Data & Analytics

04:19 PM
Connect Directly

Five Bad Arguments for Bring-Your-Own-Device

BYOD advocates offer compelling reasons to adopt the policy within the insurance enterprise, but CEB TowerGroup research director Jason Malo says that none of the arguments hold up.

Jason Malo
Jason Malo, CEB TowerGroup
Bring-Your-Own-Device (BYOD) is all the rage these days. Companies see several potential advantages to adopting the policy, and research has been cited to support it. For example, a study by Redwood Shores, Calif.-based enterprise Wi-Fi access firm iPass found that a third of mobile enterprise workers never fully disconnect, and that many employees are working up to 20 additional hours per week unpaid as a result of BYOD policies. But CEB's TowerGroup research director Jason Malo disagrees. "Everybody's saying 'How do I do it?' I say, 'Don't.'"

Insurers and other financial services industry companies are under increasing pressure to protect sensitive information, and adopting BYOD means adopting unnecessary risk, Malo warns.

"You can maintain and update a mobile strategy to get the benefit that mobile devices bring to the enterprise," he asserts. "Why would you adopt BYOD when you could simply extend your current mobility plan and start to issue these devices?"

Advocates of BYOD have an answer. They offer five arguments in favor of the policy that at first glance seem compelling, according to Malo:

Cost Savings: BYOD advocates reason that if people buy their own devices, the company won't have to — all it will have to do is hook them up. The result is definitive ROI.

Productivity Gains: As the above-cited iPass study demonstrated, people remain connected and effectively become workaholics, always available for their employer.

People Don't Want to Carry Multiple Devices: Nobody wants the inconvenience of carrying around redundant devices.

Millennials Demand BYOD: However newfangled it all might seem to the old dogs, newer workers simply won't accept a work environment that denies them the convenience of BYOD.

Employees Will Find Their Own Way: No matter what security policy a company puts in place, employees will find a way to circumvent it and use the device of their choice — so you might as well embrace BYOD anyway.

As powerful as any or all of these arguments may seem, none hold up against scrutiny, Malo insists.

Employees may be considerably more productive when using mobile devices, but that's a result of mobility, not of BYOD specifically, Malo insists. "it's not about whether it's their device or not," he says.

Having the employee pay for their own device sounds great, but it's not the deal it appears to be, Malo cautions.

"You do have to pay to ensure that the corporate aspects of the device are separated from the personal aspects, so companies are trying to figure out how to virtualize the company component," he says.

Malo cites Boston-based Aberdeen Group research that found that companies' BYOD costs were about $99 per month as compared to non-BYOD costs of $85.

"BYOD is more expensive because you have to do all the same maintenance and management, but you now have to do it virtually," Malo explains. "You also need to figure out not only how to secure the data for normal use but also how to erase data when a device is lost or traded in."

As for people not wanting to carry multiple devices, Malo says the claim is simply not true. Recent research by Stockholm-based telecom company Ericsson found that global mobile penetration was 87 percent in Q1 2012, totaling 6.2 billion, but the actual number of subscribers is only about 4.2 billion.

"People love to talk about how mobile devices will soon exceed world population, meaning that every person has at least one. But in many regions of the world few adults have mobile devices, let alone children," Malo notes. "The statistics show ownership of mobile devices is 1.2 to 1.4 per user, so the claim that people don't want multiple devices is bunk."

Millennials are accustomed to newer technology, but in the current economy their job prospects aren't great, so they are not in a position to make demands, Malo says. In any case, it is senior management, not new employees who have driven the use of personal devices in the enterprise, starting with Blackberrys, he asserts.

"Everybody has heard a story about a CEO getting an iPhone for Christmas an insisting it go on the network, but there's data to support the anecdotal evidence that senior management is driving the trend," says Malo. “According to the CEB Global Employee Data Survey, senior-level employees are nearly twice as likely to be early adopters of 'consumer' devices as Gen Y employees.”

Finally, Malo acknowledges that employees may be prone to finding ways to circumvent security measures, but he asks, in effect, "Why make it even easier?" "All security provisions have their weaknesses, so that can never a reason not to implement it," Malo advises. "Weakening your security outlook is not going to help."

Anthony O'Donnell has covered technology in the insurance industry since 2000, when he joined the editorial staff of Insurance & Technology. As an editor and reporter for I&T and the InformationWeek Financial Services of TechWeb he has written on all areas of information ... View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Granite State Hacker
Granite State Hacker,
User Rank: Apprentice
8/13/2015 | 9:31:23 PM
Pending Review
This comment is waiting for review by our moderators.
User Rank: Apprentice
9/12/2012 | 2:34:12 AM
re: Five Bad Arguments for Bring-Your-Own-Device

I think you raise 5 important issues with BYOD, but it doesn't matter how many there are, BYOD is going to take over, and IT departments will have to deal with it. Some will take large scale approaches, and other will use app like Tigertext (HIPAA complient text messaging) and others to create secure BYOD policies.

At the hospital I work at, we have the burden of meeting HIPAA requirements, particularly since many doctors send and receive patient info via text messaging on thier BYOD phones.

This opens the hospital to HIPAA related lawsuit if the doctor loses their phone or it is hacked. If we are inflexable, then the doctors will not be able to handle as many patients, since texting patient info speeds things up.

In order to deal with the issue, we got the doctors to use Tigertext, which deletes the text messages after a period of time, making it HIPAA compliant.

I don't know if this is the best solution for everyone, but it was an easy and cost effective way to deal with this issue. It was added to the IT departments responsbilities, but once the departments business objectives where redefined on this issue, they were able to handle it better.

The BYOD issues that IT departments are dealing with are only going to become more complex in the future and your article raised some important points.

I also found this article on BYOD that adds to your article with some additional charts and findings:

Register for Insurance & Technology Newsletters
White Papers
Current Issue
Insurance & Technology Digital Issue
Innovation? Check. Core modernization? Check. Security? Check. Today's insurance IT challenges don't stump this year's Elite 8.