I still remember the day like it was yesterday: the day after Father’s Day 2011. It started off as any other Monday in IT with the usual calls to help with a forgotten password or the “I can’t get logged in” call to our support center. But this day, there was a new frequent request: “I got an iPad 2 for Father’s Day. Can I connect it to our network and get my calendar and email?”
Seemed like a simple enough request -- and even simpler to answer: NO! We don’t allow personal devices on our network! By Thanksgiving we were underwater with tablet and smartphone access requests and with Christmas coming we knew we had to get ahead of the Tsunami.
Now it’s 2015, and we have learned so much about BYOD, or “Bring your own device.” We still say NO!
Well, sort of …
We didn’t always say no. First, no one was doing BYOD back then. We had email on our Blackberries and a few had personal BBs that were on our Blackberry Enterprise Server. But with smarter devices and proliferation imminent, potential legal, risk and security concerns needed to be resolved. There had not been any reported corporate losses or notable security breaches. But we didn’t want to be the trailblazers on BYOD – and those were reason enough.
Still, employees clamored for the perceived personal productivity benefit and presumed this whole “consumerization” thing would make it a benefit to the business, too. After all, it allowed anyone to bring in anything they wanted, and the company would get out of buying phones and laptops. “Just give them a stipend,” shared one SVP. “Now I can get on the same cell provider as my family plan,” shared others.
Sweet, right? Not necessarily!
Risk / Reward
Our risk and security teams began to offer up opinions. “We can’t allow those ANDROIDs in here. They don’t offer the security level we demand.” Our outsourcing providers began grumbling, “How can we offer an SLA on a non-standard computer or Apps?” They threatened to increase the price or, worse, deny service. Our colleagues in the technology world were all saying, “We just let our people come with their own device,” offering higher SLAs on company-provided equipment, but others were “on their own.” After all, everyone has become tech savvy and dosen’t need support. But on balance, the business benefits were quickly fading.
Then finally the breakthrough we were looking for: Mobile Device Management (MDM). All the stars began to align and mountains moved, and IT, legal, HR and audit all came together in a form of BYOD World Peace. “We’ll just solve this by buying MDM,” we all thought. How much could that cost?
Hold the train!
Now, I am not going to make any fans in the MDM world here … but paying for MDM seemed to be a bridge too far. We get all the benefit of letting our customers choose the device they want to “let the market decide” the winner of the device wars, but NOW we have to pay for enabling our users to use the device properly?!? NO THANKS! Next subject!
Still, pressure continued to mount, with people throughout the business urging us to adopt BYOD. “Everyone is doing it,” they said. Well look, I told them, we are not “everyone.” We aren’t a hi-tech firm with thousands of mobile workers. We make yummy drinks and put them on store shelves, in vending machines, coolers and fountains. Most of our smartphone users sit at a desk all day. But, we dutifully reviewed all the usual MDM providers and ultimately picked one.
Next we agreed to pay their annual premium and put together a company policy all users had to sign acknowledging they knew the “rules of the road.” Let the BYOD Begin!
Not so fast!
Within days, users complained about our use policy being too restrictive. They were afraid to sign because it sounded like if they abused the privilege we would be free to delete their personal photos or their bank passwords. They were right! We would! Our remote wipe design was definitive and thorough. It’s what we had to do to be secure.
“We just let our people come with their own device offering higher SLAs on company-provided equipment but others were on their own”
Furthermore, people were concerned with their privacy. We actually had users worried we would be watching their home security or nanny-cams! Geez, we sell soda! We don’t have the technology, time or desire to watch over your lives. We just want to effectively manage our risks in a fast evolving mobile marketplace!
We actually started looking to spend more on containerization and other ways to segment our data from personal. Really, we did!
Today, we don’t support BYOD in its purest sense as an alternative to company provided devices to access our network. But we DO permit users to bring personal devices and only grant access to Microsoft ActiveSync and Webmail. We also remind them of the Computer User Policy they all sign upon employment.
You may feel otherwise about your company, but most of our more than 19,000 employees do not use a mobile device for work, and most are not provided a company device. If you do have a largely mobile device-carrying workforce maybe you should go further and adopt BYOD with all the trimmings. We do require users with their own device to download an App that’s installed on company-provided devices. This way we own security while paying the MDM piper for the time being.
The result? For us, it’s largely happy users, happy IT -- and a happy company. We continue to be very thoughtful about the value of BYOD to our business, but for now you can call us “BYOD-ish.”