Most reports that talk about BYOD driving improved productivity and business growth usually reference devices like smartphones and tablets. Not laptops.
While people often bring their own mobile devices to work, they generally use a company-issued laptop. But what if they were expected to use a personal laptop at work? A large customer exploring this model would no longer issue laptops but would instead issue a stipend to employees to buy their own.
Sounds like nirvana, right? The company could potentially save money by removing IT from the purchase process (not to mention the savings in support costs!). But this new model also comes with a downside. It means that IT can't always control what happens when employees use the devices – at work or at home.
This whole scenario got me thinking about potential risks.
- Accidental virus, adware, and malware infections could easily be brought into the business and connected to the network. These risks could actually cost more than the price of the devices – in downtime, support, and security threat remediation.
- If a personal laptop fails, users may borrow a laptop from IT (if IT has spares) or elsewhere leading them to share data via USB storage devices. Data may be left behind or the storage device may be exposing your network to vulnerabilities.
- Since the laptop is essentially a personally owned device, user behavior should also be a consideration. Are anti-virus, anti-spyware, and firewall apps current and run on a regular basis? Are applications being shared? How do you unsure compliance?
While IT needs to drive innovation, I'm still on the fence when it comes to laptops for BYOD. Even though phones and tablets are commonly used on public Wi-Fi networks and can be an easy target, 90% of the time they're used for email, calendar, personal banking, family activity coordination, Twitter, and Facebook. The stakes seem lower — there's less to lose. Not so with laptops, which likely contain confidential company data.
At the end of the day, I don't think BYOL (bring your own laptop) is for everyone. It's hard to imagine a company with 10,000 employees staying on top of the issues you'd see – underperforming CPU's, poor Wi-Fi radios, and a growing number of security threats. IT would have to treat these devices as if they were IT managed so it seems like a better idea to dictate what is being brought onto the network.
I'd suggest a phased approach where a smaller group would be used to benchmark the effectiveness of a BYOL initiative as a starting point.
What are your thoughts? I'd love to hear from someone who has tried BYOL. Success or failure?
