Budget trimming is often cited as an attractive benefit of BYOD. The logic is that organizations can save money if employees are picking up the tab for mobile devices. While the reasoning behind that theory is understandable, it could be based on false assumptions and, perhaps, some wishful thinking.
Monthly voice and data
Much of the true cost of BYOD depends on the nature of the BYOD policy. Even if businesses are not paying for employees’ phones, chances are they are absorbing all, or a portion of, monthly voice and data plans through a reimbursement program, which can be significantly more expensive than the device. Corporations can realize sometimes significant reductions by purchasing large pools of data and voice minutes. Those savings are not available to organizations that pay for monthly mobile service charges on a reimbursement basis.
The US Energy Department discovered that poorly monitored BYOD programs can sometimes be more expensive than corporate-managed mobile device plans. The Nextgov website on April 22, 2014, reported that an auditor at the government agency found that some contract employees were compensated for personal smartphones or tablets in excess of what it would have cost the Energy Department to have supplied those same workers with mobile devices.
In addition, a wide-open BYOD policy, which will need to support potentially dozens of different devices, operating systems and versions of operating systems, could introduce management complexity that far exceeds device and application management costs associated with a more controlled number of end user devices. Keeping track of additional devices and platforms may mean a larger technical support staff or the added expense of installing additional MDM or EMM products to cover the entire spectrum of user smartphones and tablets.
It’s the unexpected costs that may result from potential security lapses associated with BYOD, however, that could end up being the most severe. Though no organization is ever completely protected from the leakage or theft of corporate data or intellectual property, the level of protection delivered by a more conservative mobile device policy is often higher than what can be reasonably expected in a BYOD environment. While it’s nearly impossible to put a price tag on the loss of IP, leakage of tightly-held secrets to a competitor could have catastrophic ramifications.
Another unexpected BYOD bill could come due in the form of legal fees. Though their severity varies from country to country, the financial penalties associated with compliance or regulatory-related violations often fall into the six-figure range. Again, while no mobile enterprise device policy is infallible, the more devices and the less oversight IT has over those devices, the more likely content that needs to be accounted for will be lost or stolen. The same holds true for litigation around employee privacy. In some countries in Europe, for example, penalties for monitoring or deleting an employee’s personal information can be severe. The number of privacy invasion legal actions and the likelihood of those actions resulting in fines both tend to decrease if the company, rather than the employee, owns the mobile device.
It’s not just money on the line, either. A security breach could severely damage the reputation of a business or organization, especially one that handles sensitive customer or client information, such as a business in the financial services or healthcare industries. Employee-instigated legal actions could also be a recruitment nightmare for a business or organization.
Cost and benefit
While BYOD has been and will continue to be embraced by enterprises and corporations for its ability to advance worker productivity, it also poses security and management risks that have at times created tension between IT, business leaders and end users. As advances in enterprise mobility increasingly strip away the protective barriers between mobile devices and behind-the-firewall information, CIOs and other IT decision makers will need to factor the costs associated with potential security breaches, compliance violations or legal penalties into any BYOD cost analysis.