If media headlines and vendor claims are to be believed, organisations today are faced with an unstoppable tide of many different types of personal device connected to corporate networks, and Gen Y employees (or prospective employees) who don’t want to work for them if they can’t use their latest gadget for business purposes. But is it really like that?
To find out, in September 2011 we carried out an online survey of over 1,600 IT and business professionals. We asked about respondents’ own preferences and habits with regard to personal technology, as well as what’s going on within their organisations. The answers we got suggest that the amount of media and vendor hype about the consumerisation of IT is at risk of masking some of the real trends and issues.
Let’s start with prevalence: is the use of personal devices for work a tide about to swamp organisations, or a trickle that can safely be ignored?
A look at Figure 1 shows that we’re by no means faced with a tide that’s about to sweep all before it. That said, ‘unofficial’ use of personal devices for work purposes has become established in a minority of organisations, and many more report some degree of ‘bring your own device’ (BYOD).
In terms of actual ‘unofficial’ kit, Windows-based PCs and notebooks dominate, followed by iPhones, Android smartphones and iPads. As might have been expected, Apple Mac also features strongly, mainly in the shape of notebooks. Not many use personal BlackBerry devices for work; but that has to be seen in the context of BlackBerry still being the favoured company-issued smartphone.
By ‘unofficially’, we are referring to the use of equipment that has not been supplied by or funded by the employer – i.e. personal kit used for work that the employee has acquired independently.
So we’re not looking at a torrent of BYOD today, and ‘device proliferation’ exists largely in vendor marketing literature. But – to stick with the flood analogy – there’s definitely a hole in the dyke. And trying to pretend that consumerisation isn’t happening is akin to sticking a finger in that hole: it may be possible to plug the hole for a while, but either it’ll get bigger, or the water will come over the top.
In other words, now’s a good time for business and IT to assess what can – and should – be done to address consumerisation in their organisation before increasing ‘unofficial’ use of technology creates significant support and/or security issues. To be fair, many businesses have already got policies in place to govern the use of personal devices for work purposes; for others, this aspect remains a work in progress, and a considerable number have taken no action at all. But important as it is to have appropriate policies in place, the issue extends beyond policy: our research shows that even in organisations where use of personal equipment for work purposes is banned completely, it nevertheless goes on.
So what should companies do? In the previous paragraph, I mentioned “business and IT”; it’s the “and” that’s crucial here. Consumerisation of IT is as much an issue for the business as it is for IT. More to the point, in many organisations, it’s time for the business to acknowledge that it is often the executives who are the ones creating the most headaches for IT, and potentially the biggest exposure in terms of security.
Our research shows that it isn’t ‘Generation Y’ that’s the main driver behind BYOD. Leaving aside the IT folks themselves, it’s the executives who are using – and in many cases demand to use – devices for work that haven’t been officially issued by the company (see Figure 2).
The inevitable support and security issues that arise are of course the same, regardless of whether it’s an executive or a recent graduate connecting to corporate resources. But there’s one key difference: when it’s the executives themselves that are either flouting existing policies or simply doing what they want to do without asking whether there should be a policy, IT doesn’t have much of a chance to enforce or put in place measures for appropriate and safe use of personal devices for work.
In a nutshell, whether you call it BYOD, consumerisation of IT, or something else, this is an issue that needs to be co-owned by business and IT. Together, business and IT executives must decide what is and isn’t appropriate for their business. And together they must agree on the measures that are to be taken. These will differ between different types of organisation, and will also be determined by the IT infrastructure and applications currently in place. Any solution is likely to be a mix of policy and technology – neither one nor the other on its own will suffice. Many organisations are likely to take a step-by-step approach to adapt, and our research results indicate that they still have time to do so. But adapt they must, before today’s trickle becomes a flood.
If you would like to read more about the research mentioned in this article, you are welcome to download the full report from here.
Content Contributors: Martha Bennett