We've all heard the stories. A harried executive on his way to the annual meeting leaves his laptop computer in a cab with the company's unpublished earnings reports on it. Or the overworked IT guy emails top-secret product designs to his smartphone so he can do work over the weekend—only to have the email hacked.
Fears about lost intellectual property lead many executives to ban employees from using personal devices for any corporate tasks. But in light of the fact that most people have smartphones or tablets, and almost everyone is expected to be productive beyond the 9 to 5 work day, telling employees they can't use their personal devices for work tasks may be counterproductive—and nearly impossible to enforce.
A recent Cisco Systems Inc. survey of 1,500 information technology executives showed that while 48 percent of companies said that they would never authorize employees to bring their own devices to work, 57 percent of IT managers acknowledged some employees use personal devices at work without consent. Which is why many companies are rolling out formal bring-your-own-device, or BYOD, policies that allow employees to access company applications and data with personal devices.
Once they get past the initial security concerns, most company leaders are finding little downside.
"We didn't see any additional risk once we put our BYOD policy in place," says David Richter, vice president of IT services infrastructure solutions for Kimberly-Clark Corp., the global personal care products manufacturer. Kimberly-Clark rolled out its BYOD policy in 2010, allowing employees in 20 of the 36 countries where it operates to use their own smartphones and tablets for work tasks. The policy allows employees to access corporate email, enterprise apps and corporate databases with their devices. In exchange they must agree to password protect the device and sign a contract that states if they lose it or leave the company, Kimberly-Clark will immediately wipe the device of all data.
No-one has ever objected to the device wiping portion of the policy, Richter says. "They go into it fully aware of the requirement, and acknowledge it in writing."
These days, the company is supporting some 3,000 personal devices. Employee surveys show workers are happy with the option and are more productive. The only costs to Kimberly Clark are the mobile device management license fees and the software to wipe the devices. It has been so successful, that the company would like to roll out the policy in all of the 36 countries where it operates. However, regulations in certain countries, including China where deploying corporate email on a personal device violates privacy laws, make it unrealistic, Richter says. "When you are doing BYOD, it's important to understand the legal requirements in each country," he says. "In most places it's not a problem."
Kimberly Clark sees BYOD as a low-risk, high-benefit program. And the company is not alone. Approximately 60 percent of global organizations are adapting their IT infrastructure to accommodate employees' personal devices instead of restricting how employees can use them, according to a January 2012 study from Avanade Inc., a global IT consulting firm. Nearly 90 percent of the business leaders surveyed said they are aware that employees are already using personal technology for work purposes, and 65 percent of C-level executives consider the growing use of employee-owned technology as a top priority in their organization.
"We are seeing increasing acceptance of BYOD, especially for smartphones," says Ryan McCune, senior director innovation and incubation at Avanade. "If the proper standards are in place, and sensitive data is encrypted, it's a good idea."
Regev Yativ, CEO Americas of Magic Software Enterprises in Laguna Hills, California, an international software development company didn't need convincing. "When employees have round-the-clock accessibility to data, apps and corporate email, it improves customer service," he says. "There is no operational downside."
Magic's BYOD policy evolved in response to employee demand to use mobile devices other than the BlackBerrys, which were the corporate standard. To accommodate them, Magic Software allows employees to use their own devices, and the company will provide a stipend equal to the cost of the BlackBerry to pay for it. As part of the policy, employees must use AT&T as a service provider, "because it's too much administration to diversify carriers," Yativ says. And like Kimberly-Clark, if the device is lost or stolen, or the employee leaves the company, Magic Software will wipe it clean of all data within minutes of notification.
Employees appear willing to accept the risk that they might lose their data if they leave the company or lose the device. Yativ says no employee has ever expressed an issue with this portion of the policy.
Yativ admits the policy does add incremental costs, mostly related to IT support and increased cost of data plans as employees use multiple devices. "But that's negligible when you consider the increase in productivity," he says. Yativ draws a straight line between his BYOD policy and customer satisfaction, noting that customer surveys have shown top scores (five out of five) for speed and responsiveness since implementing the policy.
"It's hard to measure the ROI of policy changes, but it doesn't take a genius to see that our people are responding to customer needs on the weekends and holidays because they have the tools to do those tasks," he says.
The use of mobile devices to tackle tasks outside of regular work hours has raised concerns about workers feeling pressured to remain "always on" and about overtime pay liability. Yativ, though, says his employees have never expressed concerns about working overtime with respect to the BYOD policy. Rather, they view the policy as an opportunity to get their jobs done more effectively.
"BYOD is not a luxury for employees," Yativ says. "It's an integral part of any business strategy."
Sarah Fister Gale is a freelance writer based in the Chicago area. To comment, email firstname.lastname@example.org.