Employees are increasingly using personally-owned mobile devices (smartphones, tablets and laptops) for work-related purposes. This allows employees to use the technology they’re most comfortable with (and most productive on) to get work done both in and out of the office. But this has risks. To address those, some organizations are creating BYOD (Bring Your Own Device) policies that establish guidelines for proper use.
Last month, we launched a survey to get a pulse on what companies are doing to manage employee-owned mobile devices. We received responses from organizations ranging from three to 110,000 employees. This article summarizes some of the insights we garnered in the areas of usage, priorities and risk. To obtain the full survey results, please email me.
What Are Employees Using Their Devices For?
For many organizations, mobile device management comes down to one question: “Do we need a formal policy?” Addressing that question requires perspective on what employees are doing with their mobile devices.
Figure 1: Ownership of devices employees use for work-related purposes.
As shown in Figure 1, only 23% of employees are exclusively using company-issued devices for work purposes. The majority of employees (77%) are using their own devices to some extent–either exclusively or in addition to company-issued devices–to do work. But what are employees doing with their devices?
Figure 2: Employee uses of mobile devices.
Figure 2 shows that employees are using mobile devices (whether their own or company-issued) at a roughly equivalent frequency for personal and business use. For business purposes, 67% of employees are using devices for business correspondence (email, phone calls, etc.), 48% are accessing corporate tools and applications from their devices, and 44% are using their device for professional networking.
Whenever employees are using mobile devices to access company data (48%), a policy with guidelines for proper use is a must. However, another survey question revealed that only 30% of respondents’ companies had a policy in place.
Policy Goals and Successes
We asked several questions regarding organizations’ goals in adopting BYOD policies, and the success of their policies in achieving those goals.
Figure 3: Goals in creating a policy.
The most important goal was to offset IT expenses, cited by 31% of respondents as “very important" (Figure 3). 61% said increases in both productivity and accessibility of work-related information was “somewhat important.”
When asked about the success of their policies at meeting their goals, Figure 4 shows the majority of respondents felt their policies were “somewhat successful” in increasing productivity and accessibility (both 54%). And although it was a low priority for those polled, 31% indicated being “very successful” in offering greater freedom of choice to employees.
Figure 4: Success at meeting goals.
The most success organizations enjoyed, however, was in offsetting IT costs–some 84% indicated being “somewhat” or “very successful” to that end.
Tackling Risk and Concerns
We asked a few questions to explore what concerns companies have related to mobile devices, and how they’re addressing them–and how that differs between companies that do and do not have a BYOD policy.
Figure 5: Top mobile device concerns.
Data security is the biggest mobile device issue for organizations–86% with a BYOD policy and 83% without one indicated this as a concern (Figure 5). For those with BYOD policies, the second greatest concern was lost devices (78%). Those without BYOD policies had a three-way tie between regulating downloadable content, capacity of IT resources, and enforcing compliance with existing policies.
Organizations with BYOD policies rely heavily on guidelines and best practices to minimize these risks (Figure 6). Those without BYOD policies are using security software or third parties for risk management (27% collectively). Surprisingly, only 3% of respondents are monitoring for proper use, regardless of whether they have BYOD policies.
Figure 6: Methods for minimizing risks.
Will BYOD Become a Higher Priority?
While 30% of participants without BYOD policies said that instituting one wasn’t a priority, 33% plan to modify their plans for managing use of personal mobile devices in 2012. Considering the majority of employees are already using personal devices for work-related purposes, we were surprised that only 12% of organizations without a BYOD policy plan to adopt one in the near future (half of those are currently developing policies).
Security risks associated with BYOD policies continue to intimidate some–one respondent said he is “scared to death of security vulnerabilities”–but what would do more to minimize risks than to adopt an official policy? Are organizations better served by addressing issues as they arise? Or should leadership elevate mobile device policy as a priority for 2012? There are more and more resources for those with questions about best practices in BYOD policy–including webinars like the one MaaS360 by Fiberlink is running tomorrow on implementing and managing your own–but it's up to you to go out and find them.
Thanks again to all of our participants–and to those who helped us get the word out!