The June 2024 issue of IEEE Spectrum is here!

Close bar

The Bring-Your-Own-Device Dilemma

Employees and businesses seek to balance privacy and security

3 min read
The Bring-Your-Own-Device Dilemma
Illustration: Richard Mia

08RBOYDRichardMiaIllustration: Richard Mia

The smartphone revolution opened the floodgates to the BYOD (bring your own device) trend among workers. Carrying two devices is cumbersome, and many people simply preferred to use their new devices over corporate-issued phones or laptops. IT departments might have been able to brush this off, except that many of the early iPhone (and later, Android) adopters sat in executive offices. Now BYOD has spread around the world, creating a host of new challenges for IT departments concerning security, device management, and support costs.

More than half of information workers own the devices they use for work, according to Forrester Research, which surveyed almost 10 000 people in 17 countries, and that proportion is likely to increase, says David Johnson, a senior analyst at Forrester.

The groundswell caused many IT directors to simply throw up their hands. A study published last November by Kaspersky Lab, a digital-security firm, found that one in three organizations allowed personal cellphones unrestricted access to corporate resources—with troubling consequences. One in five companies in the same survey admitted losing business data after personal devices were lost or stolen.

Among those companies that have tried to be more proactive, approaches vary widely. Some require the installation of software that allows the business to monitor all communications on a device and, if necessary, remotely wipe it. Others simply require acknowledgement of an acceptable use policy.

When Intel rolled out a BYOD program in 2010, the company’s top concern was protecting its intellectual property, but it also didn’t want to be seen as Big Brother. Intel doesn’t track personal communications, but employees must sign an agreement that includes a code of conduct and software licensing guidelines, and their devices can be remotely wiped. User training covers unacceptable usage and behavior, such as downloading pirated videos or loaning a device with corporate data to a family member.

Analysts and technology vendors typically make the case that the money saved by businesses in having their employees purchase devices is enough to pay for recommended concomitant investments in security and management infrastructure. But Intel found that wasn’t necessarily the case. “When we first started looking at this, we realized we weren’t going to save a lot of money,” says David Buchholz, Intel’s director of consumerization. Three years later, Buchholz says Intel has realized a “soft ROI [return on investment],” measured primarily by employee claims that they save 57 minutes a day by using their own devices.

As IT departments get closer to determining the true cost of BYOD programs, some employees are taking a hard look at the policies and questioning whether the trade-off in personal control is worth it. When the state of Michigan recently prepared to start a pilot BYOD program, the No. 1 concern expressed by users was losing cherished family photos stored on a personal device to a remote wipe. “It’s not ‘Your Own Device’ if you’re letting someone else control it,” a Slashdot commenter wrote in a discussion of BYOD policies in May. “If I’ve paid for hardware with my own money, it’s mine. … No one else gets admin, root, remote-wipe, find my iPhone, or whatever privileges but me.”

Forrester’s Johnson says he doesn’t expect concerns about cost or control to derail BYOD. He notes that new approaches, such as keeping corporate data on the device in a separate software container (which allows the user’s and the business’s programs to run simultaneously without accessing each other’s data), are both more secure and less intrusive. “BYOD is inevitable,” he says. All that remains to be worked out are the policy details.

About the Author

An editor at Twilio, a cloud communications company, and a regular contributor to Forbes.com, Elise Ackerman last wrote for IEEE Spectrum in January, about Google Glass. In researching this article, she remembered  “when my colleagues first started clamoring to bring their iPhones to work,” she says. “They had no idea that what they were really proposing was a kind of Faustian bargain—their gadgets for their privacy.”

This article is for IEEE members only. Join IEEE to access our full archive.

Join the world’s largest professional organization devoted to engineering and applied sciences and get access to all of Spectrum’s articles, podcasts, and special reports. Learn more →

If you're already an IEEE member, please sign in to continue reading.

Membership includes:

  • Get unlimited access to IEEE Spectrum content
  • Follow your favorite topics to create a personalized feed of IEEE Spectrum content
  • Save Spectrum articles to read later
  • Network with other technology professionals
  • Establish a professional profile
  • Create a group to share and collaborate on projects
  • Discover IEEE events and activities
  • Join and participate in discussions