources. While not having all the answers, this mini-series tries to ask many the questions that any organization needs to answer before embarking on a BYOD journey.

Enterprises should plan for rather than inherit BYOD. BYOD policies must span the entire organization but serve two purposes - IT and the employees. The policy must serve IT to secure the corporate data and minimize the cost of implementation and enforcement. At the same time, the policy must serve the employees to preserve the native user experience, keep pace with innovation and respect the user's privacy.  A sustainable policy should include a clear BOYD plan to employees including standards on the acceptable types and mobile operating systems along with a support policy showing the process of how the device is managed and operated.

Some key policy issue areas include: Liability, Device Choice, Economics, User Experience & Privacy and a trust Model.  Today we look at Economics.

Many organizations look at BYOD as an opportunity to reduce some costs. Clearly, not having an equipment cost - $200-$600 per-device - can add up depending on the company's size. It might also make financial sense for a smaller company with few employees. Since the phone is owned by the employee, then they are probably responsible for the bill every month. Depending on their personal contract/plan, excessive charges could arise due to the extra minutes used for work related calls. Often, monthly charges are fairly consistent with established plans, and while there are times when the bill is higher due to an incidental charge to some other overage, many people fail to review their phone bill when it arrives. BYOD could force employees into a higher monthly service plan but it also gives users visibility into their usage, if for instance, the corporate BYOD policy allows for reimbursement. This can drive personal responsibility for how they use their minutes.

While BYOD could reduce the overall expenditure for IT issued devices and many organizations report employees are happier and more productive when they are using the device of their desire (an enablement tool), there might be other areas that costs could increase.  While the employee does spend their own money on the device, there are certainly enterprise costs to managing and securing that device.  There could also be a snag however when it comes to licensing.  Does BYOD also require Bring Your Own License?  In many instances, this is an area that IT needs to keep an eye on and often the answer is yes. 

Some of the most common enterprise software licensing agreements require licensing any device used "for the benefit of the company" under the terms of the enterprise agreement.  That often means that all those BYO devices might require a license to access common corporate applications.  This also means that even if the user already has a particular license, which they purchased on their own or it came with the device, the organization might still need to license that device under their enterprise software agreement.  This could diminish any cost savings from the BYOD initiative.  There are solutions to such as using alternative products that are not restricted by licensing but, those may not have the key features required by the workforce.  IT needs to understand if their license agreements are per-user or per-device and what impact that may have on a BYOD policy.

A few questions that the Finance department should determine is: Should the company offer users a monthly stipend? How is productivity measured?  Will the management and security cost more than IT (volume) procurement?  What are the help desk expenses and policy about support calls. There certainly needs to be discussion around mobile app purchase and deployment for work use. Are there any compliance, additional audit costs or tax implications with a BYOD initiative?

As part of the BYOD Policy the Economics Checklist, while not inclusive, should:

· Investigate the effects of a BYOD reimbursement plan on your ability to negotiate with wireless carriers

· Consider putting logging and reporting in place to monitor after-hours use

· Incorporate a “help desk as a last resort” guideline into your employee BYOD social contract

· Estimate costs for any increased need for compliance monitoring

· Ask Finance about tax implications (cost or benefit) of a BYOD policy

 

ps

Related

Technorati Tags: F5, data breach report, threats, Pete Silva, security, malware, technology, smartphone, cyber-threat, social engineering, attacks, virus, vulnerability, web, internet, cybercrime, identity theft, scam, data breach

 

Connect with Peter:

Connect with F5:

o_linkedin[1] o_rss[1] o_facebook[1] o_twitter[1]   o_facebook[1] o_twitter[1] o_slideshare[1] o_youtube[1]

No comments:

Post a Comment