The consumerization of IT has spawned two linked trends in the corporate space – Bring Your Own Device and Fix It Your Self – as employees increasingly use personal devices of all types and platforms to complete business tasks, and also fix their own devices when something goes wrong. Both trends bring opportunities, challenges, and risks for companies who must decide whether to embrace or resist the change.

Bring Your Own Device

According to a survey conducted by Harris Interactive, over 80% of employees now use personal electronic devices for work-related functions. In the most common scenarios an employee might receive work-related texts on a personal cellphone, develop a PowerPoint presentation on their own laptop, or access email from their home computer.  But many employees are now using personal laptops, tablets, and smartphones to access the corporate infrastructure and data repository, plus downloading corporate apps to personal devices in order to complete work projects.

The new digital workforce is embracing and driving this trend. The line between work and personal business is more blurred than ever as employees check in with their personal and social media throughout the business day, and complete business tasks during their personal time. Today’s digital users have strong platform preferences and insist on using their device of choice at work. They are highly knowledgeable about their devices and adept at researching new and better uses for the devices of their choice.

Fix It Your Self

Today’s digital users also expect to solve their own problems with their personal devices. They pride themselves on their own expert knowledge. They are adept at leveraging shared knowledge, especially on the web, to find solutions to problems. They are not afraid to “try and see” if they can fix it themselves. And when they discover a new technique, they willingly share it with others.

Opportunities

Allowing, even encouraging, employees to BYOD can be a significant cost savings to companies that no longer need to provide cellphones, Blackberries, laptops, etc., to employees. Most managers find that allowing workers to access personal media during business hours actually makes them more productive. And when employees are highly skilled in the use of their digital devices, they can make those devices accomplish even more on behalf of their employers.

Offloading troubleshooting to the device owners reduces IT technical support costs. Costs go down further when knowledgeable owners share their expertise with other users in the company.

Risks

The primary risk of BYOD and FIYS is lack of security. The Harris Interactive poll found that 30% of workers who access corporate email or data have done so over public Wi-Fi networks. 35% do not turn on auto-locking on their device (meaning that access to the device is not password protected in case of theft).  Almost 50% of BYOD users have allowed non-employees to use personal devices with access to corporate data, and 25% have experienced malware or hacking on those devices. Harris further found that two-thirds of companies that allow BYOD have not developed mobile device management (MDM) policies to address the security issues.

A second risk is increased costs. While transferring device purchasing and troubleshooting to employees can save money, providing secure MDM across every platform and device can cost more in the long run. In addition, when companies reimburse employees for personal device purchases and data plan usage, they lose the volume discounts that they used to negotiate for corporate devices and data plans.

Finally, misguided troubleshooting by laypeople can lead to very dead devices that might then be unavailable for critical work tasks.

Challenges

Seizing the opportunities of BYOD while addressing the risks creates new challenges for corporate IT:

• IT departments have traditionally concentrated on infrastructure-wide solutions to leverage volume purchases as a cost-saving measure. Today, IT departments must look for device- and platform-independent solutions.
• Security systems in the past focused on device- or location-based access. Security now must be device, platform, and location independent.
• The IT support paradigm has assumed that skilled IT workers would solve problems for less-knowledgeable workers. Now, IT must educate employees about WHY critical issues, especially security, must be addressed but not necessarily HOW to implement them on individual devices.
• Instead of providing hands-on troubleshooting, IT must now provide forums for digital users to share their own troubleshooting knowledge.

Recommendations

Harris makes three recommendations to reduce BYOD risks:

• Provide cybersecurity training to all BYOD employees including physical security, WiFi security, and social engineering attacks.
• Make password-protected auto-locking a requirement on personal devices used for work and make sure employees know what makes a password strong.
• Develop and enforce a clear, written policy that lets employees know what work-related data they may access with their own devices.

Tellingly, these recommendations emphasize training users on the REASONS for concern; Harris recognizes that the implementation of security policies may stay in the hands of the user.

The Future of BYOD and FIYS

If the past reflects the future, BYOD and FIYS will not go away. Dion Hinchliffe, executive vice president of strategy at Dachis Group and keynote speaker at the 2012 Consumerization of IT in the Enterprise Conference and Expo, or CITE, “We’re just a couple years away from the consumerization of IT being the dominant model.” Corporations must be ready to address the risks of BYOD and FIYS in order to maximize the benefits.

The good news is that the IT industry is stepping up to provide cost-effective and secure mobile device management solutions. Phoenix Technical Publications recently completed a white-paper for Fiberlink articulating the benefits of their MaaS360 product line. MaaS360 provides single-window support and management for the entire enterprise including desktops, laptops, tablets, and smartphones that are corporate- or employee-owned, and implementing Microsoft Exchange/ActiveSync, Lotus Traveler, Gmail, or Active Directory, plus any required certificate authorities.

Companies utilizing these new technologies and paradigms can embrace the consumerization of IT to bring increased productivity at lower costs without jeopardizing corporate security.