Just a few years ago, there was a clear divide between employer-owned, work-related devices and user-owned personal devices. But as more and more employees bring their own notebooks, tablets and smartphones for work and for personal purposes, that divide is shrinking and in some cases, shattering.
According to a 2013 study by Gartner, approximately 33 percent of companies currently have bring your own device (BYOD) policies in place for smartphones, while 47 percent have BYOD policies regarding tablets. While these numbers may seem somewhat conservative, Gartner predicts that 38 percent of organizations will abolish employer-furnished devices entirely by 2016, while only 15 percent will avoid BYOD.
By allowing employees to invest their own resources in the devices and/or platforms of their choice, BYOD poses potential cost savings for an organization and promotes a more efficient and readily-available employee. However, BYOD poses significant challenges to an organization. Many IT departments, legal teams and compliance officers are struggling to find a balance between the needs and desires of individual employees, and the regulatory and organizational information governance requirements.
Increasingly Mobile, Increasingly Complex
The bevy of unique challenges posed by BYOD stem from mobile devices like smartphones and tablet computers. Although these devices were once considered inferior to the personal computer (PC) for content creation, exponential growth in technical specifications and a widely expanding universe of applications make these mobile devices formidable options to replace the PC. The numbers back this up: 968 million smartphones and 195 million tablets were sold in 2013, and Gartner predicts that tablets will outsell PCs as early as 2017.
BYOD represents a monumental shift from existing practices for data security, device management and information ownership. On the data security front, IT executives are primarily concerned about the increased risk of a breach. The increased numbers of connected devices -- and the greater variety of operating systems connected -- makes it much more difficult to monitor who is accessing which network and what they are looking at.
Another major concern lies in the sheer number of devices leaving the workplace regularly. A single device can contain thousands, if not millions, of confidential records. The rising cost of a data breach poses a pricey risk in the event that a mobile device containing sensitive corporate data is lost or stolen.
The BYOD trend does not easily mix with existing information governance policies. For highly regulated organizations, the threat of an audit is always looming, and failure to comply often proves expensive. Personal mobile devices prove particularly problematic due to the amount of personal and corporate data that is mixed on these devices. Ensuring that the individual understands the duty to preserve corporate data can prove difficult, and separating personal and corporate data is no easy task.