If Gartner's projections are to be believed, by 2017, half of all companies will force employees to use their personal smartphones for work. Even if it doesn't transpire so quickly, I can see it happening at numerous companies. To many CEOs, it's like telling employees to use their own car for business trips or buy their own uniforms for use on the job — both widely accepted practices.
Whatever your views on the economic merits of the policy, such a change will have unintended consequences that go way beyond who pays for what. Neither the "use your own car" or "buy your own uniform" models will be much help in navigating the new landscape such forced-BYOD policies will create.
As regular readers know, I believe vendors and IT organizations usually overstate security concerns, whether for cynical profit motives or to satisfy either an unhealthy need for control or an unhealthy fear of risk. But that doesn't mean there aren't legitimate security concerns or risks worth avoiding. I'm a firm believer in letting employees choose the best tool for the job — computer, mobile device, applications, and cloud services — as long as those choices support or at least don't undermine legitimate business process, outcome, security, and compliance needs.
At first blush, the notion of forced BYOD may seem like it supports employee choice, albeit in a miserly way. It does — but it also forces companies to accept two principles that will freak out most IT organizations and corporate counsels:
- Business data is no longer confined to business systems and repositories, so information management and security are no longer assurable.
- Individuals will ultimately own the information and process management and ownership, not the businesses that become their clients.
We're already moving in those directions with optional BYOD and the acceptance of work at home (on employee PCs). Even though the consumerization phenomenon has deep roots that modern technology has only accelerated, companies today can tell themselves that those are exceptions to a system fundamentally designed to keep business data in the hands of business systems that can probably be secured and shown to be compliant. That will change in an era of forced BYOD.
Let's be clear: Forced BYOD means a move from making the personal fit the business to making the business fit the personal. That's a revolutionary inversion.
When the BYOD phenomenon rose in 2010, many IT pros feared BYOD because they saw that, even with the mobile management tools available, they could not guarantee security and compliance. Never mind that they couldn't guarantee it on home PCs or even work PCs -- they could at least pretend to in those venues, with complicity from corporate management, of course. Many continue to pretend they can guarantee security and compliance on mobile devices, whether BYOD or corporate-issued, by using some of the hundreds of products claiming to do so.
Sign up for Computerworld eNewsletters.