Essential Guide

Enterprise mobile management's evolution

A comprehensive collection of articles, videos and more, hand-picked by our editors

Is managing BYOD policy a waste of the CIO's time?

Is BYOD policy a CIO's problem? Three mobility experts weigh in on whether CIOs shouldn't sweat BYOD but focus on the bigger fish they have to fry.

In 2012, 41% of U.S. information workers used at least three devices for work, and more than a third worked from...

three different locations, according to Forrester Research Inc. No matter where they are, 15% of those information workers are connected to their companies all day, every day. Perhaps they're working off one of the more than 9,000 Android permutations in the market. Maybe they're employed by one of the 70% to 80% of Fortune 500 companies that agreed to support at least one type of consumer-grade tablet for their workers last year. And if their particular tablet isn't supported, chances are it will be by 2016, when an estimated one-third of all tablets sold will be purchased by businesses. Still think the hype around bring-your-own-device policies is overblown?

Read more about BYOD policy

Is mobile virtualization the answer to the BYOD conundrum?

Data protection in the BYOD era

How role-based BYOD management is playing out at IBM

An inside look at Ford Motor Co.'s BYOD program

The importance of having a BYOD policy is not up for debate. As mobility reshapes enterprise computing, the question is, who ought to be in charge of this mobile mélange? Since "BYOD" began emerging as a buzzword less than two years ago, it's seemed a given that harnessing employees' many mobile devices should be the singular domain of the CIO. But is that as it should be?

We asked three experts in mobility to weigh in on the topic. In response, we heard an impassioned plea for CIOs to wash their hands of BYOD and focus on bigger issues, an argument for adding a chief mobility officer to deal with all aspects of the mobile spectrum, and a call for the CIO to play the go-between and delegator. The one thing all three experts agree on? Mobility is much bigger than BYOD.

CIOs wasting time on BYOD, missing mobile innovation opportunities

"There are so many opportunities for mobile to be a reducer of cost; a generator of revenue; a builder of relationships with customers, partners and employees; and those opportunities just aren't being taken advantage of yet, those are the bigger fish to fry." Simon Yates, analyst, Forrester Research Inc., Cambridge, Mass.

Simon Yates Simon Yates

Over the last year we've been working with hundreds of CIOs about mobility and about the impact of consumerization -- the devices employees bring into companies that they want supported and the challenges CIOs face in tackling that. Where things get sticky for CIOs is making choices about which devices and operating systems to support. It comes down to governance and policy issues: What is the liability of the company on a device containing personal and corporate information? How much should a person be reimbursed for a particular device? Who gets to be in the program?

These nontechnical issues really frustrate CIOs because they have to go through Human Resources and Legal to solve them, and they're not making enough progress toward building a BYOD program they can deploy that is structured the right way. CIOs spend far too much time figuring out these programs -- at their peril.

Our data says that 95% of customer-facing mobile application development efforts have little to no IT organization involvement. IT certainly doesn't lead them. Every business unit has money it's going to spend on technology outside of IT, When a business unit wants to build a mobile app, it will go out to a digital agency like SapientNitro or Tribal DDB. CIOs are missing a huge opportunity. The mobile applications built outside of the company will eventually end up in the CIO's lap. The apps will either be incredibly successful and other parts of the company will want to add features to them or integrate them into back-end databases or back-end applications, or they're an abject failure and the CIO is going to be asked to fix the problem. CIOs have to get involved in these customer-facing mobile activities early on, not spend all their time worrying about what mobile devices they're going to support for employees. The real opportunity for innovation and to drive business value is on the customer-facing side.

Where you'll get the pushback from CIOs is on security or compliance. It's not that the security and compliance issues related to mobile devices aren't important; it's just not the CIO's responsibility to get bogged down in those things. Delegate! Get other people to solve the problems and make recommendations. CIOs aren't experts on security or compliance, or on which mobile device management solution is better than one over the other. They're not experts on the legal requirements of shared data on the same device, but those are the things that are slowing them down.

The enterprise needs a chief mobility officer for BYOD

"More interesting, I think, than whether the CIO should be involved in policy decisions is whether there should there be a chief mobility officer or if the CIO should be a chief mobility officer, given how important mobility is to enterprises." Philip Clarke, analyst, Nemertes Research Inc., Chicago

Philip ClarkePhilip Clarke

Fundamentally, all things that have to do with information within the enterprise fall under the purview of the CIO. Whether it's mobility, desktop, centralized infrastructure, cloud infrastructure, all of it has to do with information.

The difficulty of understanding all the impacts of mobility makes a strong case for a chief mobility officer, a new position. Whether he reports to the CIO or he's level with the CIO depends on how mobility-focused the company is. But I do think the CIO needs help, because mobility is such a difficult subject.

With the convergence of tablets and laptops, we're not really going to have laptops in about five years, maybe sooner. In my view, it'll be just tablets that are built around the Microsoft Surface idea of a single device. Because of this convergence of mobility and desktop, the CIO has to be involved, not only to be able to understand what's going on within their company, but also to make strategic decisions on everything from app development to endpoint management to what type of devices they want to have in the enterprise.

If hiring a chief mobility officer is not an option, mobility has to be under the purview of the CIO. If you give mobility to the top security person, security will be their focus, and securing devices is not even half the picture with mobility. Companies still focused on securing mobile devices -- and for many that is their focus -- are not going to get much success out of mobility. All they're doing is bringing their BYOD paradigm up to that previous paradigm of BlackBerry with BES [BlackBerry Enterprise Server].

Only going as far as securing BYOD devices is not doing everything that should be done with mobility. Companies need a strategic thinker who can start making bigger decisions: "We've got these devices secure, now what are we going to do with them? How do we justify these devices? What are their use cases? Where does it make sense to start replacing laptops or desktops with mobile devices?" Companies need somebody who is highly innovative, has a real good grasp of mobility and far-reaching views on mobility -- and has demonstrated that already.

CIO needs to delegate when it comes to BYOD

"I can't give a black-or-white answer about whether CIOs should be responsible for BYOD, because CIOs are responsible for protecting the information assets of the organization, and as such they have to write policies and be responsible for polices that cover that aspect of their job. From that perspective it makes sense." Ken Dulaney, analyst, Gartner Inc., Stamford, Conn.

Ken DulaneyKen Dulaney

BYOD policy is a huge concern. Among our clients, 60% to 70% either have a BYOD policy or are considering one. Most of the commotion is caused by tablets -- that's the thing pushing it over the edge because the tablet is an elective device. CIOs know people need notebooks and phones, but they don't feel they have money for elective devices. Most CIOs start out not wanting tablets but realize the technology is inexpensive enough and the software that comes with them is powerful enough to go right round IT. And most come to the realization that they're kidding themselves, so they want to develop best practices.

What we recommend is give employees support. The employee owns the device and assumes responsibility for anything that happens to it. What the organization puts out in terms of work-related content for employees using their own devices should be put out over a browser. This way content is not on the device and can't be compromised if the device is lost. Doing that can provide more freedom for the end users. If users then do whatever they want to do, they have to assume responsibility.

Most organizations have a code of conduct. Most have not yet been updated for the electronic age. The employee has to understand their responsibility for information assets that a company owns that happen to reside on an employee's device. BYOD as a concept touches on many aspects of the business and the preponderance of BYOD policies should be the responsibility of the CIO, but there are aspects of those policies that should probably be vetted out. We have a concept we call "mobile center of excellence." It's a temporary thing -- the company puts together different groups that are responsible for best practices for a number of things, and one of them would be mobile policies.

Mobile is something that affects all the practices of IT. It shouldn't be kept separate; it should make everything the enterprise does, done better. Devices being put into IT have a lot of things IT is not used to, whether it's developing apps for small screens, whether it's supporting BYOD for devices the company doesn't own or whether it's dealing with security threats. Mobility should raise the overall capability of IT and make its enterprise architecture more robust.

Let us know what you think about the story; email Karen Goulart, Features Writer.



Find more PRO+ content and other member only offers, here.

Essential Guide

Enterprise mobile management's evolution

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

How involved should the CIO be in BYOD policy?
Depending on size of enterprise: I’d pick run it for SMB, delegate for larger, but would not want to wash my hands of it (pass it off)
What could be more important to the CIO than the 'delivery' of information technology?
Surely Mobility, and therefore BYOD, should sit under the End-User Computing umbrella. Whoever owns end-user computing in an organization, be it fat client, thin client, VDI or hybrid environment, needs to accept these devices form part of the mix in how end-users are working accessing corporate data.
Agree especially with Philip Clarke’s point of view. The best practice is to form a committee that spans multiple departments – IT and the various business roles – to plan your firm’s mobility strategy. The CIO has to be responsible for that, but probably not personally attending each meeting. BYOD will probably be a part of your mobility strategy; if so, the committee will need to develop a BYOD policy. From there, you move into execution. You’ll need tools (like automated security controls) to monitor and enforce your BYOD strategy. IDC wrote a pretty good paper about security strategies
The CIO should be no more directly involved in BYOD than should the Head of Corporate Services be directly involved in BYOL (Bring Your Own Lunch).
Intresting topic that is front and center. Mobility has to be a key focus and the CIO should have accountability for the enablement. We do have codes of conduct but in the a single breach could crush an organization. Finding a ballance will be key.
CIO's need to delegate to a qualified person in their origanization. This will keep them in the loop for the decision making. I can tell you from experience that the "run the show" approach will bogg down the CIO in detailed work, debate and discussion which can be done by others.
For BYOD responsibility should be delegated to a person or group with business skills encompassing ITC HR and Legal
I believe in bring your own device but have rules so that everyone understands what the company will allow or not allow. However with BYOD comes the security and to protect these devices on the network comes at a cost, so the issue is who carries the cost.
CIO, HR, and Legal should create the BYOD policy
There are all kinds of devices used and delegation should be a better option for IT to manage.
In truth this is not "bigger that the CIO", but rather very much smaller.

I've never seen so much hype and hot air drummed up by IT commentators, pollsters, and soothsayers since <…> (insert what ever had last floated your boat here).

When will IT professionals learn that most fads have vested interest deep within the IT industry - and as both consumers and providers of IT it behoves us to understand that fad and fashion inevitably cost, not saves - and even if cost neutral it inevitably makes everyone’s life for complex and complication.

Please, enough about BYO. If people want to bring their own lunch to work, then fine, but don't eat it in the bosses time and don't expect the corporation to cook it for you ... or clean up after you.
If the CIO is responsible for Corporate's internal and external strategic relationship with IT, then if not forging the BYOD policy, what should they be concerned with instead? Any CIO who doesn't charge into the line of fire regarding this issue is either ignorant, lazy or a coward. It's not just a matter of mobility or security, it very much has to do with the company's vision of how it hosts its mission-critical applications and overall network infrastructure.