Given all the talk about bring your own device (BYOD) policies, you might think that the presenters at a recent "BYOD-Mobility Press Lunch Forum" could name just one company that's documented real benefits from introducing one. But no.
Surely this whole BYOD phenomenon isn't just a con job?
Now employees will doubtless be more productive using tools they're familiar with, and happier and more productive if it's their preferred brand. Yet, the price for this is increased complexity of management and support.
BYOD takes that a step further by allowing employees to bring in their own devices -- bringing security concerns along with them.
BYOD policies are all about making sure these devices are compliant with the organisation's standards for operating system security, data backups, encryption, remote wipe and so on, and making sure employees maintain and operate the devices securely.
But these issues are all ancient history, said Dermot McCann, managing director for Australia and New Zealand with IT systems management software vendor Kaseya.
"I was of course referring to when the monks started bringing their own parchment into some of the towers. I think the challenge really hasn't changed," McCann told the forum in Sydney last week.
"When people introduced typewriters into organisations, people were concerned about data leaking. People introduced PCs, data gets leaked. People introduced floppy discs into those PCs, data gets leaked. This isn't a new phenomenon. It's just a natural evolution of the way we handle and manage information."
In other words it's a business problem, not a technology problem. It's about realising those productivity benefits.
Are the benefits real?
But are those benefit real? None of the six presenters at the forum could name a company that's proven it. Except for McCann naming his own, and that doesn't count. All the BYOD success stories are about the implementation of a policy.
"We have policies across theft and sexual harassment and a lot of other areas," McCann said. "A BYOD policy is just that. It's a policy. It comes down, then, to how you enforce that policy within the realms of it being practicable."
So really, employees will bring in their own, more fashionable, devices anyway. There needs to be a policy to control this phenomenon. The IT department doesn't like writing policies, but the HR department wants a BYOD policy so there's a process for dealing with breaches.
More cynically Angus Kidman, editor of Lifehacker AU, raised the possibility of BYOD being a massive con job, "where basically you persuade people to pay for infrastructure that the business used to pay for, and present it to them as a benefit."
Downplaying the security risks
McCann reckons that BYOD is a direct result of the contemporary business culture of productivity and efficiency above all else in the drive for profits. Perhaps security risks are being downplayed.
"We haven't had any large-scale fallout from BYOD yet. There hasn't been any very public issue... we've had a couple of local incidents, but nothing major that has said we've had a security breach of significant magnitude as a direct result of BYOD," he said.
That said, employees' devices would be accessing corporate data over the network. If a device is compromised, the corporate data compromised with it is likely to be a small amount data-in-motion or data-in-use, not a massive database of data-at-rest -- a fact pointed out by Alan Williams, director of BlinkMobile Interactive.
Besides, BYOD policies create the perfect architecture for blaming data breaches on employees who failed to operate their devices securely, rather than a flawed system.
"BYOD is a subset of mobility," McCann said. But while mobility provides clear benefits in terms of flexibility and productivity, does enabling BYOD represent a higher or lower total cost of ownership (TCO) to the business?
"Partially what it's going to come down to [is] whether BYOD is cost advantageous overall to an organisation or not." And we don't have any case studies yet.