Two years ago, as a summer research project, I investigated BYOD policies: what are the elements of a sound BYOD policy; who has them, who doesn’t; and whether they are effective. It was a lengthy process, and I presented my findings at a colloquium of my college in October, 2013. Not only that, that Fall Semester, I had my Cyber Security I (Fundamentals of Information Security) craft an effective BYOD policy as part of their semester group project.
Two years ago, it seemed that BYOD was going to be the future of mobile devices in organizations, and that mobile device management policies (MDM), especially automated MDM policies from 3rd party vendors, were going to be controlling BYOD in the organization. Still, as several students pointed out in class, if companies would just “hand out” mobile devices instead of allowing BYOD, the need for managing personal devices in the workplace would slowly disappear.
According to this article from Computerworld this week, it’s starting to come to that. In the article, Jack Gold, an analyst at J. Gold Associates, stated that:
“There certainly is a curtailment of BYOD from where everyone thought it would be a couple of years back,” Gold said. “Companies are much more cautious now, knowing that the benefits of BYOD often don’t outweigh the risks.”
For many companies, the presumed cost-savings in letting employees use their own devices just hasn’t outweighed the security and management headaches of BYOD.
Gold cited the rise of the use of cloud-based file-sharing services such as leading to the slow demise of BYOD. If employees can save their personal docs and photos in the cloud, they don’t need to worry about losing them if the worker leaves the company and has to return the device. As a result, employees are more willing to accept the use of employer-provided devices, knowing that their personal data is elsewhere.
While BYOD has not disappeared from the workplace, it appears that, for many of the security reasons I identified two years ago, it’s in decline. And for security-conscious organizations who want to segregate their employees’ personal lives from their work lives, that’s a good thing.