Guiding BYOD Initiatives

GUIDING PRINCIPLES FOR ENTERPRISE “BRING
YOUR OWN DEVICE” (BYOD) INITIATIVES
Project Report by:
Helena Sefcovicova
Project Supervisor:
Dr. Umar Ruhi
EBC6997 Project Report submitted to the
Faculty of Graduate and Postdoctoral Studies
in partial fulfillment of the requirements for:
Master of Electronic Business Technologies
Interdisciplinary Graduate Program in E-Business Technologies,
Faculty of Graduate and Postdoctoral Studies, University of Ottawa
© Helena Sefcovicova, Ottawa, ON, Canada, 2015

Abstract
Formal “Bring Your Own Device” (BYOD) initiatives were developed as a necessity in response
to the ever growing IT consumerization phenomenon happening in modern organisations. The
following project strives to explain and analyze the trend in order to form an understanding of
the best methods for handling such an impactful change.
To begin with, an assessment of academic and industry resources was composed in to a thorough
literature review. After a description of the IT consumerization evolution to a BYOD trend in
organisations, a comparison of various statistics demonstrated its global popularity. It also
highlighted the most recurring challenges and practices. One of the most reiterated challenges
was the impact IT consumerization had on IT departments in organisations. Therefore, a whole
section discusses the conflicts and changes that arose in IT departments as a result of BYOD.
Then, the focus changes to BYOD programs specifically. A collection of managerial, operational
and technical practices was vital for creating a set of recommendations for a successful transition
towards BYOD. Illustrative parallels were then drawn between the found practices and existing
ones in organisations that have already implemented the program.
To either support or confront these findings empirically, a semi-structured interview
questionnaire was developed to examine BYOD initiatives in two participating organisations.
Thanks to high-positioned interviewees from both organisations, we gained valuable first-hand
insight on successful implementation processes. Similar managerial practices and challenges
were observed as opposed to completely different technical approaches, both of which are highly
influenced by the industry the organisation is in.
Finally, some suggestions for improving the interview questionnaire are provided as it will be
used in additional research. It is then followed by thoughts on areas needing further examination
and a conclusion.

Acknowledgements
I would like to express my sincere gratitude to Dr. Umar Ruhi for his confidence in granting me
this research opportunity along with his continuous advice, encouragements and guidance. His
knowledge and support helped me successfully complete this research project.
I would also like to thank both interviewees for taking the time to participate in the study by
sharing their knowledge and thoughts on the matter. Their insightful accounts of BYOD
implementation were a vital part of the project.

4
Contents
I. INTRODUCTION................................................................................................................... 5
II. LITERATURE REVIEW........................................................................................................ 7
1. IT Consumerization ............................................................................................................. 7
1.1. Definitions .................................................................................................................... 7
1.2. Evolution ...................................................................................................................... 8
1.3. Current Trends.............................................................................................................. 9
1.4. Implications for IT Departments in Organizations..................................................... 17
2. BYOD – “Bring Your Own Device” ................................................................................. 22
2.1. Definitions .................................................................................................................. 22
2.2. Opportunities .............................................................................................................. 23
2.3. Challenges .................................................................................................................. 25
2.4. Governance Measures & Considerations ................................................................... 27
2.5. Technical Configuration & Considerations................................................................ 30
2.6. Best practices.............................................................................................................. 35
III. METHODOLOGY ............................................................................................................ 40
1. Case Study Research Method ............................................................................................ 40
2. Data Collection Method & Interview Development.......................................................... 41
2.1. Interview Questions.................................................................................................... 41
3. Qualitative Analysis........................................................................................................... 42
IV. CASE STUDY INTERVIEWS & ANALYSIS................................................................. 44
1. IT Organisation .................................................................................................................. 44
2. Intergovernmental Organisation ........................................................................................ 46
3. Case Comparison ............................................................................................................... 50
V. FINAL THOUGHTS & CONCLUSION.............................................................................. 53
1. Interview Question Modifications ..................................................................................... 53
2. Directions for Future Research .......................................................................................... 54
3. Conclusion ......................................................................................................................... 55
Appendix A................................................................................................................................... 57
References..................................................................................................................................... 58

5
I. INTRODUCTION
An increasingly popular trend in organisations all over the world is being referred to as “BYOD”
or “Bring Your Own Device”. The following research will examine in detail the origins of
BYOD, how to transition towards a BYOD program as well as the implications for organisations
that are working on formally implementing BYOD initiatives. BYOD is a complex phenomenon
to handle, therefore to offer an all-encompassing and high-level understanding, academic as well
industry literature has been well researched and combined with industry experience case studies.
All three of these knowledge sources will contribute greatly in the process of answering our main
research question: “What are the social and technical considerations for organisations
implementing BYOD at a corporate-level?”
Initially, the literature review will detail existing approaches and practices, followed by industry
experience case studies to demonstrate new perspectives or confirm the existing ones. First, a
description of the evolution of BYOD from IT consumerization introduces the concept in the
literature review. Then, trends identified in various large-scale surveys paint an image of the
current state of BYOD adoption and practices at a global level. Moreover, as is clear from the
“IT consumerization” name and the influx of new consumer technologies, the most significantly
impacted are IT departments in enterprises. It is important to understand the conflicts facing IT
departments with the rise of IT consumerization as they are at the center of most challenges
stemming from BYOD practices.
After establishing the context, it is possible to focus more deeply and specifically on the BYOD
initiatives in corporations. One of the primary reasons of BYOD’s rapid spread is the growing
amount of benefits and opportunities brought to the employees as well as organisations. The
most commonly observed benefits and challenges form a section of their own as they are a basis
for understanding the necessary governing and technical considerations for a successful BYOD
implementation. All of the managerial and operational practices supporting the transition towards
BYOD are grouped in one section and the technical practices in the following one. The
awareness of the necessity of these considerations enabled us to develop a comprehensive list of
best practices, followed by specific technology examples from organisations such as Cisco, IBM
and Citrix.

6
To perform a comparison of theory and practice, two case study organisations have been
selected. One participant from each organisation was interviewed on a series of important topics
regarding BYOD. An interview questionnaire has been developed for the purpose of identifying
best practices and main concerns while transitioning to a BYOD program. The two interviews
where the questionnaire was tested are then summarized and compared, to the literature review
and each other to determine similarities or discrepancies.
The concluding section is composed of suggestions for modifying the interview questions as well
as some future research topics.

7
II. LITERATURE REVIEW
1. IT Consumerization
IT consumerization has been labeled as the single most disruptive trend for organizations in
decades (Koch et al., 2014) described as an employee-driven revolution (J. Harris, Ives, &
Junglas, 2012) with inevitable long-term consequences (Moschella, Neal, Opperman, & Taylor,
2004). Due to the speed at which it took over, some go as far as suggesting it was “out of the
blue”(Earley, Robert, Lee, & Mithas, 2014), it is one of the most discussed trends among
organizations. Consequently, organizations must adapt as fast as they can to avoid being
“disrupted” in a negative way.
1.1. Definitions
Most authors define IT consumerization as an increasing amount of company employees
purchasing or “consuming” newest technologies during their private time and wanting to use the
technology for work purposes as well (Castro-Leon, 2014; Forrester Research, 2012; Köffer,
Chiperi, & Junglas, 2014). Some authors also use IT consumerization interchangeably with the
term “BYOD” – Bring Your Own Device (Copeland & Crespi, 2012).
The all-encompassing definition however, was formulated by Harris et al. (2012) – they defined
IT consumerization from three perspectives and thus provided the only complete definition of the
trend. The first and already known, is the “employee perspective”, where every user’s experience
and purchase of various devices, software and applications can be used and applied in the
workplace. The second is the “IT department perspective”, which points to the overabundance of
consumer technologies connected to and used within the organization’s network without being
officially approved - these can be seen as either opportunities or threats based on how they are
handled. The third is the “market perspective” that includes any and all devices, applications and
tools that were primarily designed for consumer use and have found their way to organizational
environments.
Therefore, it is clear the definition of IT consumerization is more complex than previously
anticipated and must be analyzed from a number of standpoints. IT consumerization is not only a
trend, but it is becoming a new “era” where not only the organizational setting is changing, but
also the way these products are developed, marketed and consumed, (J. Harris et al., 2012).

8
1.2. Evolution
Even though the consumerization of IT arrived at a rapid pace, it is clear it did not just appear
“out of the blue”. According to Castro-Leon (2014) research, there were three clear factors that
preceded and drove the trend. The first consumerization driver was the changing relationship
between the workers and employers. After the economic crisis in 2008 the number of full-time
employees had decreased and the amount of “transient staff” significantly increased – these are
independent professionals, various service providers or just temporary employees that usually
bring their own technology to the enterprise to deliver their service. The second driver is the
blurring of enterprise boundaries brought by the emergence of the cloud. Enterprises can
outsource entire functions and applications to a service provider and thus “become gigantic
system integrators managing complex supply chains,” (Castro-Leon, 2014). The third driver is
the transition to a service-oriented economy which eventually trickled down to the IT industry as
well. Thanks to the development of loosely coupled Web Services, service components or
servicelets and service networks, traditional applications evolved into composite applications. It
means the individual Web Services and service components became just parts of a larger puzzle
that is a composite application. Soon developers and businesses started offering the composite
applications to a wider public through popular app stores and portals like Dropbox or Google
Drive to create an additional revenue stream. From there, it was a short leap to managers using
their personal accounts and tablets in meetings with their teams, which translates to an initial
form of BYOD.
On the other hand, (Moschella et al., 2004) discuss two different triggers of IT consumerization –
the technical development of public infrastructure and mobile devices with value-added
applications along with the innate technical skills of younger generations. Powerful mobile
devices coupled with ubiquitous internet access and productivity-enhancing applications for
decreasing prices gave rise to escalating consumer interest in technology. Naturally, the demand
for such devices greatly increased, thus businesses increased its supply and caused the
proliferation of mobile devices and tools on the market. The abundant presence of these
technologies then evolved into being used for work-related purposes as well.
A few authors also give credit to Apple’s iPhones and iPads for triggering an even faster
consumerization of IT, due to their innovative approach to consumer products (Thielens, 2013) .

9
They managed to fit an overwhelming amount of functionality into a single device that was very
easy to use and beautiful to look at. Not long after their creation of well-designed, small-sized
and convenient mobile PCs for your pocket, other mobile device providers caught on to compete
with Apple and further stimulated the trend,(Cognini, Gagliardi, & Polzonetti, 2013). In 2011
only (1 year after creation of iPad), 172 million Apple mobile devices were shipped with a rapid
increase in sales for Android devices as well, (Mansoor, 2013).The year 2011 became significant
as it was the first year where more smartphones were shipped than PCs/laptops – almost half a
billion smartphones was sold worldwide.
1.3.Current Trends
However, the increasing numbers of mobile shipments is not the only important trend in IT
consumerization. For purposes of this research, it is necessary to identify how organizations are
handling or not handling consumerization in the form of BYOD programs.
Forrester Consulting (2012) conducted a research study on behalf of Trend Micro that included
organizations from Europe and the US. Their primary focus was on trends concerning the
reasons for BYOD adoption, BYOD impact metrics used, BYOD impact results and the
challenges brought by BYOD implementation (Forrester Research, 2012).
1.3.1. BYOD Program Types
The study begins by gathering data about the types of BYOD programs and organizations’ plans
for adoption. The most widespread is the program for smartphones – as of 2012 60% of
enterprises in the US and Europe were in the process or have already implemented this program
and 18% planned on doing so in the next year. Therefore, it is possible to assume that by 2013
78% organizations have handled BYOD for smartphones. Next, the programs for tablets and
laptops were equally widespread (47% that have implemented it), although few percent more
organizations were planning on deploying BYOD for tablets (19%) rather than laptops (15%) in
the next year. The research also identified which are the most common participants for BYOD
program development and leadership. BYOD teams are a combination of the organizations’ IT
department (86%), senior managers (40%) and occasionally specialists from networking (31%),
engineering (28%) and sourcing/procurement (25%).

10
Fig.1: BYOD Implementation Trends
(Source: Forrester Research, 2012)
An Intel survey of organizations from US, Germany, Australia and South Korea also supports
Forrester’s findings. The results show the use of smartphones is most widespread (74% to 92%
based on the country) and closely followed by tablets (68% to 90%), (Intel IT Center, 2012).
Intel has also identified which of the most common productivity apps are being used with these
devices. The most common apps being: emails with attachments, employee calendars, employee
contact lists, apps with sensitive data, ERP systems and finally payroll or other HR system.

11
Fig.2: Productivity App Usage per Device
(Source: Intel IT Center, 2012)
1.3.2. Leading Adoption Drivers
The next section of the Forrester Research (2012) study determines the organizations’ drivers
for adoption of BYOD. Primary motivation for deploying BYOD is the increase in worker
productivity (70%), easy access for mobile employees (63%) and to enable the use of
smartphones and tablets for work (52%). Thanks to BYOD employees can connect with each
other no matter where in the world they are and continue working on their projects as part of a
team while being away. Other reasons are to provide easy access for telecommuters or home-
office employees (48%), reducing corporate-liable costs (40%) and providing flexibility for
choosing their own devices (40%). Reasons shared by only a fifth of respondents are improved
brand perception, competitive differentiation and cost-savings in other BYOD related areas.
Intel’s survey also places productivity and mobile workforce flexibility benefits as the top
drivers of BYOD adoption (Intel IT Center, 2012). On the other hand, a survey conducted by
Samsung took into account the employee’s point of view on what they believe is the main reason
for adopting BYOD – 77% agreed that it just does not make sense to carry around a separate

12
work and personal device (Samsung, 2012). Thus, Samsung concluded the main driver of BYOD
in the eyes of employees is “common sense”.
1.3.3. BYOD Impact Metrics
The next trend discussed in the Forrester Research (2012) study shows that most companies
measure BYOD impacts by measuring specific types of expenses or the expenses incurred during
a business process as a whole. 60% of organizations measure the impact of the program by the
effect it has on software license fees and maintenance fees (59%). These expense measurements
are separated to facilitate the understanding of which areas are affected the most by BYOD
deployment and to provide insight on necessary modifications of their practices to manage
further cost savings. The software license fees are expenses the company has to make to grant
each of its employees’ access to corporate applications, services, software and data. The
maintenance fees consist of expenses for updating and maintaining the whole IT infrastructure to
keep pace with the BYOD technology (for example a new server to support a new type of
device).

13
Fig.3: Key Adoption Drivers
Over half of the surveyed organizations measure the impact of BYOD by calculating the
reimbursements provided for mobile devices (53%), voice (58%) and data (52%). These are the
stipends or allowances provided by organizations to employees to pay for part of their devices
and their monthly bills. An example from the study states that expenses associated with device
replacement and reimbursement have declined as employees take better care of their devices as
opposed to the ones provided by the company. However, the increase or decrease of such
expenses depends on the company policy and culture. Some may decide to not pay for
employees’ voice and data expenses but might cover a part of the cost of the device. Others
might pay for part of the device along with the monthly expenses or just apply different
reimbursement practices for different groups within the organization. Even though measuring the
impact by calculating reimbursement or allowance expenses seems to be quite popular, the study
by Intel IT Center (2012) shows that only a very small percentage of organizations actually

14
provides stipends for device purchases (2% to 16% based on the country and device). The
percentages in the study would probably be higher if reimbursements for monthly bills were
included as well. Mobile BYOD Index survey by Samsung (2012) confirms the trend –
according to their findings 70% of organizations provide reimbursements for the devices and
monthly bills, though only 39% have a formal procedure for it and 31% does it informally.
Another widespread measurement technique illustrated in the survey by Forrester Research
(2012) is evaluating the BYOD impact by measuring the fluctuations in revenue (59%) and
staffing costs for telecom (59%), help desk (40%) and IT network (32%) personnel. Finally,
there are several areas that are measured as part of the whole process for most of the
organizations: competitive differentiation (58%), application development (58%) along with
training, education and legal fees (54%).
1.3.4. Actual BYOD Impact
The actual impact on organizations based on the previously mentioned measurements is studied
next. The main benefit and impact from the BYOD was also the main motivator for companies –
82% of the surveyed organizations agreed that productivity has significantly increased as a result
of the program (Forrester Research, 2012). 55% of IT managers surveyed by Intel also agreed
one of the most noticeable impacts was a boost in productivity (Intel IT Center, 2012). Hand in
hand with the increased productivity is a major increase in revenues and a decrease of certain
costs. 69% of the participating companies had an important increase in company revenues
(Forrester Research, 2012). Conversely, 52% of managers from the Intel survey also confirm the
implementation of BYOD decreased the cost of doing business (Intel IT Center, 2012). It is
important to note that BYOD in different organizations has different effects on the various costs
and expenses, although some major commonalities can be found. The areas where an expense
increase is expected are for application security, back-end infrastructure and mobile device
management costs. As mentioned before, the areas with decreasing expenses are the device
purchase and replacement costs(Forrester Research, 2012). Important reductions are also
expected in the capital expenditure, IT support and training costs (Intel IT Center, 2012). Other
significant impacts from IT managers’ perspectives mentioned in Intel’s research are that the
program made their job much easier (47%) and that the role of the IT department evolved to one
of a partner of the organization (54%).

15
1.3.5. Necessary Activities for Formal BYOD Adoption
The last part of the Forrester study reports that once an organization has decided to implement a
BYOD program, there was number of activities it had to complete in order to be successful
(Forrester Research, 2012). As different groups of employees have different roles, devices, data,
applications and security requirements a formal BYOD governance document and
reimbursement policy must be developed to fit every employee group and be constantly updated.
According to Samsung’s research, of the 69% that have some type of BYOD program in place,
only 29% have it formalized (Samsung, 2012) – the BYOD “natural adoption” is much faster
than its “formal adoption”. Another common activity among organizations was the creation of a
cross-functional team to develop and manage the deployment of the program (Forrester
Research, 2012). Each functional unit must be represented in the team to ensure the BYOD will
serve well every department and function. Representatives must communicate effectively their
unit’s needs and perspectives to allow for a joined effort that will benefit the whole organization.
Ensuring security is another important activity and challenge that has to be tackled during the
deployment. The most pressing are mobile device security challenges (for 65% of responding
companies), data breach concerns (59%), mobile data security (55%) and mobile application
security (50%).

16
Fig.4: Activities to complete after BYOD Implementation
1.3.6. Barriers to BYOD Adoption
Before deciding to deploy BYOD initiatives, there are certain requirements organizations have.
Intel IT Center (2012) has identified the top 3 requirements devices must have across various
countries and organizations. The most recurring ones are: employee code of conduct, installing a
security program and having management rules. One country has also added the ability to wipe
remotely a device to their top requirements. The study has also identified the top 3 barriers to
adoption of a BYOD program: the organization is heavily regulated, the device does not support
specific security requirements such as a remote wipe or encryption, the device cannot be
customized for use at the office or the organization does not support the OS. Some countries
have also added as a barrier a lack of compatibility of the device and its inability to support an
enterprise app. These barriers are directly related to the main reasons why organizations do not
allow BYOD devices as shown in Fig.5.

17
Fig.5: Key Factors against BYOD Adoption
(Source: Intel IT Center, 2012)
Many other IT consumerization trends could be discussed as it has become an increasingly
debated “disruption”, though the mentioned trends are the most pertinent ones to the topic of IT
consumerization in a corporate setting.
1.4. Implications for IT Departments in Organizations
More specifically, what does this new trend mean for organizations? The recurring topic is the
great shift of relationship and power between the consumers/employees, the IT department and
the organization, (Castro-Leon, 2014; Copeland & Crespi, 2012). As there are a much larger
number of self-employed or part-time employees than ever before, they have learned to become
independent of the organization to be able to do their job and deliver their services no matter
who they work for. This required a “technological independence” from organizations and led the
population towards investing to and adopting new technologies on their own, instead of using the
ones provided by enterprises like in the previous decades. With the newest technologies being

18
cheaper, more portable, powerful and reliable, they have become an easy buy for today’s
professionals (J. Harris et al., 2012).
The shift in power between consumers and IT departments stems from consumers being up to
date on the recent technologies and are very fast in adopting them – much faster than IT
departments are and have the capability to be. The IT culture has evolved towards one where
“the users are the ones getting the latest, cutting edge technologies first” (Cognini et al., 2013).
Therefore, consumers are the ones pushing the new technology to organizations that have no
choice, but to find a way how to embrace and leverage it. Until recently, IT departments were the
ones driving technological innovation in organizations but most importantly they were fully in
control of any software and hardware used by employees (Koch et al., 2014). As this is not the
case anymore, IT departments must rethink their entire processes and strategies,(Moschella et al.,
2004). Therefore, new mechanisms must be found for managing and controlling these devices
while providing fully secure access to corporate data from any location through any device,
while staying within budget(Copeland & Crespi, 2012; Koch et al., 2014).
1.4.1. Role Conflict Theory to Interpret Shift of Power
Koch et al. (2014) created an interesting interpretation of the impact of IT consumerization on IT
departments – it was categorized into different types of conflicts caused by the new trend. IT
consumerization brought to light a great difference in values of the IT consumers vs. the IT
department. As these values barely overlap, conflicts on several levels are created.

19
Fig.6: IT Consumer vs IT Department Values
(Source: Koch et al., 2014)
The study interprets these disagreements as “role conflicts” that are present in the goals, behavior
and identity perception of the IT department. The department is considered as the focal role that
is influenced by the organizations’ management and end users’ beliefs and attitudes. When the
organization and the users have different expectations from the department, it creates a conflict
of roles.
Conflicting Goals
For instance, the goal conflict is control vs. empowerment. IT departments have always been in
charge of standardizing the organization’s technology, managing vendors and monitoring the
usage of unauthorized tools. Now, there are no enterprise vendors to manage or technologies to
standardize – employees bring all sort of technologies and choose their own tools whether it is

20
authorized or not. So essentially, IT departments have lost control of “IT within the
organization” and yet they must maintain a stable computing environment. This is where the goal
conflict stems from - the empowerment provided to employees by the variety of consumer
devices overpowers the control goal of the IT department. Additionally, other authors have
observed the contradiction, although they have not employed the role theory to describe it.
Cognini et al. (2013), Mirza, Weiss, and Jekel ( 2012) and Pwc (2011) also illustrate the “old
habit” of IT departments standardizing and tightly controlling all software and hardware used in
the organization along with the force of consumer requests moving in the opposite direction.
Consumers want the devices, tools and software of their choice, tailored specifically to their
needs and the IT department is expected to find a way how to make it work,(Thomson, 2012).
Conflicting Behaviors
Thus, according to Koch et al. (2014)the next level is the behavior conflict: IT’s ability vs. user
expectations. The conflict here is that users want perfectly functional devices for work and
personal use. However, if an organization is to allow corporate data on a device, it must disable
certain features to ensure security, which in return disappoints the users. On the other hand,
employees expect IT departments to be able to fix, support and install all of their devices even
though the department does not have the ability to do that for all the different types of devices.
Therefore, a user is expected to be able to handle the technology they want to use for work and
accept that some of the functionalities will be limited to maintain security. The behavior conflict
is perhaps the most frustrating for both sides. Harris et al. (2012) confirm employees expect to be
able to use their devices and apps at work just as they do at home, when this is not possible the
satisfaction from being able to bring the device significantly decreases. On the other hand,
organizations and IT departments must clearly specify which devices are acceptable for work
along with the amount of technical support available, (Gaff, 2015). These steps will help the
organization avoid the necessity of investing into support for an unlimited amount of devices and
make employees’ expectations more realistic.
Conflicting Identities
The last level of the Koch et al. (2014) role study is the identity conflict which differs based on
the stage of BYOD implementation the company is at. For an enterprise at the nascent stage of
the BYOD, the main debate is whether implementing such practices is a necessity vs. luxury.

21
Before proceeding, the department must agree the practice is a necessity with a great added value
and not just a luxury for employee comfort. Based on Garba, Armarego, Murray and Kenworthy
( 2015) and Harris et al. (2012) this consideration seems obsolete, as they state the IT
consumerization in organizations is “inevitable” or perhaps even a “natural evolution” as shown
in Moschella et al. (2004). Thanks to the emergence of newer, cheaper and more compact
technologies the trend seems to be closer to a necessity rather than a luxury.
An organization that is currently implementing the BYOD practice has an IT department
balancing between being a cost center vs. innovation center, (Koch et al., 2014). The cost center
role is one of an IT department that can bring great value with a low budget as opposed to an
innovation center that should bring new technologies and create new infrastructure for the
organization. Mirza et al. (2012) also depicted pre-BYOD IT departments as ones driving cost-
efficiency by standardizing company hardware and software. However, a number of studies
show that implementing BYOD does in fact save cost in the long term even though initial
investments are needed (Cognini et al., 2013; Forrester Research, 2012; Mirza et al., 2012).
Therefore, if possible IT departments should stop focusing on having the lowest possible cost
and rather start focusing on how to be innovative and find a way how to embrace BYOD. As
Thomson (2012) observes, for most organizations “the BYOD issue is less a matter of ‘No, we
can’t do it’ and more a question ‘How do we do it?’”.
Finally, organizations that have already implemented BYOD several years ago are shifting
between being a service provider vs. consultant (Koch et al., 2014). As users and units have
become empowered and comfortable with the new technologies the IT department encouraged
users and units to take on certain tasks that were usually done by the department and promoted
“self-support”. This evolved into business units creating their own apps for use in their
departments, though realized their expertise was limited and they needed guidance from the IT
department (consultant role). So when other departments or users worked on a project that is
usually in the IT departments’ scope, the department was insecure about its role in the
organization. On the other hand when business units realized they do not have the necessary
expertise, they expected the IT department to be able to fix the problem (service provider role).
Thus there was an identity conflict between being a service provider or a consultant. This
conflict or behaviors have not been elaborated yet by other authors, although it has been

22
underlined in one of the previous sections, that users expect their IT departments to be able to fix
and support any technology. The role of the IT department as a consultant has yet to be explored
in more depth.
IT consumerization has fuelled a revolution for IT departments that struggle to catch up with
consumers and their newest technologies. The impact of consumerization of IT on the
organization is widespread and thus other implications will be discussed as part of the
opportunities and challenges in the BYOD section of the literature review.
2. BYOD – “Bring Your Own Device”
2.1. Definitions
As seen in the IT consumerization definition section, BYOD and IT consumerization can be used
interchangeably, thus their definitions are very similar. The rise of BYOD represents the trend
of IT consumerization in organizations and can be considered as a subset of IT consumerization ,
(Garba et al., 2015). “Bring Your Own Device” is a self-explanatory name - it means employees
can bring their own personal mobile devices to work and use them to complete their work
activities(Castro-Leon, 2014; Gaff, 2015; Shumate & Ketel, 2014). As for what can be
considered a personal device, is any device that has not been checked and configured by the IT
department,(Mansfield-Devine, 2012) .
However, there are variations of BYOD. The consumerization trend does not only apply to
devices, it also applies to apps, software, various platforms and clouds, so the name BYOD can
be changed to BYOX, BYOA, BYOS, etc. (Castro-Leon, 2014; Earley et al., 2014; Eschelbeck,
2012). In the case of these “personal technologies”, when they are not pre-approved by the
organization, the act of using them is called “shadow IT”, (Koch et al., 2014; Walters, 2013).
As seen in the “Current Trends” section, BYOD brings a variety of opportunities that need to be
explored. Even though the practice is considered a “fait accompli” for most organizations, it does
not come without serious challenges, (Gaff, 2015; Mansfield-Devine, 2014).

23
2.2. Opportunities
BYOD implementation brings a wide range of benefits to any organization that implements it
successfully. The benefits are separated into two larger groups: the first group includes all the
benefits that contribute to increased productivity and the second group focuses on cost savings
and reduced expenses.
Productivity, Mobility & Efficiency
Most researchers agree, the implementation of BYOD increases productivity significantly,
(Gaff, 2015; Garba et al., 2015; Mansfield-Devine, 2012; Shumate & Ketel, 2014; Wang, Wei, &
Vangury, 2014) . A number of factors have enabled such an important increase in productivity.
First, thanks to IT consumerization employees buy the latest technology on the market which
usually much better than the technology provided by the organization (Cognini et al., 2013; Gaff,
2015). As they are able to use the technology they chose themselves and were willing to pay for,
employees become much more efficient in carrying out their daily tasks as they are already
familiar and comfortable with using their devices (Gaff, 2015; Garba et al., 2015; Mansfield-
Devine, 2012; Shumate & Ketel, 2014). Morris Chang, Ho and Chang (2012) confirm this trend
with his finding of a 20% increase in productivity – “the equivalent of an extra day of work per
week”.
Users are free to combine the use of mobile devices as they deem appropriate in order to deliver
the best value to the company and become better at doing their jobs – a tablet might be more
useful at meetings with clients, laptops for writing reports and smartphones for checking and
responding to urgent emails. Consequently, there is a noticeable increase in employee
satisfaction as they do not have to use technologies that were forced upon them by the
organization (Cognini et al., 2013; J. Harris et al., 2012; Keyes, 2013; Koch et al., 2014;
Shumate & Ketel, 2014). The anxiety of being unfamiliar with the technology and the
expectation of something going wrong will most likely disappear. Another benefit is innovation
(J. Harris et al., 2012; Koch et al., 2014) as employees become more creative on how to perform
their jobs thanks to their comfort with the chosen technology. The organization benefits greatly
from this approach as the use of latest technologies “revitalizes” the infrastructure (Moschella et
al., 2004) – employees use their modern devices to help complete their organization’s objectives,

24
(J. Harris et al., 2012). Thus, in some way the organization “commands” the new devices and
makes them work for its own advancement.
The next and perhaps most appealing benefit is mobility – it provides users access to information
at any time from any location and gives the organization the opportunity to be in touch with
employees at all times (Garba et al., 2015; Steiner, 2014). Not only does mobility directly imply
the benefits of increased flexibility and convenience (Garba et al., 2015), some even suggest
there is a higher probability of employees working after hours as they can access resources any
time (Gaff, 2015; Keyes, 2013). Since these devices are not only mobile but also personal,
employees keep them close at all times and thus are easily reachable through various
communication channels such as instant messaging apps or other chatting platforms –
cooperation and teamwork have become much faster and easier (Moschella et al., 2004;
Thomson, 2012). The last benefit in this category is improvement of company image and the
perception of the organization being more accommodating to its employees (Copeland & Crespi,
2012; Gaff, 2015). This benefit helps the company with recruitment and retention of young and
talented employees (Thielens, 2013), therefore it is also one of the motivations for organizations
to adopt BYOD as was demonstrated by Forrester Research (2012).
Cost Savings, Expenses and Revenues
One of the primary financial benefits underlined by many authors is the fact that most of the
costs for buying and maintaining the devices are transferred to the consumers (Gaff, 2015; Garba
et al., 2015; J. Harris et al., 2012; Shumate & Ketel, 2014) – they are happy to pay for
purchasing and maintaining a device as long as they were the ones who chose it (Cognini et al.,
2013; Copeland & Crespi, 2012). License costs for applications are also decreased (Shumate &
Ketel, 2014) as well as the costs for voice or data services (Cognini et al., 2013). Cognini et al.
(2013) and Keyes (2013) suggest that organizations can save up to $80 per month per user when
the eliminated expenses are put together. Another implied financial benefit is that organizations
will save on training costs as employees are already familiar and fully comfortable with their
own devices – they have trained themselves, during leisure time. The final and most significant
financial benefit is the increase in bottom line revenues due to the increase in productivity. Based
on the study lead by Forrester Research (2012) 69% of the participating companies have in fact
increased their revenues.

25
Even though the adoption of BYOD brings a variety of new opportunities for improvement, it
does not come without serious challenges.
2.3. Challenges
The most widely acknowledged challenges of BYOD are security and privacy. Due to the rapid
development and adoption of IT consumerization in organizations, IT departments do not have
full control of the hardware and software being used anymore (see section 1d). Thus, security
and privacy issues have become increasingly complex. This section will focus solely on
explaining and describing the challenges – solutions for tackling these technical and social
challenges will be discussed in the sections below.
To be able to do their jobs properly, employees need remote access to company data, which
poses a number of risks. First, organizations must have a way to monitor who accesses the data,
when, how and from what device; or in more precise terminology organizations need “access
control” (Mansfield-Devine, 2012; Mansoor, 2013; Shumate & Ketel, 2014; Vorakulpipat,
Polprasert, & Siwamogsatham, 2014). Due to the current technological landscape in
organizations, creating an effective solution is difficult and time-consuming. Each organization
must have their own customized access control policy to not only monitor users who retrieve
data but also the devices (Mansfield-Devine, 2012). Without access control any employee could
get data he is not supposed to see (Steiner, 2014) or any hacker that gains access to the network
could retrieve important data and the organization would not even know about it (Wang et al.,
2014).
Once an organization has created a suitable solution for monitoring who requests access to the
data, it must ensure the data is retrieved and transferred in a secure manner (Mansoor, 2013;
Morrow, 2012). This largely depends on how the user is connected to the network – is it through
a VPN, a public unsecured Wi-Fi/mobile network or a secured Wi-Fi/mobile network (Mansoor,
2013; Shumate & Ketel, 2014)? After retrieving the data, the following security concern is
where and how was the data opened or stored and whether the location of the stored data is
secure enough, (Mansoor, 2013). Once the data is stored on a device, it can be easily transferred
to another device, (Wang et al., 2014) from which it can be stolen or made available to an
employee that is not supposed to see it. Therefore, measures must be taken to secure the device
itself (Morrow, 2012).

26
Before IT consumerization, organizations did not have to worry about security from so many
angles as corporate data resided on company owned devices that were usually set up by the IT
department and thus considered as secured by default (Mansfield-Devine, 2012).
Mobile devices provide many more access points for malware and hackers if not regulated
correctly; according to Steiner (2014) personal devices are like an “open door” to the
organization’s network. Consequently, one of the toughest challenges for organizations and
especially IT departments is to accept the fact that the “security perimeter” has changed and
evolved outside the organization where the IT department has no control (Thomson, 2012).
The next major challenge when implementing BYOD is developing privacy measures(Gaff,
2015; Garba et al., 2015; Jaramillo et al., 2013; Morris Chang et al., 2012). As mentioned above,
devices must also be thoroughly secured, but how can the organization enforce anything on a
devices if it is personal? There are several techniques that allow the organization to maintain
security and control of data being viewed on employees’ personal devices without having to
interact with employees’ personal data on the device. Based on the techniques that fit best,
organizations combine several space isolation approaches for devices - light weight or heavy
weight virtualization and mobile application/device management (Garba et al., 2015; Jaramillo et
al., 2013; Leavitt, 2013; Morris Chang et al., 2012). Differences between these approaches will
be further assessed in the Technical Issues section.
Other challenges related to privacy and security are ownership issues and loss of device (Gaff,
2015; Shumate & Ketel, 2014). When corporate data is stored on a personal device that has
personal information on it along with corporate information, drawing a line between what a
company can do with the device to ensure its security and what an employee can do with his own
device while maintaining the integrity of the data becomes difficult. Therefore, it is extremely
important to define this in the corporate policy and have the employee agree by signing it to
create a “contract” between the two parties (Armando, Costa, Verderame, & Merlo, 2014;
Cognini et al., 2013; Gaff, 2015; Mansoor, 2013; Vorakulpipat et al., 2014) – Acceptable Use
Agreement with boundaries on what the organization and employees can or cannot do with the
device as well as the limits of employee ownership. The most common understanding is that the
employees own the device along with the personal information and apps stored on the device and
the organization owns all the work-related data and apps retrieved from the corporate network

27
(Ernst & Young, 2013; Gaff, 2015; Walters, 2013). The agreement also has to include the steps
to be taken in case of theft or loss of device, in which case the organization usually reserve the
right to remotely wipe all of the information stored on the device, (Gaff, 2015; Mansoor, 2013;
Thielens, 2013).
The last of the major challenges is the blurring of boundaries between work and life for
employees, (Gaff, 2015; Köffer et al., 2014; Mansoor, 2013; Moschella et al., 2004; Samsung,
2012; Thomson, 2012). The blurring of the line does not only happen on the device but also
during the employee’s private time outside of work. Employees can be easily contacted through
their personal device during off-hours as well as they can connect to the organization to continue
working. In this manner, the “work life” interrupts or intertwines with the “private life”. This can
become quite frustrating when boundaries are not defined (Chang, Cheng-Chieh, & Chen, 2014):
is the employee supposed to respond to work emails and messages when contacted during off
hours (Moschella et al., 2004)? Can the employees be “punished” for not doing so? This non-
clarity and general acceptance of the trend by the younger workforce (Thomson, 2012) is a great
benefit for organizations (Mansoor, 2013) as employees are more likely to work longer hours.
On the other hand, not everyone is willing to work or to interact with work-related data during
their private time and thus become frustrated or anxious by the increasing overlap of the two
previously separate parts of life. Köffer et al. (2014) demonstrate in their study of the work-to-
life conflict employees can feel overwhelmed by work depending on how available they make
themselves to their colleagues during off hours. It is important that the organizational culture and
values reflect the need for private time through their policies and strategies as these have a direct
effect on employee behavior and thus sentiment of being overwhelmed (Köffer et al., 2014).
Some of the abovementioned challenges have highlighted certain managerial and technical issues
that need to be explored in more detail to provide a good understanding of the necessary
measures for a successful BYOD program.
2.4. Governance Measures & Considerations
As a growing number of mobile devices make their way to organizations, additional management
mechanisms have to be developed.

28
An official policy to manage the changes brought by IT consumerization must be created and
tailored for the specific needs of the organization (Shumate & Ketel, 2014).It must have explicit
operating guidelines on acceptable user behavior, supported devices and operating systems as
well as the extent of IT support to be expected, device security requirements, ownership
boundaries and steps to take when a device is lost or an employee is leaving the company
(Cognini et al., 2013; Gaff, 2015; Mansoor, 2013; Morris Chang et al., 2012; Shumate & Ketel,
2014; Thomson, 2012). When developing such a policy, the existing information security policy
should be used as a baseline and current infrastructure examined to understand the organization’s
capabilities(Shumate & Ketel, 2014). Organizations without such policies will have difficulties
controlling who accesses their data and what applications are being used to do so(Morrow,
2012). The policy should also be updated at least once a year to account for the evolving
technologies and changes in processes (Morrow, 2012; Shumate & Ketel, 2014; Wang et al.,
2014).
A common practice among employees in organizations with some form of BYOD is “shadow
IT”. The term is used to describe the usage of unauthorised applications and platforms for work
purposes (Walters, 2013). A simple example would be an employee storing work documents on
Google Drive or Dropbox. This poses a problem for organizations as it increases the security risk
or corporate data being exposed. Therefore, it is important to consult employees on why they
want BYOD and what functionalities are important for them (Mansfield-Devine, 2012) otherwise
they will find a way around the corporate policy and use other unauthorised tools they believe
are best for doing their job(Thomson, 2012; Yevseyeva et al., 2014). According to Leavitt (2013)
a survey of 1300 business users found that one fifth of these users was storing corporate
documents on Dropbox even though their company policies forbade it. Thus, it is clear the
creation of a BYOD policy should be done in the form of co-operation between senior executives
and representatives of various positions or departments to ensure everyone will have the tools to
do their jobs efficiently while keeping corporate information secure, (Mansfield-Devine, 2012;
Thomson, 2012). As shown in Forrester Research (2012) survey it has become the latest practice
among organizations. Moreover, policies that are too restrictive and inconsiderate of employees’
needs hinder the potential benefits of BYOD (Steiner, 2014). In case the policy would provide
only few options for connecting to the network and the tools that can be used, it would greatly
decrease the convenience, flexibility, mobility and productivity boosts brought by BYOD.

29
Instead of formulating a highly restrictive policy under the assumption it will increase data
security, organizations should take time to educate and train their employees on secure
behavior(Mansfield-Devine, 2012). Employees are considered the weakest link of the security
perimeter (Mansoor, 2013; Pepin, 2013), thus providing them with the understanding of the
existing security threats and how to avoid them will significantly decrease the chance of any
malware getting on to the corporate network and data being leaked or stolen. Several other
authors also agree that training and education on the topic will make a significant contribution to
an organization’s security (M. A. Harris, Patten, & Regan, 2013; Shumate & Ketel, 2014;
Thomson, 2012; Walters, 2013) as unaware and untrained employees can be a threat to the
organization and disclose data without knowing about it (Gaff, 2015; Morrow, 2012). Once the
users understand what they are doing wrong, they can consciously modify their behavior to avoid
“security mistakes” in the future.
As for the actual management of the BYOD trend, J. Harris et al. (2012) have identified 4 middle
ground approaches during their study being used by different organizations based on specific
business needs. On one hand is the known “laissez-faire” style where IT consumerization was
not dealt with at all and on the other end of the scale is the “authoritarian strategy” that exercises
tight control. The first middle ground strategy is “broadening the scope” where BYOD
embracement is lightly approached – more devices are added to the list of allowed and supported
technologies by the organization. The second strategy moves a bit further and provides a “gadget
budget”, a budget for an IT device in the form of job benefits. The third strategy segments the
employees into different groups by role and allows specific devices based on the group’s needs.
The fourth and final middle ground strategy is to aggressively advocate uptake of newest
consumer electronics. Each of these strategies tackles IT consumerization to a different degree
and can easily be an advantage or a detriment to a company – the strategy must be selected based
on company culture, values and capabilities.
To help understand how this can be handled technically, further guidelines will be disclosed in
the section below.

30
2.5. Technical Configuration & Considerations
As seen in the Challenges section, the most pressing technical issues and measures to be put in
place are related to security and privacy; both of which can be handled through technology
configuration.
It is recommended that before adding any new personal devices “officially” to the company
network, the organization should take time to find out what is already connected to their network
(Shumate & Ketel, 2014) – some organizations have found devices they believe have
decommissioned that were still on the network (Mansfield-Devine, 2012). Therefore, it is
important to “clean” the network before beginning the BYOD initiative as many more devices
will be connected to it once the implementation starts.
Assuming the organization is now aware of the people and devices connected to its network, it
can start handling new connections to the network through Access Control. Upon login each
employee and each of their connected devices is first authenticated and then authorized to access
(Mansfield-Devine, 2012; Steiner, 2014; Vorakulpipat et al., 2014). However, to be able to
access the network the device must first be “discovered” through an agent-based or scanning
system (Wang et al., 2014). Scanning systems have proven to be inaccurate as they were not
able to detect devices on the network and required much larger overhead; thus agent-based
systems have become more common and known as Mobile Device Management (MDM)
systems. The main difference when employing MDM is that each device wanting to connect to
the network requires an “agent” app for identification and management. The combination of
access control and MDM will provide visibility to the organization – this approach ensures
organization’s awareness who is connected, with what device, what data they are accessing and
even decide which user can perform what actions with specific resources (Garba et al., 2015;
Mansoor, 2013; Walters, 2013).
MDM is a very important tool for organizations as it helps ensure the devices’ and users’
compliance with security policies (Mansoor, 2013; Morris Chang et al., 2012; Wang et al.,
2014). It can enforce the use of a specific type of password, encryption, remote wiping, the way
one connects remotely and the applications used, (Garba et al., 2015; Leavitt, 2013; Mansoor,
2013; Steiner, 2014). Though it is important to note, that without a space isolation technique
MDM will enforce the policy on the whole device and users will lose the flexibility of their

31
devices, (Wang et al., 2014). Depending on whether the separation is done at operating system
(OS) level or at the hardware level, MDM will have to enforce basic security measures on the
whole device such as password or anti-virus (in case of OS level separation) while restricting
application use and executing remote wiping only on the corporate part of the device(Jaramillo et
al., 2013). Therefore, organizations should choose one or a combination of the space isolation
techniques that fits best their needs in order to preserve device functionality and privacy for
users’ personal purposes and security for corporate use. Before moving on to the space isolation
techniques, some popular examples of MDM vendors are Mobile Iron (Leavitt, 2013; Thielens,
2013) and Zenprise (Thielens, 2013; Wang et al., 2014) and Fiberlink’s Maas360 (Leavitt, 2013;
Wang et al., 2014).
Space isolation on the device itself is most often done through containerization or virtualization
(Jaramillo et al., 2013; Leavitt, 2013). The containerization technique consists of developing an
encrypted storage application that would keep the corporate data securely contained and separate
from the user’s personal data (Leavitt, 2013). This separation happens through the OS at the
application level by any one or all of the following activities: device management features and
enforcement of security policies, managing user permissions and by intercepting OS function
calls (Jaramillo et al., 2013). A good example of containerization in practice is the case of
“BlackBerry Balance”. It allows the organization to manage the corporate part of the device
through a centralized server without having any impact on the personal part of the device. The
security layer is designed in such a way, to clearly separate the corporate data and application
from the personal ones, restrict access to corporate data from social media apps and block the
copy pasting function within the corporate container. This allows for some flexibility when an
employee is leaving the company as the IT department can just wipe the corporate part of the
smartphone and the rest will stay intact.

32
Fig.7: Space Isolation Techniques
(Source: Jaramillo et al., 2013)
As for the virtualization technique, there are two main types. The type 1 hypervisor, heavy-
weight or bare metal virtualization technique is implemented directly at the hardware level where
a virtualized platform can run separately a personal and enterprise OS and thus can provide the
most effective isolation (Jaramillo et al., 2013; Morris Chang et al., 2012; Wang et al., 2014).
Moreover, it has direct access to hardware resources and thus can optimize hardware usage
between the two separate OSs, (Jaramillo et al., 2013). The downside of this technique is the
significant toll it takes on the device’s performance due to its overhead as was pointed out by
Garba et al. (2015), Jaramillo et al. (2013) and Morris Chang et al. (2012). An example of this
technique is the solution provided by Red Bend that partnered with organizations to have
products with an already built in bare-metal hypervisor that creates virtualized environments for
both of the OSs (Jaramillo et al., 2013).
The type 2 hypervisor , light-weight or hosted virtualization is one executed just above the host
OS level and below the guest OS level (see Fig.7), (Jaramillo et al., 2013). Both of the mentioned
authors (Jaramillo et al., 2013; Morris Chang et al., 2012) bring to attention the worthwhile fact
that in the light-weight virtualization technique the guest OS heavily depends on the host OS and
thus will be compromised once the latter is. An example of the type 2 hypervisor solution is
VMware that enables an Android device to run two virtual namespaces of a single OS (Wang et

33
al., 2014) between which the user can switch thanks to a specific icon on the screen (Jaramillo et
al., 2013). The second virtualization technique can also be called “application streaming” which
starts the application from a virtual environment on the mobile device while the application
itself runs on a client operating system (Shumate & Ketel, 2014). In simpler terms, virtualization
allows the user to have two separate “devices” in one by “streaming” data and applications from
a different device or computer. A significant advantage of virtualization over the other isolation
techniques is that the data viewed on the device is not stored on the device and remains in the
safety of the organization’s security perimeter (Cisco, 2012b; Garba et al., 2015; Shumate &
Ketel, 2014). Even with this advantage, the containerization technique is often the preferred
method as it is easier to deploy and provides a more seamless experience for the user (Jaramillo
et al., 2013).
The ability to connect remotely is one of the primary advantages and traits of the mobile devices,
thus it is expected that all users will access company data from outside the organization. To keep
the data in transit secure, the connection must be effectuated through a Wi-Fi Protected Access
(WPA2) (M. A. Harris et al., 2013; Mansoor, 2013) or a virtual private network (VPN) (M. A.
Harris et al., 2013; Mansoor, 2013; Vorakulpipat et al., 2014; Wang et al., 2014). VPN encrypts
any data sent through the connection but it does not keep the data encrypted once it is “at rest”
on the device (Shumate & Ketel, 2014). The MDM agent can therefore be used to enforce a
policy of encrypting stored data on the device, unless this is avoided by a virtualization technique
as mentioned above.
However, the mentioned security solutions on their own are not enough and must be combined
with software such as anti-virus and anti-spam on devices(Wang et al., 2014) along with
firewalls (M. A. Harris et al., 2013; Mansoor, 2013; Morrow, 2012; Vorakulpipat et al.,
2014)and intrusion prevention and detection systems on networks to monitor traffic and its
behavior for imminent attacks (Mansoor, 2013; Morrow, 2012).
Another significant technical issue is the trend of jailbreaking and rooting devices (Leavitt,
2013). Jailbreaking a device bypasses any built in restrictions such as which app store or OS to
use (Keyes, 2013) and will essentially “unlock” the depths of the phone and provide
administrative user permissions to the device owner (M. A. Harris et al., 2013). The practice is
mostly used for Apple devices by users that want to be able to customize their phones and access

34
other non-Apple app stores. Android devices are usually “rooted” by users to gain administrative
privileges on the devices, though Android users mostly do so to delete pre-installed software and
to be able to upgrade their OS (M. A. Harris et al., 2013).
In January 2013, with the release of the new iOS version over 7 million jailbreak downloads
were made in the first few days(M. A. Harris et al., 2013). To avoid any misconceptions, Apple
is not safer for organizations than Android as jailbreaking practices increase in popularity. It is
only safer in terms of the amount of existing malware for each type of OS, where Android is
undoubtedly higher (Ernst & Young, 2013; M. A. Harris et al., 2013; Leavitt, 2013; Morris
Chang et al., 2012; Morrow, 2012; Shumate & Ketel, 2014). As for fake applications from third
party app stores that are accessible to jailbroken Apple devices and any Android devices, there
are existing malware copies of the top 100 apps for both platforms (M. A. Harris et al., 2013).
Moreover, not only has the amount of malware for mobile devices rapidly increased in the past
years, but mobile devices have 90% of the same vulnerabilities as PCs do(Leavitt, 2013).
Fig.8: Possible Threats and Attacks on Mobile Devices
(Source: Wang et al., 2014)
As organizations want to keep their networks and data safe, it is imperative they inspect BYOD
devices prior to allowing them to connect or work on inspecting them as soon as possible if
BYOD devices are already connected. Otherwise, it is only a matter of time before malware
would make its way to the device and then the network. Organizations must think through every

35
aspect of security as now there are a lot more opportunities for hackers and attackers make their
way to company data (Steiner, 2014).
To further avoid employees’ contact with any malware, organizations create their own corporate
app stores(Citrix Systems Inc, 2012; Jaramillo et al., 2013; Palitza & Beimborn, 2013; Walters,
2013). In these, they make available all the necessary apps for work, for all devices and versions
in a secure manner. Some of the main benefits of this approach are decrease in shadow IT, no
license management issues and data security on devices when opened through these apps (Palitza
& Beimborn, 2013).
Before the IT consumerization era, security was handled in terms of the organization’s perimeter,
but now it is important to shift that security focus on a data-centric approach (Cognini et al.,
2013; Kumar & Singh, 2015; Morrow, 2012; Thomson, 2012). The approach is a complete shift
of mindset for organizations and requires significant effort as security must now be handled on
multiple levels (Leavitt, 2013; Morrow, 2012; Steiner, 2014; Wang et al., 2014).
2.6. Best practices
The following sections will provide a summary of the most recurring and necessary technical as
well as managerial best practices.
2.6.1. Managerial/Governance Best Practices
First, it is important to ensure buy-in from top management as they are the leaders with most
authority that should promote and support the initiative throughout the organization (Thomson,
2012). Once the leaders have decided to get on board with the initiative, a BYOD policy should
be clearly defined and tailored specifically for the needs, culture and situation of the organization
(Cisco, 2012a; Cognini et al., 2013; Mansoor, 2013; Shumate & Ketel, 2014; Thomson, 2012). It
should also be updated at least once a year to address technological advancements and new risks
(Morrow, 2012; Shumate & Ketel, 2014; Wang et al., 2014). Moreover, the policy should serve
as a contract between the organization and the employee, to ensure employees’ awareness of
security and privacy procedures (Mansoor, 2013). During the development of the policy, it
should be determined which devices, OS versions and applications will be accepted and
supported (Mansfield-Devine, 2012). These decisions should be made in cooperation with

36
employees to avoid later bypassing of the policy (Ernst & Young, 2013; Forrester Research,
2012; J. Harris et al., 2012; Yevseyeva et al., 2014).
The next highly important managerial best practice is the establishment of regular auditing
practices and logging metrics (Mansoor, 2013; Morrow, 2012). This will ensure the
organization’s knowledge of its assets as well as the knowledge of who is accessing which
assets. Logging and auditing information can also be used to identify security concerns and non-
compliance of employees with policies. However, organizations must also be aware of laws,
regulations and employees’ rights in different countries (Ernst & Young, 2013; Gaff, 2015; J.
Harris et al., 2012) before using any data about its employees. For example employees’ emails
located on a corporate device or server are considered the organization’s property in the US and
the employee’s property in Canada or the EU, (J. Harris et al., 2012).
Organizations are not the only ones that must become educated in a specific area as a
consequence of the IT consumerization change. As seen above, employees are considered the
“weakest link” in an organization’s security policy and thus they must be thoroughly educated
and trained to fully understand the policy requirements and what is considered as acceptable
online behavior (M. A. Harris et al., 2013; Mansfield-Devine, 2012; Mansoor, 2013; Morrow,
2012; Walters, 2013). The final managerial best practice is keeping track of the impact IT
consumerization or BYOD has had on the organization. ROI and other key performance and cost
indicators must be measured (Ernst & Young, 2013; Forrester Research, 2012).
2.6.2. Technical Configuration Best Practices
As stated earlier, all the technical and behavioral requirements should be a part of the BYOD
policy and contract between the employee and the organization. It should be noted that all of the
technical best practices that will be discussed, should be a part of the official security policy
presented to all employees.
First, an MDM system should be used to enforce an organization’s security policy (Garba et al.,
2015; Leavitt, 2013). Once every device connecting to the corporate network has an MDM
agent, the organization will have much more control. To make these controls more flexible, users
should be classified into different groups so access to specific resources can be easily managed
and differentiated based on a user’s role in the organization (Cognini et al., 2013; Kumar &

37
Singh, 2015; Mansfield-Devine, 2012; Shumate & Ketel, 2014). Such a classification can be
done through network access control and user profiles. Moreover, all areas where users have to
log in should require a two or three-factor authentication (Mansoor, 2013; Steiner, 2014).
Next, the ownership and privacy issues of personal devices must be considered and a space
isolation technique chosen (Jaramillo et al., 2013; Leavitt, 2013). The isolation technique should
also be chosen in cooperation with employees to find a good compromise and effective balance
between a device’s flexibility and its security. Once this issue is taken care of, organizations and
employees do not have to worry about mixing their private data with corporate data and vice
versa.
As mobility is one of the primary causes of the rapid adoption of the modern mobile devices, a
well-established and tested remote access through VPN is an absolute necessity to keep the data
in transit secure along with a WPA2 encryption for Wi-Fi access (Mansoor, 2013). On the other
hand, to keep the data at rest on a device, server or data centre secure, a 256-bit AES encryption
is recommended (Kumar & Singh, 2015; Leavitt, 2013; Mansoor, 2013). These steps ensure data
security at all times – whether it is being transferred or stored the encryption and overall
technical configuration should be enough to protect the data and discourage hackers from trying
to steal it.
The last and no less important technical best practices are to develop a corporate app store (Citrix
Systems Inc, 2012; Palitza & Beimborn, 2013; Walters, 2013) and to use antimalware
(Eschelbeck, 2012; Leavitt, 2013), intrusion prevention and firewall software as proactive
measures (Mansoor, 2013). Both of these practices reduce the possibility of malware getting on
to the corporate network or the corporate side of the device.

38
Fig.9: Best Practices for BYOD Challenges
Best Practices
Challenges Governance Technical
Creation and enforcement of
policy, elimination of shadow IT
Policy as a contract, orientation,
support from top, cooperation
with employees on policy
development
Policy enforcement with
MDM, development of
productivity tools and
corporate app store
Security on all levels & remote
access
Education and training, policy
as a contract
Role based network access
control, MDM, encryption,
VPN, space isolation,
corporate app store
Employee privacy & space
isolation
Clearly state manner and
necessity of space isolation in
policy and during orientation or
training.
Virtualization,
containerization
Work-life balance Organizational culture, support
from the top
Space isolation
2.6.3. Best Practice Examples in Organizations
The following are a few organization specific examples of BYOD components to provide some
insight and illustration on how BYOD can be handled.
CISCO (Cisco, 2012a, 2012b)
Cisco Identity Service Engine (ISE) Secure network access platform with context-aware
access control decisions, profiling and policy
enforcement.
Cisco TrustSec Intelligent access control used in combination with ISE
for network visibility and management.
Cisco AnyConnect Secure Mobility
Client
Provides simple and more secure “always-on VPN
experience” including authentication for all devices.
Jabber Instant messaging communication for employees
including access to desktop sharing as well as
conferencing apps.
Cisco Virtual Experience
Infrastructure
Virtual workspace composed of virtual desktops, voice
and video that does not allow any storing of data on the
user device and ensures security at all times.
IBM (Erickson, 2008; Pepin, 2013)
IBM Endpoint Manager MDM for all mobile devices, desktops and servers along
with jailbreak detection, security policy enforcement,

39
malware scanning and application management.
IBM Lotus Notes Traveler In combination with Endpoint Manager provides secure
two-way synchronization of productivity apps such as
email, calendar and contacts.
IBM Mobile Connect Secure VPN solution for all mobile devices.
IBM Sametime & IBM Connections Instant messaging, online meetings, conferences and
“community” features for broadcasting announcements,
polling, user profiles and managing common efforts.
CITRIX (Citrix Systems Inc, 2012)
Citrix XenMobile Enables app control and distribution based on user
identity and remote wiping. All corporate data and apps
are located in a separate container within the device.
Citrix NetScaler Access Gateway Management platform for secure and controlled access
to the network, services, desktops and apps. Security
policy enforcement.
Citrix GoToMeeting & Citrix Podio Allows users to create or join meetings with HD video
from any device. Also for used for webinars and
training: GoToWebinar and GoToTraining.
Citrix XenDesktop & XenApp Virtualizes desktops and Windows apps to provide on-
demand services for all mobile devices.
From the examples above, it is clear that most of the larger organizations create their own BYOD
infrastructure solutions. Each part of a solution has a different combination of functions to
perfectly fit the organization’s business needs and still have a well-managed highly secure
perimeter. These organizations have many other BYOD products that enhance the mobile
experience for their employees. For example, Cisco has a few more “intelligent network”
solutions, IBM also has a platform for app development and Citrix provides remote support.
However, the solutions mentioned above demonstrate common functionality needs for most
organizations embarking on the BYOD journey: network access control and device management,
internal communication and collaboration tools, secure remote access and desktop and app
virtualization.

40
III. METHODOLOGY
The primary purpose of this research project was to develop an interview questionnaire, pilot test
it on a case study organisation and perform a qualitative analysis based on thorough literature
review and examination of important concepts in IT consumerization and BYOD. Insights
gained through the execution of this methodology helped us find suitable responses to the main
research question “What are the social and technical considerations of organisations
implementing BYOD at a corporate level?”
1. Case Study Research Method
A case study research method is the most effective approach for conducting the practical part of
this research. The most common characteristics of a case study method according to (Benbasat,
1987; Crowe et al., 2011; Darke, Shanks, & Broadbent, 1998; Yin, n.d.; Zaidah & Zainal, 2007)
are the ability of the researcher to analyze the collected data within its natural setting or specific
context and to focus on a limited area or number of participants to investigate a contemporary
phenomenon with currently unspecified boundaries. The case study method will allow an in-
depth examination of such a phenomenon (in our case the rise and occurrence of BYOD) through
an analysis of related activities or events along with the influence they have on one another
(Zaidah & Zainal, 2007). Therefore, a holistic view of a specific event can be obtained through a
case study and thus can be used to bring new meaning and analysis to any “organizational and
managerial processes” (Yin, n.d.). This research method is also used when the investigator has
limited knowledge about the matter at hand (Benbasat, 1987) and when “complexities of real-life
situations” need to be thoroughly explained (Zaidah & Zainal, 2007). The combination of the
abovementioned characteristics have proven particularly useful in the analysis of various
Information Systems as shown by Benbasat (1987) and Darke et al. (1998). Thus, the case study
research strategy seems to be a good technique to explore the change BYOD has brought to
organizations. As for a specific type of the case study, it will be exploratory – one that uses
broader questions in the beginning to slowly work its way to more narrow themes and detailed
answers about specific issues within the studied phenomenon (Benbasat, 1987; Zaidah & Zainal,
2007).

41
2. Data Collection Method & Interview Development
Key people from selected case study organisations have been invited for an interview. The
interview itself will be semi-structured and consist of several open-ended questions with a
number of prompts (Bricki & Green, 2007). Participants will be answering based on their own
perspective and opinions (Darke et al., 1998; Yin, n.d.).
Initial questions are formulated to be more general and progress toward more specific ones. Each
question has a number of prompts that can be used by the investigator to focus the conversation
on specific areas of a broader concept and gain more detailed information about specific
situations and events. As interviews are the primary data collection method for case studies
(Darke et al., 1998; Yin, n.d.), the focus will be on conducting the interview as rigorously as
possible to increase the “reliability and validity” of the research (Bricki & Green, 2007).
Developing the interview questions is an integral part of this project, as it will serve as basis for a
larger and in-depth research of the IT consumerization and BYOD phenomenon by the co-
author/supervisor of this project (see Appendix A for the interview questions and Appendix B for
interview transcripts). Each interview question is designed to focus on a theme, necessary for
thorough understanding of an organisation’s transition and approach to BYOD. Prompts served
as tools for gaining further details on these specific topics. Although, it should be noted the
prompts are subject to variation based on the received answers from interviewees.
2.1.Interview Questions
The first four questions focus on broader and more abstract themes, followed by the last five
questions that focus on more concrete topics and a final one that gives room for additional
comments.
The first question and its prompts should examine the initial strategy and current state of the
BYOD transition in the organisation the interviewee represents. It should assess the maturity of
said initiative and identify whether a formal solution has been developed and adopted. Then, the
organisation’s motivation for adoption must be questioned as it significantly impacts the manner
in which the initiative will be implemented. The third question focuses on pinpointing the issues
that required most contemplation before deciding to formally move towards BYOD and whether
there was a “breaking point” at which the organisation would annul the transition.

42
It is clear that BYOD benefits are very similar among most organisations, though before that
phase each organisation has to face its own set of challenges. Therefore, the fourth interview
question collects information concerning the most serious challenges for each organisation and
the reasons for their occurrence. This will allow for a better understanding of the various
complexities underlying the implementation of an information system initiative as well as to
develop more insightful solutions for handling them.
The next five questions should provide more concrete details on the execution of the
implementation. In this second half the composition of the decision making team is discussed as
well as the amount of feedback from employees used for developing a tailored BYOD approach.
Next, the evolution of the organisation’s technical infrastructure in response to the initiative
should be inspected. Countless possibilities for network configuration and company data security
allow for a fully customized infrastructure. The IT consumerization disruption brought changes
to the way people execute their tasks and behave at work, thus in the next two questions the
cultural changes as well as operational changes must be analyzed. Finally, the success and
effectiveness of every major change should be measured and thoroughly evaluated to provide
useful data for future improvements and fine tuning. The tenth question leaves room for
additional comments by the participant to express his thoughts on any other important factors
that might have been missed.
3. Qualitative Analysis
As this is a collective or multiple-case study, each case will be first analyzed on its own as
suggested by (Crowe et al., 2011) and then cross examined with the others to identify common
themes, concepts and approaches in tackling the BYOD initiative. A triangulation method of
identifying common themes from various information sources (such as academic or industry
articles and interviews) will be employed (Yin, n.d.). This form of analysis can also be called
“conceptualization” (Knafl & Howard, 1984) as it aids with “theory building” in areas that are
not yet thoroughly explored.
For our purposes, qualitative data analysis is the most effective method as it allows for a detailed
and narrative approach rather than a numerical or aggregate description of an event or situation
(Knafl & Howard, 1984). To be able to answer the main research question, a good

43
understanding of organizations’ approaches and processes is necessary as opposed to statistical
data on for example the number or frequency of those processes.
It is important to note, the analysis and reporting of all data in this study will be done based on
the Tri-Council Policy Statement on the Ethical Conduct for Research Involving Humans.
Fig.10: Methodology Process
Modify Interview Questions
Analyse Case Studies
Perform Case Studies
Develop Interview Questions
Research & Review Literature

44
IV. CASE STUDY INTERVIEWS & ANALYSIS
Two pilot interviews were conducted with high positioned executives from two different
organisations. The first organisation is a successful and global IT service company headquartered
in North America, currently transitioning towards BYOD. The second organisation is a large
intergovernmental organisation located in the European Union, also in transition. Insights
acquired during the interviews were reorganized into 3-4 main themes, for easier comparison and
analysis. First, we start off with the “Current State” of the initiative as an introduction to the
following topics: “Organisational Culture & Behavior”, “Technical Infrastructure”, “Expenses &
Evaluation”.
1. IT Organisation
Current State
The first case study organisation is code-named “IT Organisation” (IT-O), it has about 400
employees and operates on a global level. It is currently half way through with the transition
towards BYOD. The organisation first started off with a 3-month pilot test on 15 people, to try
out the new supporting infrastructure. After the successful proof of concept, the BYOD program
was made available to the rest of the company.
Their technology is already fully location, device and service independent; so to quote the
participant, “in terms of technology it’s all there” (IT-O Interview, 2015). The user base is only
“half way there”. Moreover, a formal policy has already been established to serve as a guideline
for the use of the company’s new BYOD-enabling technology - virtual desktop infrastructure
(VDI). Additional policies are being developed and will later be presented to employees in the
form of a contract.
Organisational Culture & Behaviour
One of the primary reasons why IT-O has decided to transition towards BYOD was the
enormous internal pressure from its management and employees. Being in the IT industry, most
of their staff is very technical and prefers working on the device and platform of their choice;
such as Mac, Linux or Windows. The need for BYOD is mostly focused around using various
types of laptops rather than smartphones as mainly technical work needs to get done.

45
Some of the non-technical staff was resistant at first, as they did not feel comfortable managing
their own device, so it required a lot of communication and benefit demonstration to get them on
board. A hybrid model had to be developed to cater to those who were not fully behind BYOD.
IT-O is working on slowly phasing in the BYOD across the whole organisation – if a non-
adopter’s hardware gets broken, he/she is then moved to a BYOD solution. Eventually, there will
be a final deadline after which non-BYOD users will have to adopt BYOD as well.
According to the interviewee, the IT-O culture was already very mobile and globally distributed;
thus the full transition towards BYOD supports that culture further and makes certain operations
much easier and more efficient.
Technical Infrastructure
For organisations moving to BYOD, one of the most important decisions is choosing the best
fitting technology. The choice of technology will define the whole approach to BYOD adoption.
IT-O has chosen a template-based VDI technology as it was the best choice for their highly
technical and global company. Managing individual equipment for people across the world is
very challenging – in case of broken hardware, the user would not be able to work for days until
a new laptop is shipped to him/her. It is also very labour intensive when upgrades and patches
need to be rolled out.
Now, thanks to VDI the IT department got rid of the hardware management tasks and instead
centralized all the operations within the company, its server environment and data centers. As
virtual desktops do not save any information on the device, there is no need for any device
management systems or space isolation techniques. In fact, it makes the company network much
safer as the perimeter is closed within the organisation. Also, VDI eliminates the need for a VPN
connection and thus simplifies network management. IT-O does not need to provide a network
connection from the office as it becomes a public network – all the data is stored within the
secured perimeter only accessible through VDI. As a result, the minimum security requirements
can be lowered. In case of malware on a device or hacker attack, they will not get on to the
company network as VDI creates a barrier between the two and requires a two-factor
authentication to log in.

46
A significant increase in productivity arises in the IT department, as they do not have to focus on
individual laptops anymore. When new updates or patches are available, they can be rolled out
for everyone at the same time instead of doing it one by one. Also, in case of a hardware failure
the user does not need to wait several days for a laptop, he/she can just connect from any other
device and continue where he left off.
Overall, a lot of new technology was needed to support the VDI implementation. It is currently
being used in parallel with the legacy system until the whole organisation transitions to BYOD.
Cost & Evaluation
Among the main considerations when deciding to move towards BYOD, is cost. BYOD should
be a cost-effective rather than expensive initiative. For IT-O it was cheaper to implement VDI
than to provide a corporate laptop for every employee. This approach has allowed them to keep
costs more or less even and still have room for a generous allowance program.
The non-adopters of BYOD give their allowance to the IT department in return for a corporate
owned, managed and supported device. They also get a VDI access and use the same technology;
the only difference is that the device is not their own.
To evaluate the initiative as a whole, for now there has been no significant change in the way
people work, as BYOD truly seems to be a complement to the IT-O culture. Further productivity
and workflow efficiency increases are expected once the organisation completes the transition –
it will be easier to build upon the platform and develop additional functionalities.
For now, the most noticeable change is for the IT department, which can also easily be measured
by speed of patch deployment, decreased downtime for users with broken hardware, etc. IT-O’s
goal was not to save money on hardware or infrastructure, but to become more efficient and
“save money” from the management perspective.
Even though there was some initial resistance to the initiative, the response was very positive and
the technology seems to be a good fit.
2. Intergovernmental Organisation
Current State
The second case study organisation is codenamed “Intergovernmental Organisation” (IGOV-O),

47
it has about 35 000 employees and operates inside the EU. Their BYOD initiative started in 2013
and has been progressing rapidly ever since. IGOV-O’s BYOD program focuses primarily on
smartphones and a few tablets. There are 5000 devices currently enrolled, with a yearly demand
increase of 70-80%. It should be noted the adoption of BYOD is strictly voluntary and corporate
devices are issued alongside it.
IGOV-O allows and supports all the major platforms, such as iOS, Android and Windows. A
formal policy has already been developed; to be signed by those enroll for the program as they
receive corporate access and additional functionalities for their devices.
Organisational Culture & Behaviour
IGOV-O is in a different industry than the previously discussed IT-O. Most employees are non-
technical and focus on various policies, negotiation meetings, administrative tasks and important
decision making regarding sensitive issues. Therefore, their technical needs are very different
from IT-O.
IGOV-O also experienced enormous pressure from the inside of the organisation, to provide a
BYOD option. However, the main BYOD demand was for smartphones and tablets. Due to the
nature of their work, employees mainly wanted access to their work email and a few other
functionalities that are gradually being developed – tasks they can complete “on the go” or on
meetings that do not require their full attention to save time for the most important tasks. On the
other hand, there is no need for personal laptop computers which are not provided as a BYOD
option for security reasons. The infrastructure at IGOV-O is well established and most
employees work on desktop computers – in case they need a laptop they can have a corporate
one.
Three important reasons pushed IGOV-O to develop a BYOD option for its employees. First, the
growing employee demand could not be ignored. Second, the IT department wanted to satisfy
that demand by providing a seamless experience for its users and through that increase
productivity and efficiency. Third, to help balance employees’ professional and personal lives –
“the more flexibility they have on where they do their work, then they have more flexibility on
where they are and how they manage their lives” (IGOV-O Interview, 2015).

48
However, educating and informing 35 000 employees about the program and the new policy is a
struggle. One of the biggest challenges is to find a way to communicate the benefits and
downsides of the program, to help uninformed employees decide whether it is something they
would be interested in or not.
As IGOV-O is a large intergovernmental organisation, a lot of consultation and discussion with
multiple groups must go on before a final decision can be made. Initially, the IT department
worked on doing thorough research, surveying employees, identifying best practices and
formulating the policy. Then, three different groups had a say on the development of the final
version of the policy. The first group were various users, interested colleagues from other
departments. The second group of people formed a stakeholder forum with IT managers from
other areas and discussed specific issues. The third group is an IT committee that reviews the
presented policy and approves the final version. In this manner, IGOV-O ensures its initiative
will meet the set objectives and benefit the employees who join it.
Technical Infrastructure
Before going ahead with BYOD, IGOV-O had to figure out the best approach for achieving their
goal of helping with the work-life balance. They also had to educate themselves on how to
handle the various types of Android and Windows devices knowing these would be the most
popular once BYOD is in place. Corporate devices at IGOV-O are almost exclusively iOS.
The organisation has decided to use a containerization approach with a customized version of the
Mobile Iron MDM system (same as on their corporate devices). However, due to internal
pressure they were not able to fully prepare the MDM solution before allowing the personal
devices in the workplace. Now, they are working backwards on fitting the MDM solution to the
5000 enrolled personal devices – 1500 devices are already containerized.
With the containerization approach, the organisation must have certain controls and limitations
in place – to increase employees’ flexibility, some of the functionality must be given up. The
organisation also reserves the right to perform remote wipes of devices if they get lost or stolen.
Even though some employees find this invasive, BYOD is voluntary so if they do not want to
risk wiping their personal device they do not have to join the program.

49
As mentioned in the previous section on the topic of functionality, the highest demand is for
accessing emails. A closely related demand is one for accessing secure emails. IGOV-O has a
function in its corporate environment for encrypting emails regarding sensitive issues that are
then sent on a secure route. It is possible to set up in the corporate environment with specific
software and tokens, though it is very challenging to implement on personal devices.
Another technology is being developed not as part of BYOD, but in parallel as a complement – a
system allowing managers to do simple tasks from their smartphones, such as validating leave
requests, validating travel requests, electronic signatures of routine notes, etc. Things that
normally “pile up in your inbox at the end of the day” (IGOV-O Interview, 2015) can now be
executed during a commute or lunch. The development of this technology helps facilitate
electronic workflows as a whole and offers the possibility of doing a lot more tasks online.
Slowly, there will be more and more tasks that can be completed on mobile devices, so BYOD
will only benefit from it. Another plan for IGOV-O’s technical infrastructure is to enable
employees using corporate mobile devices and personal mobile devices to participate in meetings
from a distance through a Skype-like feature.
However, for any of these technologies to be truly efficient the Wi-Fi must be strong enough and
available in all areas of the organisation. For IGOV-O it is not the case. They have several
buildings, some of them old; so even though installing Wi-Fi is easy, it is very expensive. Due to
budgetary restrictions, Wi-Fi deployment has been slow and thus frustrating for employees that
have to use personally paid for cellular data to view their emails.
Cost & Evaluation
At IGOV-O there is no allowance or financial incentive for BYOD participants. The only
financial support provided is in the form a corporate Sim-card that can be used in a personal
device. It is only provided to specific user groups at the top of the organisation, like senior
executives or managers. Other employees do not get such a possibility.
The Interviewee suggested that with some financial incentive more people might join. However,
the main issue is demonstrating the work-life balance ROI and putting a number on it.
Regarding a more measurable ROI, a user survey was conducted - results showed very high
satisfaction with the program and about 3.5 hours a week of extra work being done from home.

50
If we assume that 2 hours from that is being done on top of the 40 hour work week, it is already a
5% productivity increase. Once again, it is hard to say whether this can be officially considered
an ROI but people are doing more work outside the workplace, which accomplishes the
flexibility and productivity goals.
Overall, the transition seems to be a success. Even with the presence of some minor drawbacks
such as device functionality constraints or the outdated Wi-Fi infrastructure, the user satisfaction
is still very high and the productivity increases through enhanced agility are achieved.
3. Case Comparison
The table below highlights some of the main BYOD aspects and demonstrates each
organisation’s approach.
IT-O IGOV-O
BYOD Implementation All employees Voluntary enrollment
Motivation Productivity, flexibility,
centralized operations
Productivity, flexibility,
work-life balance
Organisation Size 400 employees 35 000 employees
Devices Mainly laptops Only smartphones and
tablets
Formal Policy Yes Yes
Policy as Contract In progress Yes
Financial Support Allowance for everyone Corporate Sim-card for
executives and managers
BYOD Technology and
Security
VDI, 2 factor authentication MDM, containerization,
remote wiping
Impact on IT
department
No hardware management Learn how to handle
Android & Windows
Operations No change in workflow More flexibility and
efficiency on small task
execution (emails,
approvals, signatures)
Productivity Increase In IT department due to
centralized operations
BYOD users working extra
hours
Evaluation High satisfaction High satisfaction

Guiding BYOD Initiatives

Empfohlen

Empfohlen

Weitere ähnliche Inhalte

Was ist angesagt?

Was ist angesagt? (8)

Ähnlich wie Guiding BYOD Initiatives

Ähnlich wie Guiding BYOD Initiatives (20)

Kürzlich hochgeladen

Kürzlich hochgeladen (20)

Guiding BYOD Initiatives