Bank BYOD is here to stay: Deal with it

Make no mistake: Lots of companies do like it.

"BYOD strategies are the most radical change to the economics and the culture of client computing in business in decades," says David Willis, vice president, Gartner. "The benefits of BYOD include creating new mobile workforce opportunities, increasing employee satisfaction, and reducing or avoiding costs."

But there's a lot to not like about it, namely security concerns.

"Workers who use their smartphones for work have inconsistent security habits," says Cisco. It finds that 40% of BYODers in general don't password-protect their phones, while 52% say they've accessed unsecured wifi networks with their devices.

Whatever. It's here to stay. Depending on the source, the majority of workers already do use their own devices for work purposes. Cisco says 90%. CTIA-The Wireless Association says more than half. CompTIA also indicates more than half. Gartner goes so far as to predict that by 2017, half of all employers actually will require employees to supply their own device for work purposes.

Cisco gets more specific regarding the banking industry. It finds that more than 83% of bank employees polled say they use their smartphones for work purposes. At the same time, 67% of these bank employees claim that their smartphone is password protected, only a little higher than the national average of 60%.

This tension between utility and security will prompt severe head-scratching in corporate headquarters for some time to come.

On the one hand, as Gartner points out, "BYOD drives innovation for CIOs and the business by increasing the number of mobile application users in the workforce. Rolling out applications throughout the work force presents myriad new opportunities beyond traditional mobile email and communications. Applications such as time sheets, punch lists, site check-in/check-out, and employee self-serve [human relations] applications are just a few examples. Expanding access and driving innovation will ultimately be the legacy of the BYOD phenomenon."

CompTIA provides a supporting perspective. "As employees bring their own mobile device into the workplace, they also want to bring their own applications and services. As a result, the field of mobile device management is rapidly shifting to include mobile application management," it says.

Yet even here there is tension. "However, the business case for BYOD needs to be better evaluated," says Willis. "Most leaders do not understand the benefits, and only 22% believe they have made a strong business case."

On the other hand, regarding security, CTIA has these troubling statistics: Consumers whose devices were lost or stolen were more likely to use PINs or passwords than those who didn't have their devices lost or stolen (69% to 47% respectively), but were no more likely to take any other proactive actions, such as remote locking, tracking, and/or erasing apps (45% to 41 percent respectively).

Left to do the math, it's easy to see the hefty percentages of people who don't do anything to protect their devices.

In this case, Cisco provides a supporting perspective. "If a security issue were to arise, 86% of workers say their employers can't remotely wipe their device's data. That includes if the device is lost or stolen. As most devices are privately owned, this isn't surprising. However, given the fact that so many smartphones are used for work purposes, this could prove problematic."

Slowly, though, an undercurrent can be detected about how to approach this conundrum, and that is the idea of concentrating on protecting corporate data, followed by doing as much as possible to secure the device.

"Rather than focus on the device level, companies will need to assess the specific needs of their work force and match the device," says Seth Robinson, director, technology analysis, CompTIA. "For maximum benefit, work flow changes will need to be considered prior to evaluating work force needs. But this is not a trivial matter and companies will need to weigh the cost of operational disruption and change management against the potential advantages."

Gartner's Willis provides this prospective: "We're finally reaching the point where IT officially recognizes what has always been going on: People use their business device for nonwork purposes. [And] they often use a personal device in business. Once you realize that, you'll understand you need to protect data in another way besides locking down the full device. It is essential that IT specify which platforms will be supported. What service levels a user should expect. What the user's own responsibilities and risks are. Who qualifies. [And IT needs to] provide guidelines for employees purchasing a personal device for use at work, such as minimum requirements for operating systems."

In a separate report, Marcus Blosch, research vice president at Gartner, offers five recommendations for businesses to deal with consumerization:

• Get out in front of the business-Harness the employee interest in consumer devices and applications, using it as a hook to engage with the business to brainstorm and create and offer solutions around collaboration, sourcing, distribution, marketing, support, incentivization, and other areas.

•  Offer advice on technologies and trends-Provide roadmaps to the business, suggesting when and how key technologies should be adopted.

•  Build an architecture for consumerization-License/authenticate people, not devices. Become endpoint independent. Standardize on data formats, not applications or tools. Move data away from devices and into the cloud, and protect it well.

•  Lay the foundations-Be clear on the business outcomes that need to be achieved and the architectural features needed to achieve it. Endpoint or device independence is going to be increasingly important to effectively achieve core business outcomes in an environment that is increasingly consumerized.

•  Provide project-specific advice-Offer problem solving while providing expertise on risk management and recommended architectures and approaches.

Sources used in this article include:

BYOD Insights 2013: A Cisco Partner Network Study (Free but requires registration)

Beyond BYOD: Sweeping Changes Required to Capture Full Benefits of Mobility, New CompTIA Study Concludes

Wireless Consumers Aware of Cyberthreats and Know They Should Protect Themselves, Yet Many Don't

Majority of Employees Use Personal Mobile Devices to Access Work Data Regardless of Company Policy

Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own Device for Work Purposes

Gartner Identifies Five Actions for Enterprise Architects to Harness the Disruption of Consumerization