Global Information system
Activity B: Presentation to the
Senior Management
Part-1 CIS8009
Utilization
of Bring Your Own Device (BYOD)
BYOD as a concept implies the
allowing of personal mobile devices such as smart phones, tablets, laptops
which are personally owned by the employees to be used for work inside and
outside the office premises with limited access to the organization’s secured/unsecured
network. Although as a concept it is not even a decade old, but since its
inception by Intel it has caught the imagination of the management of a number
of IT companies with most of them not only implementing this concept in their
organization but also offering various solutions to deal with various aspects
of BYOD to other companies (Kleyman, 2013).
With the rapid growth in the
mobile device utility and the rapid consumer purchasing cycle, it is expected
that more companies would inculcate BYOD so as to reap not only cost savings
but also enhanced employee satisfaction. However having said that, there are
companies such as IBM which have not reaped much financial benefits but have
instead had to face significant challenges. Hence before implementation of BYOD
certain factors such as HR, legal systems, technology solutions installed,
availability of personal devices by employees especially in third world
countries along with a thorough cost benefit analysis needs to be conducted so
as to ensure prudent decision making regarding introduction of BYOD (Fujitsu,
n.d.).
Associated
Risks with BYOD
Although the usage of BYOD does
offer significant advantages, however to successfully leverage these
advantages, the below mentioned risks need to be addressed.
Data leakage
With the increasing usage of
USB sticks and public file transfer mechanisms such as Dropbox, cloud backups,
mobile devices have become extremely vulnerable to the risk of data or
information theft which may result in loss of critical corporate information. Further
in case of the device being lost or stolen, there is always the risk of the
device landing in the wrong hands which may result in vital information being
made public or given to competitor (Untangle, n.d.).
Problem of malware, adware, spyware
In the era of global snooping,
there are significant risks which are posed by various malicious softwares such
as malware, adware or spyware being present in the personal devices of the
employees which may systematically enter the network and either may corrupt
critical files or may also steal critical organization data. The examples of
programs such as Stuxnet used by the USA for retrieving information from the
nuclear program of Iran highlights the potential dangers posed (Foster, 2013).
Inappropriate BYOD policy
At times the companies do not
pay the desired attention to designing a prudent and effective BYOD policy.
This results in the various security concerns being unaddressed at times
knowingly and other times unknowingly. Further the employees may not be aware
of these security threats in case they are not given the requisite training. At
times the BYOD policy so framed does not take into consultation the various
stakeholders due to which the compliance rates may be low and user productivity
may also get adversely impacted (Darrow, 2012).
Experiences
of other companies
Since its advent, a number of
companies have adopted the BYOD concept. The experiences of some of these
companies are discussed below.
BYOD experience at IBM
IBM adopted the BYOD initiative
in the year 2010 when it started allowing the employees to work from outside
office using personal devices. However according to the company’s CIO, this
initiative has not resulted in any savings but has in fact given way to new
challenges pertaining to control because of a large number of software that are
installed on these devices which are outside the ambit of control of the
company. The company initially did not have a sound BYOD policy in place due to
which the employees were not aware of the potential security risks posed by
certain software.
However realizing this, the
company started educating employees about computer security and laid guidelines
with regards to the applications that should be used and which cannot be used
such as Dropbox which may allow leakage of confidential corporate information. Additionally
before connecting a device to the IBM network, the IT department configures the
memory in a manner such that it can be easily erased in case of any theft or
device being misplaced. As an additional security measures, the file transfer
mechanisms are also disabled. However despite these measures management of
mobile devices at IBM has not been easy (Bergstein, 2012).
BYOD experience at Intel
Intel was amongst the first
companies which officially introduced BYOD seeing the regular practice of some
employees bringing their personal devices to workplace. It sensed BOYD as an
opportunity which can strengthen the network security along with offering an
enhanced experience to employees resulting in improved productivity. Since
introduction, this has become immensely popular with the number of personal
mobile devices having tripled since 2009 when BYOD was introduced. Further the
company estimates that by 2014 nearly 70% of its global workforce of 80,000
would be actively using the BYOD initiative.
BYOD has brought about
significant gains for the company in the form of increased satisfaction and
productivity of the employees. In addition, the number of unauthorized devices
has plummeted since the introduction of the BYOD which enables better control
and security of storage and network (Webinar Training, n.d.).
Advantages
& Disadvantages
The popularity of BYOD may be
attributed to the following advantages that it potentially offers (Spectrum,
n.d.).
Increased Flexibility
The switch over to BYOD offers
significant flexibility to the employees in the choice of usage of device and
operating platform and operating systems. Further this may offer significant
benefits to companies that still use desktops especially in the developing
world where employees are switching over to tablets, laptops and smart phones
as they can be used from remote locations, while travelling but also offers a
more convenient interface for the users.
Enhanced Productivity
Since employees use their
personal devices hence they can work irrespective of their location. Hence this
also helps in maintaining better balance between personal and professional life
as personal commitments can be fulfilled without adversely impacting the
professional work. All this translates into better time management and
increased satisfaction levels which automatically results in greater productivity.
Reduced cost
A business can significantly
reduce its costs which might be incurred periodically on buying high priced
devices and related software/hardware operating expenses. Further the IT
assistance required is also decreased because of more familiarity with
personally owned mobile devices which results in cost savings.
Attracts job seekers
A study indicates that nearly
44% of the job hunters tend to prefer an organization which allows their
personal mobile devices for work purposes. Hence BYOD may also act as a key
differentiator with regards to retaining or attracting new talent thus offering
sustainable competitive advantage over rivals.
However, there are certain
disadvantages with regards to the usage to the BYOD which are discussed as
follows.
Security vs Privacy
It is clear from the above
mentioned risks that switching over to BYOD does lead to increased security
risk for which preventive measures need to be taken. However in the garb of
heightened security employees often complain of their privacy being breached
due to the IT teams trying to access personal data. Hence the security measures
need to be implemented in a manner that the intrusion into the private space of
an employee needs to be minimized which is a challenge because of differing
privacy preferences of employees. Further the increased spend on ensuring
security measures by putting the requisite infrastructure in place may
sometimes also tend to erode the cost savings by adoption on BYOD.
Lack of clarity in case an employee leaves
Since the employees are using
personal mobile device, hence in case they decide to leave jobs there is
genuine risk with regards to whether all the data pertaining to company/work
has been erased or not. Despite all the efforts, there are chances that employee
may preserve company confidential data. To mitigate this, companies ask the
employees to sign the official BYOD policy which clearly enlists their rights
and restrictions. Further most of the
companies don’t allow the company related data to be saved on the storage of
the personal mobile devices of employees.
Infrastructure
required
It has been witnessed that
providing the requisite infrastructure for smooth and effective transition to
BYOD has emerged as a big challenge. This is because unlike in the past when
the devices were largely homogenous, today the personal devices of employees
are highly heterogeneous which has made asset management a difficult task
particularly in wake of privacy concerns of employees. Hence the company’s
network infrastructures and WLAN’s need external and internal support along
with regular upgrade so as to reap the benefits offered by BYOD.
For monitoring and locating
various mobile devices in a secure fashion, a Mobile Device Management (MDM) is
a must which must be coupled by a forward looking and sustainable security
strategy keeping into consideration the existing systems in place. Further the
following network tools need to be put in place to reduce the demands of BYOD
on company’s critical assets (Clarke, 2013).
Fingerprinting
It refers to a network based
security system which prohibits mobile devices from gaining access to the
resources of the company if the predetermined metrics are not met and hence
keeps the incidence of unauthorized devices accessing the company’s network to
a minimum.
Network Access Controls (NAC)
NAC establishes the security
stance of the mobile device and hence allows automated management of the
device. In case a device does not meet with the preset security rules in terms
of security software installed to prevent malicious programs the device would
not be provided access to the company’s network
Best
practices on BYOD management
Some of the practices that the
leading companies have followed with respect to their BYOD management thus
resulting in significant benefits are summarized below (Webinar Training,
n.d.).
Bottom up Approach
It is imperative to involve all
the stakeholders across functions during the drafting of the BYOD policy so as
to be able to create a policy which is most efficient and effectively addresses
the concerns of the various stakeholders. This further facilitates effective
service agreements governing the personally owned mobile devices and also
ensures hassle free compliance.
Risk management framework
The risks posed by the
implementation of BYOD needs to be uniquely understood as it varies from
organization to organization depending on the network security already in place
and the level of risk involved. All these need to be taken into consideration
to work cost effective security solutions and infrastructure which can be
easily integrated in the existing setup.
Feedback and Revision
In wake of ever evolving technology and constant increase in
the quantity and quality of mobile devices on the organization’s network, it is
imperative that clear and constant communication should be maintained between
the technical team and the top management so as to make them aware of existing
and potential threats which can then be making the necessary changes either in
the BYOD policy or security arrangements with the active inputs of the cross
functional stakeholders.
Beyond technology
It is imperative for the
management to understand although seemingly technical, all decisions regarding
BYOD should involve personnel beyond IT and security groups as it has been seen
that other functional groups such as HR and legal offer pragmatic solutions to
burning issues with regards to employee privacy, software licensing and terms
of usage.
Part-2
A financial model based on the
calculation of incremental cash flow has been worked out in the attached excel
sheet. The summarized version of the various financial decision making
parameters is captured in the table shown below.
Payback Period (Years)
|
4.05
|
NPV ($ millions)
|
$36.71
|
IRR
|
33%
|
Profitability Index
|
3.04
|
The above table clearly denotes
that the project is financially viable because of the following reasons.
NPV is highly positive
IRR is greater than the discount rate of 10%
Profitability Index is significantly greater
than 1
Payback period is also not very large
Part -3
The three scenarios considered
for sensitivity analysis are discussed below.
Scenario
1
The incremental software
acquisition and policy development costs are both increased by 25% as these are
the major contributors to the incremental costs. The financial viability of the
BYOD program in the above scenario can be adjudged from the table shown below.
Payback Period
|
4.62
|
NPV ($ mn)
|
$28.23
|
IRR
|
26%
|
Profitability Index
|
2.34
|
Scenario
2
The incremental productivity
gains and capital cost reduction are both decreased by 25% as these are the
major contributors to the incremental benefits. The financial viability of the
BYOD program in the above scenario can be adjudged from the table shown below.
Payback Period
|
4.97
|
NPV ($ mn)
|
$18.50
|
IRR
|
23%
|
Profitability Index
|
2.03
|
Scenario
3
The incremental productivity
gain is decreased by 50%. The financial viability of the BYOD program in the
above scenario can be adjudged from the table shown below.
Payback Period
|
5.21
|
NPV ($ mn)
|
$13.60
|
IRR
|
20%
|
Profitability Index
|
1.76
|
Clearly the project is
financially feasible in all the given scenarios
References
Bergstein, B. (2012). IBM Faces the Perils of "Bring Your
Own Device, Available
[Online] from: http://www.technologyreview.com/news/427790/ibm-faces-the-perils-of-bring-your-own-device/
Clark, P. (2013). Networking
for the BYOD Enterprise, Available
[Online] from: http://h20195.www2.hp.com/V2/GetPDF.aspx/c03660924.pdf
Darrow, B. (2012). IBM stung by BYOD
pitfalls, Available [Online] from: http://gigaom.com/2012/05/21/ibm-stung-by-byod-pitfalls/
Foster, B. (2013).
How BYOD brings security risks
into corporate networks, Available
[Online] from: http://www.usatoday.com/story/cybertruth/2013/06/21/how-byod-brings-security-risks-into-corporate-networks/2443299/
Fujitsu,
(n.d.). Introduction of BYOD Assessment,
Available [Online] from: http://www.google.co.in/url?sa=t&rct=j&q=&esrc=s&source=web&cd=8&cad=rja&ved=0CHUQFjAH&url=http%3A%2F%2Fassets-production.govstore.service.gov.uk%2FGiii%2520Attachments%2FFUJITSU%2520SERVICES%2520LTD%2FBids%2FArchive1%2FG-Cloud%2520Lot%25204%2520Bring%2520Your%2520Own%2520Device%2520Assessment.docx&ei=YVcrUu3oLsuVrgf6kICgDw&usg=AFQjCNF6TEQ8OrddHGONQaw4gHKZn2e1rw&sig2=DMnEVQ8sS_HUXD7hK-ft3g&bvm=bv.51773540,d.bmk
Kleyman, B. (2013). Deliver Business Advantage with Bring Your
Own Device, Available
[Online] from: http://www.datacenterknowledge.com/archives/2013/07/23/deliver-unparalleled-business-advantage-with-bring-your-own-device/
Spectrum,
(n.d.). BYOD – The Good, the Bad
and the Ugly, Available
[Online] from: http://spectrum-coms.co.uk/byodgoodbadugly/
Untangle (n.d.). BYOD Risks & Rewards, Available [Online] from: http://www.untangle.com/inside-untangle/byod-risks-rewards
No comments:
Post a Comment