Mobile devices have become an integral part of corporate computing. More Connecticut workers are using smartphones, tablets, and laptops in the office, for telecommuting and when they travel, and companies are embracing these portable devices to boost productivity. At the same time, CIOs, CTOs, and CSOs have to make strategic decisions about the best way to manage mobile computing devices. Is it better to let employees use their own smartphones and tablets, or is company-issued hardware a better strategy? Which is better for your Connecticut company—bring your own device (BYOD) or choose your own device (CYOD)?
The BYOD-versus-CYOD conundrum is being driven by the popularity of handheld devices and by workers’ natural tendency to bring those devices to work. Smartphones and tablets are capable of handling routine business computing tasks, such as email and web browsing. In fact, 36 percent of mobile service subscribers use iPhones or iPads to read email, and 34 percent say they only use mobile devices for email. Workers also will use their handheld devices to check personal email, as well as Facebook, Twitter, and other social media feeds while at work, so smart businesses are incorporating handheld devices as work tools.
So, what’s the best strategy for your Connecticut business to embrace mobile technology? Do you let employees use their own devices, or do you insist on company-approved mobile devices in order to maintain greater control? There are advantages and disadvantages to each approach.
About 50 percent of North American companies will have some BYOD policy in place by the end of 2017. BYOD adoption is being driven by a recognition that you can’t hold back the tide; employees are going to bring their smartphones to work, like it or not, so you may as well make them part of the work environment. There are a number of advantages to BYOD, including:
There are disadvantages as well, the biggest being device control and data security. Company IT departments have little control over employee-owned devices, which can create a huge security risk. In fact, research shows that 39 percent of businesses see security as the biggest reason not to adopt a BYOD policy, and one in five companies report a mobile data security breach.
There are other challenges as well, such as ensuring that mobile software is kept up to date. There may be compatibility issues if the hardware your employees choose doesn’t support the company’s enterprise applications. And then there are privacy concerns; employees may be worried that the company is monitoring their smartphone activities.
Adopting a CYOD policy gives companies more control over employees’ use of mobile devices. CYOD allows employees to choose from an approved list of mobile devices, and the company offers a stipend or reimbursement policy to cover some or all of the costs.
CYOD has many of the advantages of BYOD:
In addition, with CYOD, businesses have more control over hardware. The IT department can be sure to choose hardware that integrates with enterprise applications, which simplifies device setup and management. The company also can insist on additional protections such as anti-malware applications and installation of security apps that can track and disable devices that are lost or stolen.
COPE (corporate-owned, personally enabled) is similar to CYOD, but the company actually provides the equipment. With COPE, the costs are higher, but you have ultimate control over mobile devices, including security. Similar to issuing a company laptop, when you issue company smartphones or tablets, you can install the necessary software, including malware detection, and set up protocols for software updates and maintenance. In many ways, COPE is easier for company IT departments to manage, because it requires a common set of applications, policies, and safeguards.
Of course, with a COPE strategy, the company assumes responsibility for lost and stolen hardware, as well as hardware upgrades, but because the company has control over device security, it minimizes the risk of stolen data or compromising enterprise applications.
When you weigh the options of cost versus control, more Connecticut companies are opting for CYOD or COPE policies, because the security risks are just too great. The Ponemon Institute estimates that one in four businesses will suffer a data breach, and the average total cost of a data breach in 2017 is $3.62 million. The potential losses to Connecticut businesses can be quite high, especially when you consider the Connecticut statute that requires customers affected by a data breach to be notified and protected for one year, at the company’s expense.
Here’s another alarming statistic that should make Connecticut companies consider a CYOD or COPE plan: 60 percent of small businesses that suffer a data breach are out of business within six months. Maintaining closer control over mobile devices will pay off in the end, even if the costs are slightly higher. It’s much less expensive to prevent a security problem than it is to try to cope with a data breach that could put you out of business.