How to weigh BYOD benefits and risks

An IT manager's guide to BYOD benefits and risks

Employees bring their personal devices to work, but most companies don't have formal bring your own device (BYOD) programs in place. There are risks to BYOD that could hold your company back from an implementation, but there are BYOD benefits to consider as well.

Of course, you shouldn't open the floodgates and let users bring in any devices they want. There are some strong reasons not to allow BYOD, including -- but certainly not limited to -- the security concerns. You'll probably need to invest in mobile device management (MDM) and/or mobile application management (MAM) software to help you control the risks, and you should definitely have some BYOD policies in place.

But if you do adopt BYOD, you might just save your company a bundle of money and make employees happier at the same time. Whether BYOD will benefit your organization depends on your company, so weigh the risks against the rewards before you decide whether to board up your windows against mobile devices or let them fly free.

Table of contents:

BYOD benefits: Save the company money, appease workers

BYOD has the potential for big cost savings because organizations that let employees bring their own devices to work don't waste money on corporate phones. Plus, when an employee can work from and use a device of his own choosing, it's more enjoyable than being forced to use a corporate-issued device. That means happier and more productive users. Another advantage of BYOD is that it supports a mobile and cloud-focused IT strategy. From their personal mobile devices, employees can access their work in the cloud, further improving productivity.

BYOD privacy issues and other legal concerns

Companies can track employees' activity on their personal devices, delete personal data and see Web activity, which workers aren't partial to. But in many cases, management and the legal department don't want to know what users are up to either. To help preserve BYOD privacy, IT can use secure containers or MDM systems that keep personal data separate from work data, monitor data with MAM or mobile information management instead of managing devices, or set up virtual desktops or phone lines for BYOD access. But whatever strategy you choose, you have to make it clear to workers what they're signing up for when they agree to a BYOD program.

Consider this: Four big BYOD risks

You know about BYOD benefits, but there are some challenges to consider before you dive in headfirst. First, consider how you'll pay for services. Users might pay for devices, but who's going to pay for the voice and data plans? There are a couple of ways you can handle cost-sharing, but it's important to pick one and get users to agree to it. Additionally, you're going to have to draft acceptable use and security policies that include the consequences of violation. Then you need to train users and help desk staff on best practices and support, respectively. Finally, you'll have to know how to handle the granddaddy of BYOD challenges: security.

How to minimize BYOD risks

The security risks associated with BYOD can seem overwhelming, but there are ways to keep data locked down. Policies and procedures are the first line of defense against data leaks, but you have to get employees to adhere to them. To mitigate risks when employees do violate policies -- inadvertently or otherwise -- make sure to control data and network access with two-factor authentication and use the right tools to manage devices, applications and information. Encrypting data will also help keep corporate information safe, and so will encouraging employees to use the virtual private network.

Make sure your BYOD program has more pros than cons

There are more BYOD benefits and risks than you might think, and the lists often come out pretty much even. For example, users can update hardware and software on their personal devices more easily than they can on corporate equipment, so personal mobile devices are usually more up to date. Plus, employees are more likely to take good care of their own devices, understand how they work and maintain them, which can reduce support costs. But the cons are that companies have to pay for mobile management tools, devote resources to developing strategies and policies, and deal with licensing and compliance issues.