BYOD - who carries the can?

7/29/2019 BYOD - who carries the can?

1/16

Copyright Quocirca 2013

Rob Bamforth

Quocirca Ltd

Tel : +44 7802 175796

Email: [email protected]

Clive Longbottom

Quocirca Ltd

Tel: +44 118 9483360

Email:[email protected]

BYODwhocarriesthecan?Balancingthecosts,risksandbenefitsofbringyourowndevice(BYOD)

March2013

Thereisatrendamongemployeestowanttousetheirpersonalchoiceof

mobile device in the fulfilment of their work commitments. While this

appearstobringmanybenefitsfortheemployeetoselecttheirpreferred

device or devices and, on the face of it, reducesupfront costs for their

employer, it does introduce significant on-going costs and risks for the

organisation. However, with many appealing mobile consumer devices

beingoffered,thetrendislikelytoincrease,soorganisationsneedtoworkout suitable strategies and policies to manage this complex and hybrid

situationinthebestinterestsofboththemselvesandtheiremployees.

FirstpublishedinJune2011withthetitleCarryingthecan,butnowupdatedtoreflectrecentindustrytrendsandchanges.


2/16

BYOD who carries the can?

Quocirca 2013 - 2 -

BYODwhocarriesthecan?Balancingthecosts,risksandbenefitsofbringyourowndevice(BYOD)Consumertechnologiesandattitudesarerapidlyenteringtheworkplace.Organisationsmustdevelopaworkableandefficient

strategy fordealing with three major issues surrounding employee use of smart mobiledevices deviceconsumerisation,connectioncontractsandpayment,andthesecuremanagementofcontentorapplications. Thebalancebetweenwhatisownedand providedby thebusiness versus what isintroducedbythe employee (i.e. BYOD bringyourowndevice)needs careful

consideration.Overall,thisisoftenreferredtoasevaluatingwhethermobiledeploymentsarecorporate-liableoremployee-

liable,whichthisreportwillexplorefurther,alongwiththeimplicationsfortheorganisation.

Mobileworkingisno

longeraminority

activity

Fasterandubiquitousconnections,combinedwithsmartersmalldevices,havenotonlymadeit

possibleforworkinvolvingITaccesstobeconductedawayfromthedeskbutalso,withanew

generationof touch screen tablet devices, it is almost mandatory.These technologies have

become ingrainedinconsumerbehaviourthroughthewidespreadacceptanceanduseofthe

internet and social media. Organisations are no longer dealing with a handful of individual

roadwarriors,butawholearmyofmobileworkerswithdifferentexpectationsandneeds.

Touchscreentablets

arepopularforhomeandwork

Whetherthisisanalternativetoalaptoporsimplyanextramobiledevicedoesnotmatter,

tabletsbringaninformalapproachtoaccessingcontentandcommunicatingthatcouldaddto

securityrisks.The factthatmanyindividualswillalreadyhaveoneforpersonalusewillmeanthatthisclassofdeviceisaverylikelycontenderforabringyourowndevice.Ontheflipside,

corporate-issuetabletsareverylikelytohavepersonaluse,soeitherwayitwillbeimportant

tounderstandhowtheyfitintothecorporatemobilestrategy.

Consumerisationof

ITmeansusershave

strongopinionsand

wanttochoose

Technologywasoncemoreadvancedintheworkplacethanathomebut,formanyworkers,

thisisnolongerthecase.NotonlyhasconsumerITbecomepervasive,itissimplertouseand

appealing.Individualsbuyconsumertechnologytomatchtheirpersonaltaste,style,imageand

aspirations,andwouldliketheirworkoptionstomatchtheirconsumerpreferences.Onegroup

of employees in particular, senior executives, sometimes use (or abuse) their position to

compelITdepartmentstoallowthesepersonalchoicestobebroughtintotheworkdomain.

Savingsindevice

purchasingmaskcontractissuesand

hiddencosts

Havingemployeesbuytheirowndevicesmightbringpotentialupfrontsavings,butthereare

unexpectedconsequencesforhighercostselsewhere.Organisationsneedtobeclearthatthey

understandwhatthesearesuchaswhatnetworktariffsarebeingused,whatistheimpactonsoftwareandsupport,aresomepeopleunabletofunctionproperlybecausetheirchoicesare

incompatibleinsomeway(e.g.withtheirrole,orwithotherusersorothertechnologiesused

inthebusiness)?

Consumerattitudes

tomobileappsand

contentintroduce

risks

Thereisnopointtryingtoturnablindeyeorignoringtheinevitable.Mostorganisationsare

probablyunawareof thenumberofconsumerdevicesthatemployeesuseforworkpurposes

orwhatpersonalusetheymakeofcorporatenetworkresources.Whiletheorganisationmight

notwantto,forexample,blockaccesstosocialnetworkingandcloudbasedpersonalstorage

orfriskemployeesformemorysticks,itdoesneedtounderstandwhatishappening,assessthe

exposuretorisk,andputinplacesuitablepoliciesandprotection.

Theorganisationhas

tomonitorandkeep

alevelofcontroleitherway

Whether mobile devices are company ownedor employee owned, if they are used on the

organisationsnetworktoaccesstheorganisationsassets,theorganisationhasaresponsibility

tomeasure,checkandprovidesafeguards.Thisisnotonlytosecuredata,butalsotosecure

thebestvalueforthelowestoverallcosttotheorganisation.Donewell,thiswillnotconstrain

theemployeebutwillbenefitthem.

Conclusions

Therealityisthatthisisnolongeranissuetoavoid.Employeeswillhavetheirownmobiledevicesandmanywill,attimes,wantto

usethemforworkpurposes,evenifonlyoccasionally.Thisconsumerisationofdeviceisnotthesameasdealingwithnetwork

contractsorbilling,butisoftenconflatedwiththembuttogethertheyhaveawiderimpact.Dealingwiththeissuesthisraisesis

somethingallorganisationsshouldaddressnowiftheywanttoavoidcostsandsecurityrisksovertime.


3/16


Quocirca 2013 - 3 -

Introduction-themobiledevicedilemmaTimetopackupthedesk

Predictingthedemiseofthedeskhasbeenabitlikepredictingthepaperlessoffice.Whilegreatintheory,thereare

manyconstraints,oftenpersonalandsocialratherthantechnical,whichmakestherealitysomewhatmorecomplex

toachieve.However,thecomfortandattachmenttowood,aluminiumandgenerallycheapveneeriswearingthin

foranumberofreasons,somedrivenbytheorganisationbut,perhapsmoreimportantly,manyothersdrivenbythe

individual.Mobileisbecomingadefaultandacceptedwayofworking.

Everyonehasnot suddenlyadopted thefullynomadicworking styleof aroadwarrior,salesrepor field service

engineer,butwhilemostbusinessactivitiesaredependentonaccesstoIT,thisisnolongeranactivitythatrequires

participantstositatadedicatedplacetousetheiraccessdevice.Mobileworkingformanyistheflexibilitytowork

anywherein the office,just asmuch asforothers itmightbewhile drivingdownmotorways, sitting inairport

loungesorlogginginfromastudyathome.

Theadvantagesforthebusinesshavebeentrumpetedforsometime;thepotentialtodownsizerealestateand

lowercostsoffacilitiesorofficespaceandboostproductivity,effectivenessandresponsivenessofemployees.The

formercanbeimplementedwithflexibleofficeandhot-deskingprogramsandrenegotiationofrentsorthesaleof

assets,butthelatterdependsheavilyonthecommitmentoftheindividualemployee.

Consumerisationofmobiledevices

Whereasoncethissortofcommitmentwashardtostimulatewithcorporateissuelaptopsandmobilephonesbest

suitedtoroadwarriorsandyuppies,thepervasiveconsumeradoptionofsmartphones,tablets,theinternet,social

networksandnewshinydeviceshavemademobiletechnologydesirable.Onthefaceofit,thismightmakeeffective

mobileworkingeasiertoachieve,butitintroducesmanycomplexities.Thesestemfromtheincreasingnumbersof

mobiledevicesbeingusedbyemployeesasconsumersandahugevarietyofdevices,eachwithdifferentbrandand

styleappeal.

The desktop, laptop and mobile phone are rapidly

being overtaken by smartphone and tablet form

factors-touchscreendeviceswiththeconvenienceof

mobile phones, the compute power of laptops but

simpler usability than traditional desktop computers

(Figure1).

Partoftheswingtowardssmartphonesandtabletsis

duetothesignificantconsumersuccessofAppleandAndroid platforms, but even the more corporate

MicrosoftandBlackBerrybrandshaveadoptedamore

consumer oriented stance in their marketing

messages. All of these devices capitalise on ease of

use, internet connection and the availability of large

numbersofcheaporfreeapplications.

Theydeliverasocialandmediaconnectiononthemovewhichissoappealingthatmostdonotwanttolosethis

lifestyleaccessorywhileatwork.Thisleadstoasignificantincreaseintheamountofmobiledatausage.


4/16


Quocirca 2013 - 4 -

Organisationalcontrol

Herein lies theproblem. Consumers have becomeardent fans of the technologiesthat might make themmore

productiveasemployees,buttheyareunlikelytowanttohavelesscapabledevicesfortheirwork,berestrictedas

towhich services they canaccess,orbekeen tocarrymultiple devicesfor homeandwork. Theylikethe BYOD

opportunity tohave their personalpreferenceand individual choice.However, theorganisation needs to retaincontroltoensurethesecurityofitsITassets,protectitsliabilitiesandmanagecosts.

Onthefaceofit,adoptinganindividual-liableapproachcouldbeofsignificantvaluetotheenterprise,bysimplifying

orremovinganumberofdifficultissues.Indeed,ifthiswerejustaboutthepurchaseanduseofstandalonetools,

passingtheresponsibilitytotheindividualwouldbeveryworthwhile.Thecomplexityfortheenterprisecomesfrom

thefactthatitisnotsimplyaboutthedevice,butanumberofinterlinkedfactors:

- Hardwarenotonlythecostofbuyingthedevices,butalsoperipheralsfromearphonesandBluetooth

headsets to docking stations and chargers. Most of these are very personal and will depend on the

individual, so providing a standard issue set that would work for all would be expensive. Over an

employeestenuretheremaybeupgrades,replacementsandcompaniondevicesrequired.

- Applicationseventhesmallestmobilehandsetshavesignificantcomputepowerandstorage,andcan

downloadanythingfromringtonestofullblownapplications.Mostemployees,whetherusingacompany-

issued or personally acquired device will want some non-corporate applications. These might be

unofficial,butstillusefulfortheirdaytodaywork,suchasfortraveltraintimetables,airlinedeparture

apps,currencyconversionornoterecording,reminders,shipmenttrackers,etc.

- Networksnolongersimplybusinessphonecalls,butamixofpersonalandworkactivitiesthateatinto

data, minute and text tariff pools. SIM swapping from corporate feature phones to employee-owned

smartphonesisbecomingamajorissuenowthatallSIMsaredata-capableanddatausageoutsideofa

propertariffwillincurlargepay-as-you-gocharges.Whatshouldbepermitted,bannedorpaidforbythe

employee? While tariffs have been slowly falling over time, usage is rising and, with a varied mix of

applicationsonamyriadofdevices,inanunpredictableway.Measuringworthandcostofnetworkuseisnowverycomplex.

- Personal cloud since employees as consumers have become familiar with using several devices in

differentcircumstances,e.g.atabletwhilerelaxingathome,amobilephonewhiletravelling,aPCatthe

desktoptheywanttosharesomeinformationacrossallofthem.Theyalsowanttosharewithfriendsand

colleaguesandtogetherthishasledtogrowinguseofpersonalcloud-basedstorageservicesamemory

stickinthecloud.Thisisarealsecurityanddataleakagechallengefororganisationstodayandovertime,

theseserviceswillstarttocomeata price,andtheremaybecoststhatbecomevisibleonlyonexpense

claims.

- Usagenotonlyarenetworkresourcesconsumedinacomplexway,butsotooistime.Mobiledevicesare

oftenjustifiedbasedonproductivitygainsandresponsiveness,buthowmuchmoretimeandefficiencydoindividuals lose by not paying full attention due to legitimate interruptions, alerts or entertaining

distractionsfromtheiralwayson,alwaysonlinemobilecompanions?


5/16


Quocirca 2013 - 5 -

Impactofemployeechoiceoncost

Theshifttowardsanemployee-liableapproachisoftenjustifiedalongthefollowinglines.Employeesalreadyhave

their ownpreferencesofmobile devicesas consumers,andallowingthem toexercise that choice forwork willcreatelessfrictionandmakeiteasiertorecruitsuitableemployees.Itwillalsothensavetheorganisationfrom

havingtheupfrontcapitalcostformoreexpensivepiecesofhardware.

However,itisamistaketoconfuseemployee-liabilitywithconsumerchoiceofmobilehardwarethereareother

issuestoconsider,andthesebegintohighlightwheresomeofthebroaderimpactwillbe.Organisationsneedto

considerhow fartheywantto bealong thescaleof handingover mobile liabilitiesto individuals. Withcellular-

connectedmobiledevices,thereisaspecificareaofcostthatmustbebornewhoeverprovidesthehardwarethe

mobilecontract.Thishasconsiderableramificationsforbothindividualandorganisationasalthoughvoicecallsand

textmessagesarebeingofferedinevergreaterbundles,capsandextracostsarestartingtoappearonwhatwas

once all-you-can-eatmobile data plans. Mobile data expectations anddemands through increasing useof apps

especiallyforpersonalinadditiontobusinessusearegrowingrapidly.Thecontracts,tariffsandwhopayswhatfor

business and personal usage are still major factors in determining the actual lifetime costs of corporate- oremployee-liableapproaches.

Contract Device Payment

CORPORATE

Completecorporateliability

CHOICE

Corporateliability,withconsumerisation

CHARGED

Corporateliabilitywithend

userpayment

CONSEQUENCES

Corporateliabilitywith

consumerisationandpayment

PERSONALCompleteindividualliability

Doesresponsibilitylie,withtheorganisation

ortheindividual?

Thereareothercostimpactsontheorganisationdependingoniftheindividualisresponsibleforcontract,device

andpaymentofongoingusagewhetherforpersonalorbusinessuse.


6/16


Quocirca 2013 - 6 -

Contracts

Thesearegenerallyconstructedtokeepcostsdownandreducecomplexityfortheorganisation,so,onthefaceof

it,handingownershipandresponsibilitytotheemployeeseemslikeagoodidea.Howeverthisisamassivelossin

termsofeconomiesofscaleand,whileindividualcontractswillbelucrativeforthecarriers,theywillgenerallybe

moreexpensiveforboththeindividualandorganisation.

Individualresponsible Impact

Deviceupgrades

Existingcontractterminationmostuserswillhavethelatestdevicebecausethey

have been offered it as part of the deal for extending their existing private

contract.Ifthatdeviceistobecomeabringyourownintoworktheywillneedto

terminatetheprivatecontract,butwhowillpay?

Helpdesk

support

Normallyneeds tobe put inplace and available toall users, ideally ona 24x7

basis, but iftheemployeehas theirown contract, this will bewiththe service

providerorup totheindividualtomanage,eitheronlineorwithpeers.Thiswill

impactmobiledeviceeffectivenessofemployees.

Networktariffs

Volumediscountsnolongerapply.Mobiletomobile,mobiletolandline,landline

tomobileon-netratesareverycompetitiveandnormallyaround1/3rd

ofthecost

ofcrossnetworkcalling. Ifusersareallowedtohavemulti-networkoptionsthis

willincreasebothmobileandlandlinecosts.

Network

bonuses

Thebonusespaidbythenetworksforthecorporatecontractarelikelytobelost.

Thesebonuseshavebeenpaidinavarietyofways,butareavaluethatcould

diminishveryquicklyandonethatmustbeaccountedfor.

Data

consumption

Data is purchased in bundles but with no way of segregating business and

personal data usage, so no mechanism to re-coup personal data consumption

costs.Basedonaveragepersonalcallstatisticsof28%ofallcalls,personaldata

usagecouldbefarmoresignificant.

Whatistheimpactof contractcostsontheorganisationNegativeNeutralPositive

Thekeytoreducingandcontrollingcostsisaccountabilitythroughthecostcentrearchitectureallthewaydownto

endusers.Withindividualstakingcontractresponsibilityandreclaimingthroughexpensesallaccountabilityislostin

astackofpaper,paidmonthlywithnoeasymethodorextensiveresourceburdentovalidateclaims,payments,

usageandpersonalcalldeductions,letaloneanywaytovalidatenetworkbillingcharges.

Thisapproachnowcomeswithfargreaterimplications,withdatabecomingthenormonbusinessconnectionsand

being supplied in bundles. Organisations cannot possibly expect users to be able to evaluate their data

consumption andadjust thedata bundle to best suit their usage profile. Itwould benaive fororganisations to

believethatthisistheroleofthenetworkthisistheirownin-housemanagementissueandtryingtopushthisout

to the networks as their responsibility is not a business-like approach. It is the equivalent of sending a bankstatementtoabankmanagertocheck.

Mostorganisationsthathavesigned/re-signednewcontractsinthe last 18monthsmaynotbe aware thatvoice

connectionsarenolongerlimitedtovoicecalls.Networks,bydefault,setupcontractssothatallvoiceconnections

automaticallyincludepay-as-you-godata.Thisisa managementheadachefororganisations tocontrol costs,and

especiallytheusageofdata,becauseoftheriskofSIMswappingfromabusiness-suppliedphoneintoanemployee-

owneddevice.UsersthatSIMswapfromaconventionalvoice-onlyconnectiondevicetoafeaturerichdata-centric

devicefindthatdatawillworkanddonotquestionwhethertheyshouldorshouldnotbeusingittheybelieveits

thenorm. Pay-as-you-go willprove a very expensive wayofusing data compared to an agreedandnegotiated

contracttariff.


7/16


Quocirca 2013 - 7 -

Devices

Again,whenmobiledevicesweresimplyphones,thedesireforanemployeetowanttheirownparticulartypeof

device was only slight. Now a diversity of smartphones and tablets, strong consumer brands and a wholesale

acceptanceof technologyin manypeoplespersonallivesmeansthatmanyemployeeswillhavestrongopinions

aboutwhattheydo,anddonot,likeorwanttobeseenwith.

Thisis where themuch-discussed consumerisation of theenterprise appears to generate themost gain for the

organisation;however,evenheretheinitialcapitalcostsavingscanquicklybeundermined.Formanyemployees,

theremaybeunexpectedcoststhatpreviouslywereabsorbedbytheorganisation.

Individualresponsible Impact

UpfrontcostShouldbebornebytheemployee,althoughahalfwayhousewhereemployeesare

offeredanallowanceprovidingtheychooseasuitabledevicemightbeused.

DeviceunlockingAlmostallhandsetswillneedtobeunlatchedfromtheiroriginatingnetwork.Thiscostsbetween10and30.Therearecheaperbackstreetoptionsbutthis

inevitablyrenderswarrantiesnullandvoid.

Device

Management

servicesupport

Individuallyboughtdeviceshaveconsumersupportmodels,withextendedwait

timesforin-warrantyreplacements.Thisistheresponsibilityoftheuserwhorisks

beingoff-airwhilewaiting,whichmayimpacttheirabilitytowork.

Replacement

costs

Operatorsubsidyoverthecontractlifetimeisamajordriverforadoptionofthe

consumermobiledevices.Usersseldomunderstandtherealorreplacementcost.

Valid

procurement

Strictrulesarenecessarywheretheuserbuystheirowndevicee.g.ifusingeBayor

certainotherchannelstheusercouldbebuyingagreyimportwithnosupportand

withcompletelydifferentsoftwaretothenormforthatcountry.Evenbuyingfrom

recogniseddealerscancauseissueswithsupporttimescales.

Mobilepolicy

Withdevicesbeingbroughtinbyindividuals,mobilepolicieswillneedtobeputin

place andcertainlybeefedup. Thisis required evenin organisations that donot

routinely provide mobiledevices for their employees, as employees will bring in

personaldevicesinanyevent.

Software

platforms

Standard builds and volume discounts keep the cost of providing a common

software platform low, but not if the employees choose their own devices.

Organisations willhave toprovideandpayfor softwaree.g. malwareprotection

evenonemployee-provideddevicesplatformdiversitywillincreaselicencecosts.

Application

availability

MoreworkloadinITtoensureapplicationsareavailableorthatthereare

alternativesfortherangeofdevicesemployeeschoose.

Databolt-on

Wheremanycorporatedevicesmighthavehadvoice-onlytariffs,onceemployees

providetheirowndevicesintocorporatefleets,databolt-onswillberequiredtobe

addedontothecontract.Overalargefleetofmobileemployeesthiswillhavea

considerablecostimpact.

Whatistheimpactof devicecostsontheorganisationNegativeNeutralPositive

Payment


8/16


Quocirca 2013 - 8 -

Workingoutanacceptableaccountabilitymodelsothatindividualspayforpersonaluseandtheorganisationpays

for business use has been difficult enough to implement with voice calls, but becomes impossible with data

consumptiononsmartphonesandtablets.

Where the organisation is responsible for payment,thiswillinvolveclaimsandexpensesprocessing,which

is a costly system to run, but without such controls

employeeabusecouldberife(Figure2).

Iftheindividualisresponsibleformakingpayments,it

is most likely they will want to claim the business

elementsoftheirexpensesback.

Thisisfraughtwithdifficultiesbecause,whilebusiness

and personal phone calls mightbe relatively easy to

identify,theyaredifficulttoverifybytheorganisation

asthebillbelongstotheindividual.

However since mobile data is rapidly becoming a

significantelementofmobiletariffs,especiallywhileroaming,allocatingthisfairlyoraccuratelybetweenbusiness

andpersonalisprettymuchimpossible.

Individualresponsible

Impact

Personaluse

Nolongerneedstobemonitoredandrecoveredasacost,butemployeeswhoare

payingtheirownbillsmaybetemptedtospendmoretimeonpersonalactivities

whentheyshouldbeworking.When controlledby theorganisation thiscanbe

monitored automatically, but otherwise will need well communicated andunderstoodpoliciestoensureappropriateemployeebehaviours.

CarbonFriendlyIndividualliabilitymeansINDIVIDUALbilling;somemaybeonline,otherson

paper,butprobablyrequiringprintoutsforreclaim,sonotverycarbonfriendly.

ExpenseReclaim

Thecostofprocessingexpenseclaimsisnotfreeandonethatmanyorganisations

overlookorfailtotakeintoaccount.Theaveragecostassociatedwithprocessing

isroughly4050perclaimandcanquicklymountup.Anumberofemployees

arelikelytobeclaimingexpensesalready,soaddingalineseemstrivialbutmany

users will not be claiming expenses on a monthly basis so this may generate

considerableextraworkifprocessing100/1000sofmobileinvoices.

Policing&Compliance

Withbillingdatasentdirecttousersthereisverylittleorganisationscandotoanalysebillingdatawithouttheconsentofusersindividualbillingmakesdata

personalevenifthereisultimatecorporateliability.

Monitoring&

validation

Monitoringandvalidationisnon-existentwhenitcomestoexpense-paidmobile

bills.Mobileexpendituregetslostanditisalmostimpossibletoprovideaccurate

managementinformation.Afterall whoisgoingtogothrough1000sofpaper

billstocheckifauserhasallocatedpersonalcallscorrectlyorifatall?

Whatistheimpactof paymentcostsontheorganisationNegativeNeutralPositive


9/16


Quocirca 2013 - 9 -

Impactofemployeechoiceonrisk

Fromtheemployeesperspective,takingthematterofmobiledevicesintotheirownhandsmakessense.Consumer

productshavemadeITandcommunicationstechnologyaccessible,simpletouseandwitharelativelylowupfrontcost.Improvements inqualityanddesignmeansindividualsaremoreconfidentthatthetechnologyisunlikely to

breakdownor,ifitdoes,theycanaskafriend,lookonlineforhelp,or,asalastresort,readamanualorcontacta

suppliersupportcentre.

Therazorandbladescommercialmodelsprevalentwithmostaspectsofconsumertechnologyencourageinitial

purchase andstimulateon-going usage.So connection costsandsoftwareandmediapurchasesare spreadover

time and individually look insignificant, although the build up over time with ever-increasing usage might be

considerablymoresignificant.

Beyondrackingupexcessivecosts,therisksfortheindividualfortheirownpurchasesarelossofhardware(often

mitigatedwithinsurance),lossofmediaorapplicationcontent(generallymitigatedwithsynchronisationtoanother

deviceoracloudservice)orinfectionbysomeformofmalware.Formost,theseareminorconcernscomparedtothebenefitsofusingthetechnology.

Withtheseconsumerexpectationsinmind,itshould

be no surprise that employees would then also

expect to use their consumer devices for work

purposesandviceversa(Figure3).

This is particularly prevalent among younger

members of the workforce, many of whom have

already wholeheartedly adopted new mobile

technologiesforpersonalusethelatestgeneration

oftouchscreentabletsbeingacaseinpoint.

Thosewhohaveadoptedtabletsforpersonalusewill

increasingly be using it forworkpurposes indeed

will expect an enhanced experience through such

devices.

Interestingly,while other colleagues mayhave initially encountered tabletdevicesfor workpurposes, theywill

discover personaluses for these devices, and there willbe a growing crossover between workplace needs and

personalneedsrightacrosstheagespectrum.

While thiscrossover might seemreasonable forthe employee, it doesopen up significantlevelsof risk for the

organisation,andtheseincreaseiftheorganisationdoesnotownorcontroltheunderlyingdevice.

Many oftheserisksare exacerbatedby thedouble-edgedpopularityof consumerapplicationsand socialmedia,

which opens up a multitude of opportunities for employees to waste time and mobile network capacity.

Encouragingemployeestoworkwhilemobilewith tools andnetworkaccessontheassumption that itwillmake

them more productive might bea forlornhopeunless suitable on-goingchecksormeasurableoutcomesare in

place.

There are many disadvantages to the organisation if employees choose such a wide variety of options that

compatibility issuescreep in.Not only willthisaffectwho hasaccess towhat facilities, itwillmake itharderto

providetechnicalsupportandhardertoensuredataintegrityandthatadequatemeasuresareinplaceforbackup.


10/16


Quocirca 2013 - 10 -

IndividualresponsibleImpact

Device

acceptance

Individualmorelikelytolookafterandtakebettercareoftheirowndevice,keeping

itscorporatecontentandaccesssafer

Inappropriate

content

Organisationscandolittletomonitororcontrolthecontentofemployeesown

devicesand,iftheydo,thiscanleadtoemployeeconcernsaboutprivacy

Tax

implications

Needtobeunderstoodandcorrectlymonitoredwithrespecttopersonalcallsand

potentialchangesintheapproachtobenefitsinkind.

Security

management

Organisationneedstoputwatertightpoliciesandeducationinplacetoensure

individualssuitablyequiptheirdevices,orhaveconstrainedaccesstocorporate

resources.

Security

support

Considerationneedstobemadeforthecostofsupportingsecuritysoftware,

platformsandservers,whethersupportedinternallyorexternallythiswillcost.

Dataintegrity

&backupRequiresindividualsupportandmaybemoreadhocthanorganisationwouldprefer.

Technical

support

Organisationmayencounterunknownandunexpectedissuesthatindividualsare

unlikelytoresolvethemselvesordirectlywithproviders.

Breadthof

support

Supportingdifferentoperatingsystemsacrossanunknownrangeofmobileplatforms

swellsthelevelofknowledgerequiredorforcesuserstodoitthemselves.

Incompatibility

DespiteinitiativessuchasJava,andthegrowingmarketshareofplatformssuchas

Android,thelackofacommonmobileapplicationplatformmeansthat,withopen

choices,therewillbesomeincompatibility.

Cohesion

Someemployees,e.g.seniorexecutives,mayobjecttohavingtoself-support,and

stillexpecttheITdepartmenttohelpthem,meaningITspendsmoretimeonadhoc

queriesorfire-fighting.

Whatistheimpactof riskontheorganisationNegativeNeutralPositive


11/16



Mostcompaniesrecogniseandareconcernedaboutmobilesecurityrisks,butmanystruggletoidentifythedevices

that are attachedto their network (Figure 4). Much ofthe history ofmobile deployment has been adhocand

lackingstrategic focus, initially withseniorexecearly adoptionforcing thepace,which might be whymost still

struggletosetouteffectivemobilepolicies.

Security is always a problem with mobile devices

usedforbusinesspurposes,withtheriskoftheloss

ofdataaswellasthehardwareitself,fromtheftor

lossofthedevice.Thismightbemitigatedsomewhat

withBYODforbusinessuse,asemployeesaremore

likely to take care of their own possessions than

thosetheymightfeelaresubstandardandhavebeen

imposedonthem.

However this is unlikely to be sufficient for the

organisation, many of which will consider it to be

necessary to protect corporate assets on employeeowned devices, through installing security agent

software,aprotectedsandbox,virtualisationoreven

wholedeviceencryption.Toofewseemtobeableto

managethistoday.

Howdeeptheorganisationreachesintoanindividualsowndevicewillhaveimplications,especiallyintheeventof

terminationofemployment.Thereisalsotheriskthattooheavyhandedorconstraininganapproachwillchokeoff

theverybenefitsthatorganisationswerehopingtheiremployeeswouldgainfrombeingabletochooseconsumer

mobiledevices.

While thepositivesideof theemployee-liable approach isthatemployeesmightbemorecarefulwiththeirown

hardware,theiruseof socialnetworkingondevicesusedforworkaswellaspersonalactivitiesmightexposethe

organisationtomalwareriskanddataleakage.ThisneedstobeadequatelyaddressedbytheorganisationifBYODis

tobeacceptable.

TherearefurtherissueswithaccesstocontentthataffectITpolicies.Unlessorganisationsensureallmobileweb

trafficis routed through internal accesspoints then users withmobileweb devicesusing public networkaccess

pointswillbeabletovisitsitesthatwouldnormallyberestrictedoninternalaccesspoints.Ifamobileusercan

access these sites and aninternal user cannot - how should ITpolicy deal with this, especiallyas itcannot be

monitored?Ifbothsetsofusersknowthis,thereisariskofclaimsofdiscrimination.ThisthenraisesafurtherHR

issueifusersareaccessingsitesoncompanydevicesthatareconsideredinappropriate.


12/16



Mobilestrategyandpolicies

Manyorganisationsseemunabletoknowwhattodointhefaceoftherelentlessconsumerpressurefordevice

choice,withconsequentfragmentationofnetworktariffsand potential risk tocorporateassetsandfor abuseofresourcesandtime.Theyshouldstartbydefiningamobilestrategy-somethingmostorganisationsfailtodo,hence

whymanymobiledeploymentshavebeenadhoc-andconsequentpolicies.

Thesehavetoencompasstheorganisationsattitudetoriskandsecurity,costcontrolandmonitoringandbroader

reasonsorvalueexpectedfromtheadoptionanduseofmobiledevices.Thiswillthendeterminetheapproachto

whereitisnecessarytoinsistontightcontrolandwhereitisacceptableforemployeestodothingsforthemselves

(Figure5).

Not all employees will want this freedom, even if

offered, and will welcome the clearly defined

parameters that allow them to separate work and

personal activities. They might have to carry theirownpersonalmobiledeviceaswellasoneforwork,

butthe clarityof physical separationoffersbenefits

forbothemployerandemployee.

Mobile strategy andpoliciesneedto beestablished

in collaboration between line of business

management, individuals and IT or resource

management, and not some dictat from an

embattled IT manager, penny pinching finance

director or overly prescriptive individual in HR.

Ingenious or disgruntledemployees will always find

waysroundwhattheyperceiveasinappropriateconstraints,evenifitmeansdamagingcorporateassets.

SomeseniorexecutivesgoandbuydevicesthemselvesandwillthenapproachITdemandingtheymakeitwork,so

almostallorganisationswill have toconsiderthe implicationsofallowingat leastsomeemployees tobringtheir

owndevices.The challenge fortheorganisation istoensurethatany short-termcost savingsorapparent values

gainedarenotoverwhelmedbyotherhiddencostsorexposuretorisksthatproveexpensiveinthelongerterm.


13/16



Conclusions

Theincreasedacceptanceanduseofadvancedcommunicationstechnologyineverydaylifemeansthatindividuals

asconsumershaveaccesstomoreadvancedtechnologythantheymaydoatwork.Theymaythereforefeelthattheiremployerisnotprovidingthemwiththemosteffectivetoolstomatch:

- workneeds-tocarryouttheirroleaseffectivelyaspossible

- socialneeds-status,prestige,beingpartofthegang,etc.

- personalneeds-applicationsorservicestheyneedorwanttousedaily

Withregularmobilephones,themainissuessurroundkeepingatabonthemixofbusinessandpersonaluseand

deciding who pays the bills. With smartphones and tablets the issues expand to application usage will they

introducesecurityissues,willpersonaluseescalate,howmuchextrasupportwillemployeesneed?Whetherthese

smartmobiledevicesareprovidedbytheorganisationortheindividualmakesadifference,but,critically,sodoes

theownershipandmanagementofthecontract.Therealityisthatallorganisationswillhavetofindawaytodeal

withemployeesbringingintheirowndevices,soitisbesttoincorporatethisintotheenterprisemobilestrategy.

Organisationsneedtoactfasttoputpoliciesinplacetoretainanelementof control.Thisisalreadyanissueand

therewillbeaconfusingmixofbothcorporate-andemployee-liabledevices.Thereisnosingle,simplesolutionand

userswillneedtobeprofiled,basedontheneedsoftheirrole,sodifferentgroundrulescanbeestablishedfor

differingbusinessneeds.

Theorganisationhas to decide where consistency is important or vital. Thismayinvolvesome commonalityof

devices,butthemainaimshouldbetodeterminecommoncommercialandoperationalplatformsindependentof

the actual device. The commercial platform has to take into account all elements of the contracts used for

connectivityandwhatelementsemployeesmustpayfor.Theoperationalplatformshouldprovidethelevelsand

typesofaccess,securityandmalwareprotectionrequiredandwhethertheindividualorthecompanyprovidesthe

device.Whereanemployeeschoiceofdevicedoesnotfitwithwhattheorganisationneedstodeliverintermsofa

suitableplatform forwork,theemployeeneeds tobemadefullyawareofthelimitationsof theirchoiceandtheimpactitwillmakeontheirwork.

Therearecertainmusthavedevicesthataregoingtohavebroademployeeappeal,andorganisationswoulddo

well to recognise this up front, and put more focus on getting these devices incorporated into the corporate

framework.Theycouldalsoputinplaceprogrammestoencourageemployeesintogoingdownthatroute,with

sponsoredpurchaseprograms,corporate-leddealswithsuppliersorsimplyofferthosedevicesasperksofthejob

duringrecruitment.Thiscouldberuninasimilarmannertocompanycarprogramswheretheemployeeisgivenan

allowancedependentongrade,roleandneed,butcantopitupwiththeirownfundstogetadevicetheyprefer.

Whetherdevicesareprovidedbytheorganisationorownedbytheemployeeandusedtoaccesstheorganisations

resources,employeeshavetobemadefullyawareof theirresponsibilities.Aspartofthiseducationprocess,itis

importantthatemployeesreadandsignuptoanagreementthatoutlinesthecommitmentsoftheorganisationand

thereciprocalcommitmentsoftheindividual.Thisshouldincludetheconsequencesforfailingtoadheretothose

commitments,forexampleifemployeesmakeillegalorinappropriateuseoftheorganisationsresources.

To maintain control of costs and reap the benefits of mobile working, there needs tobe a closer relationship

betweenthoseresponsiblefortheemployee,thetechnologyinfrastructureandthemoneylineofbusiness,ITand

financialmanagement.Thisinvolvesallaspectsofthelifecycle;procurementtoobtainofferssothatthosemaking

employee-liable choices avoid paying high consumer tariffs, usage monitoring to ensure billing is accurate and

appropriatelyallocated,andensuringacleanbreakwhentheemployeemovesonortechnologychanges.

Thechallengeforanorganisationisnotaboutdecidingwhichroutetogodowncorporate-liableoremployee-

liablebutdecidingwhatstrategyandpoliciesitneedstoputinplacetomanagecostandrisk.


14/16



References

1iPassQ4MobileWorkforcereport,November2012

2OfcomBusinessConsumerExperiencereport,2010

3iPassQ2MobileWorkforcereport,May2012

4LANDeskSoftwareITservicedeskresearch,September2012


15/16

AboutTangoe

Tangoe(NASDAQ:TNGO)isaleadingglobalproviderofCommunicationsLifecycleManagement(CLM)softwareand

services to a wide range of global enterprises. CLM encompasses the entire lifecycle of an enterprises

communicationsassetsandservices,includingplanningandsourcing,procurementandprovisioning,inventoryand

usagemanagement,mobiledevicemanagement,invoiceprocessing,expenseallocationandaccounting,andassetdecommissioninganddisposal.TangoesCommunicationsManagementPlatform(CMP)isanon-demandsuiteof

softwaredesignedtomanageandoptimizethecomplexprocessesandexpensesassociatedwiththislifecyclefor

both fixed and mobile communications assets and services. Tangoes customers can also manage their

communicationsassetsandservicesbyengagingTangoesclientservicegroup.

Additional information about Tangoe can be found at www.tangoe.com. Tangoe is a registered trademark of

Tangoe,Inc.


16/16


AboutQuocirca

Quocircaisaprimaryresearchandanalysiscompanyspecialisinginthe

business impact of information technology and communications (ITC).

With world-wide, native language reach, Quocirca provides in-depth

insightsintotheviewsofbuyersandinfluencers inlarge,mid-sizedand

small organisations. Its analyst team is made up of real-world

practitionerswithfirst-handexperienceofITCdeliverywhocontinuously

researchandtracktheindustryanditsrealusageinthemarkets.

Throughresearchingperceptions,Quocircauncoversthe real hurdlesto

technology adoption the personal and political aspects of an

organisations environment and the pressures of the need for

demonstrable business value in any implementation. This capability to

uncover and report back on the end-user perceptions in the market

enables Quocirca to provide advice on the realities of technology

adoption,notthepromises.

Quocircaresearchisalwayspragmatic,businessorientatedandconductedinthecontextofthebiggerpicture.ITC

has the ability to transform businesses and the processes that drivethem, but often fails todo so. Quocircas

mission is to help organisations improve their success rate in process enablement through better levels of

understandingandtheadoptionofthecorrecttechnologiesatthecorrecttime.

Quocircahasapro-activeprimaryresearchprogramme,regularlysurveyingusers,purchasersandresellersofITC

productsandservicesonemerging,evolvingandmaturingtechnologies.Overtime,Quocircahasbuiltapictureof

longterminvestmenttrends,providinginvaluableinformationforthewholeoftheITCcommunity.

QuocircaworkswithglobalandlocalprovidersofITCproductsandservicestohelpthemdeliveronthepromisethat

ITCholdsfor business. Quocircasclients includeOracle, IBM, CA,O2, T-Mobile,HP, Xerox,RicohandSymantec,

alongwithotherlargeandmediumsizedvendors,serviceprovidersandmorespecialistfirms.

DetailsofQuocircasworkandtheservicesitofferscanbefoundat http://www.quocirca.com

Disclaimer:

Thisreporthasbeenwrittenindependentlyby QuocircaLtd.Duringthepreparationof thisreport,Quocircamay

have used a number of sources for the information and views provided. Although Quocirca has attempted

whereverpossibletovalidatetheinformationreceivedfromeachvendor,Quocircacannotbeheldresponsiblefor

anyerrorsininformationreceivedinthismanner.

AlthoughQuocircahastakenwhatstepsitcantoensurethattheinformationprovidedinthisreportistrueandreflects real marketconditions, Quocircacannottake anyresponsibility forthe ultimate reliabilityof thedetails

presented.Therefore,Quocircaexpresslydisclaimsallwarrantiesandclaimsastothevalidityofthedatapresented

here,includinganyandallconsequentiallossesincurredbyanyorganisationorindividualtakinganyactionbased

onsuchdataandadvice.

Allbrandandproductnamesarerecognisedandacknowledgedastrademarksorservicemarksoftheirrespective

holders.

REPORT NOTE:This report has been writtenindependently by Quocirca Ltd

to provide an overview of theissues facing organisationsseeking to maximise theeffectiveness of todaysdynamic workforce.

The report draws on Quocircasextensive knowledge of thetechnology and businessarenas, and provides advice onthe approach that organisationsshould take to create a moreeffective and efficientenvironment for future growth.

Documents

BYOD - who carries the can?