CYOD: Will it make BYOD a distant memory?

Outside the IT department, everybody loves BYOD. But with hacks and data leaks on the rise, how long can it last?

Technology has evolved to let employees use the iPhone, Android, Windows device or BlackBerry of their choice in the workplace. But these Bring Your Own Device (BYOD) policies have created new headaches surrounding management and security. Some companies have had enough, and are switching to a new model: CYOD—short for Choose Your Own Device—from a company-approved list.

Is CYOD a viable option for your company? Let’s take a look.

From office PCs to anything goes

Tsunami Solutions has been through the wringer with employee devices. The Vancouver-based IT company, which sells software for worker-safety compliance, has been in business since 1999, back when mobile data didn’t exist and all of its workers used office PCs.

Later, like many companies, it assigned everyone a BlackBerry, switching to Windows mobile devices around 2007. The policy worked OK—until the first iPhone hit the market.

“That was where the first pressure came from,” CTO Gabriel Caldwell says. “People didn’t want to carry their work devices anymore.”

At first, iPhones lacked tools for companies to manage and secure them. But, as the BYOD movement evolved, employers found ways to exert some level of control over them and other Apple devices.

The security conundrum, solved

Nevertheless, device security management has remained a conundrum for IT departments. Adopt a laissez-faire attitude, and you expose your company to potentially fatal hacks. Install software to wipe personal devices in the event of a breech, and you incur eternal resentment for deleting your employees’ family photos.

Enter CYOD—the ability to choose your own device from a narrow list—which Tsunami now uses for employees who handle any company applications beyond simple email.

CYOD narrows the universe of devices for overtaxed IT departments tasked with maintaining data security. They still can’t control every device, but at least they have a better grip on which bugs and security issues they’re dealing with, based on the approved list. That means they can provide early warnings and fixes to prevent breaches before they happen.

“CYOD makes a lot more sense for us because of compliance issues,” Caldwell says. Most of the company’s 30 IT staffers use it, as do sales people demonstrating the company’s applications. Customer service reps and others who don’t access sensitive product or financial information still use BYOD.

Employees aren’t worried—but they should be

Though employees express little concern about data safety, one in four people who use their own laptop, phone, or tablet for business have experienced a security issue with their personal device, according to a recent Gartner survey.¹ Much like attacks on enterprise networks, cyberattacks on personal devices are on the rise, causing data loss, security breaches and violation of compliance regulations.

Nearly half of the employees surveyed used their devices for work for more than an hour a day. Most did not have a written agreement governing their use.

BYOD is not just a security problem, Caldwell says. Too much focus on devices sucks time and money from a company.

One of the company’s apps allows employers to monitor employees. To sell it to potential customers, “we need a lot of screen real estate,” he says. So the company partnered with carriers offering large phones that allow for an effective sales presentation, and didn’t waste money developing it for other devices.

For applications under development, company IT workers usually have a choice of using one or two platforms, but no more. “We need to use devices we’re aware of and can manage and support,” Caldwell says.

In fact, he is thinking of outsourcing CYOD entirely, having an outside company deliver and manage devices so that IT can concentrate on core business functions instead of device troubleshooting.