Bring Your Own Disaster: Revisiting the BYOD debate, how firms approach mobility in 2015

In the second of our series analysing industry engagement with enterprise mobility, Peter Gothard examines the BYOD trend and to what extent own devices have a place in the truly modern enterprise

According to Computing Research, 70 per cent of IT leaders still place themselves in the "hold on" camp when describing their attitude to the idea of allowing devices into the workplace that are not fully controlled by the IT department. With 80 per cent saying the same thing three years ago, progress on the BYOD front has not been as swift as many anticipated.

Some 50 per cent believe that in three years' time they will still be asking employees to "hold on" when using unsecured devices. But why do only 30 per cent of IT leaders currently believe it's time to "let go" and devolve responsibility for devices to the users and business units?

Security is obviously a huge factor. Since mobility began rising up the enterprise IT agenda - shortly after the iPhone launched in 2007 - CIOs have been in search of tools to protect data held in mobile devices. As result, mobile device management speciallists like Airwatch and Good now count many large international businesses as their customers, and even BlackBerry seems to be finding success with its Enterprise Server product operating across wider platforms than just its own ailing hardware and mobile OS.

But it's arguably a cultural issue, too.

"I want people to be proud of where they work," explains Mark Ridley, CIO of recruitment firm Reed.co.uk.

"We're currently looking at own device use across the company, but expanded beyond just mobiles, because controls are already great on there with companies like Airwatch," he tells Computing.

"The next step is how we could do this with a choose-your-own-device policy, augmenting the choices you make with our own funding," he says.

"But at the moment we don't really support that."

What Reed.co.uk has so far implemented, however, is a half-way house. "Just over half" of staff at the company use Google-powered, cloud-dependent Chromebooks which, explains Ridley, are stored in charging lockers.

"People can just get them out and go to a meeting."

There are also company-owned iPads doing the rounds as - and this again plays into the "pride" factor, "people said they want a tablet, and don't want to walk around with a laptop anymore".

It's beginning to feel that the BYOD trend has moved beyond the novelty of bringing an iPhone to work to check email, and become an actual productivity issue. It's a little like the long-running tendency for trendy young IT workers to balk at the prospect of working in an IT department that has less gear than the server farm and quad-monitor private home network they enjoy in their bedrooms.

"I would love it if people had complete control over their own devices to use in whatever way they feel comfortable with, as long as it means they can do their jobs," says Ridley.

"But there are things we need to achieve first. If you look at a lot of people, they'll walk into a meeting room with two phones - they like that segregation, and they want to keep working that way. One solution will never fit everybody."

As CIO of a private sector firm, Ridley perhaps has an easier job than Barry Wilkinson, ICT manager at Shropshire Council who, despite a savvy implementation of new Microsoft toys across the organisation, including Azure for running apps and OneDrive for storage - with a rollout of Surface Pro 3s that's even causing employees to jettison their iPads - has still decided to put a wholesale ban on BYOD.

"We decided to shelve BYOD as an option 15 months ago," Wilkinson admits.

"The controls around PSN [the Public Services Network - the UK government's collaboration network] were too difficult.

"We joked about it internally - how it had become DYOD - people would need to donate control of their device to somebody else."

Wilkinson explains how, as an iPad user, even he worried about taking his iPad home, filling it with photos of his family, then having to wipe his own device remotely if it got lost. The idea of having to do this to a colleague was a jarring thought.

"That's not a nice element to have to patrol," he says.

Because even though Wilkinson acknowledges that security offerings can often be strong enough for the public sector now, the cost of carrying out those measures still isn't socially acceptable.

"But there has to be a middle ground, and at the moment that's two devices in your pocket," he says.

Wilkinson has considered the siloed data approach, in which theoretically only the business element of the device would need to be remotely wiped, but it's clear from his tone of voice he's still not sold on the concept.

And yet, he feels it's important to keep exploring the option of providing devices employees are truly happy with, as he's already seeing more flexible working - even with company-provided Surfaces and Lumia phones - pay dividends.

"My key identifier now - it's not quite evolution, let's not get too excited," he laughs, "is that I'm getting password reset requests on Saturdays and Sundays. So people are fitting work around their lives whenever they like, which I don't think anybody could do by coming to the office 9am - 5pm.

"If working from home doesn't become the default, people will never be able to integrate home working into a flexible lifestyle that can work around life events such as hospital visits," he reasons.

Bet365's CIO, Martin Davies, however, doesn't seem to see quite as much light shining at the end of the tunnel.

"BYOD says to me ‘bring your own security threat' ... I really can't see the benefits of BYOD, if I'm honest," he tells Computing.

Bet365's mobile developers are issued with all the devices they need to test their code, he explains, adding that he cannot see a time when staff will be allowed to use their personal devices in his organisation.

Obviously, Bet365 is handling extremely sensitive data, but Davies is designing a company like an IT security fortress.

"Wireless is just another extension of your attack surface from a security perspective," he says. "We've started allowing it, but it is very segregated from the main network and it is very tightly controlled.

In fact, the only reason Wi-Fi is there at all is to test mobile versions of apps. And it has enough access point detection to instantly lock out anything even hinting at malpractice that tries to connect.

"The only reason that we've brought it in is because we do a lot more development on mobile and tablets and it makes it difficult for us to test these things internally without having wireless," he adds.

"Because we deal with customers' money on a daily basis, the damages could be huge, and this is why security has to be at the forefront of everything all of the time," concludes Davies.

But Reed.co.uk's Ridley believes the future will be dominated by home devices that are enterprise-ready.

"I think that's how it has to be," he says.

"I think that's true, but the counterpoint is, security is so critical. It's not just security on your own devices. Where we are now, we have a hybrid model, but making sure there are compliance models is a big thing, and is becoming big business.

"I think the issue with BYOD as a concept is it's becoming less worthy of having a theme around it - it's just the way people use devices, now. It's like - nobody goes to work without having a car parking space."

But with the average age of a staff member at Reed.co.uk's being 27, perhaps Ridley has the advantage of working with flexible digital natives. And even then, he prefers they use Android. And the reason?

"I have the one-touch ability to shut down elements of a user's Android phone instantly," he says. "It's brilliant."

Additional reporting: Sooraj Shah

Computing's Enterprise Mobility Summit will take place on 10th June 2015. Register here.