In a recent SearchCIO.com CIO Opinionator, we started with a somewhat controversial premise: Is the CIO wasting precious time managing BYOD policies? SearchCIO.com features writer Karen Goulart
The CIO should be no more directly involved in BYOD than should the Head of Corporate Services be directly involved in BYOL (Bring Your Own Lunch).
While these numbers confirm that bring your own device (BYOD) policies are important in enterprise organizations, Simon Yates, an analyst at Forrester Research Inc., suggested the time CIOs devote to BYOD policies would be better spent focusing on developing mobile innovations. Philip Clarke, an analyst at Nemertes Research Inc., said that organization should hire a chief mobility officer to manage these matters. Ken Dulaney, an analyst at Gartner Inc., conceded that there's no black-or-white answer when it comes to the CIO's role in mobility.
To expand on the debate, we asked our readers, "How involved should the CIO be in BYOD policy?" We posited that CIOs could run the show, delegate responsibility or pass responsibility to a new position. The conversation stirred a robust date in our comments section, suggesting that managing BYOD policies while still leaving time for mobile innovations is a complicated matter for many CIOs:
- "CIOs need to delegate to a qualified person in their organization. This will keep them in the
loop for the decision making. I can tell you from experience that the 'run the
show' approach will bog down the CIO in detailed work, debate and discussion which can be done
- "Interesting topic that is front and center. Mobility has
to be a key focus, and the CIO should have accountability for the enablement. We do have codes of
conduct but a single breach could crush an organization. Finding a balance will be key."
- "The CIO should be no more directly involved in BYOD than should the Head of Corporate Services
be directly involved in BYOL (Bring Your Own Lunch)."
- "I believe in bring your own device but have rules so that everyone understands what the
company will allow or not allow. However, with
BYOD comes the security, and to protect these devices on the network comes at a cost, so the
issue is who carries the cost."
- "Agree especially with Philip Clarke's point of view. The best practice is to form a committee
that spans multiple departments -- IT and the various business roles -- to plan your firm's mobility
strategy. The CIO has to be responsible for that, but probably not personally attending each
meeting. BYOD will probably be a part of your mobility strategy; if so, the committee will need to
a BYOD policy. From there, you move into execution. You'll need tools (like automated security
controls) to monitor and enforce your BYOD strategy."
- "Surely mobility, and therefore BYOD, should sit under the end user computing umbrella. Whoever
owns end user computing in an organization, be it fat client, thin client, VDI
or hybrid environment, needs to accept [that] these devices form part of the mix in how end users
are working accessing corporate data."
- "BYOD is a major, complex strategic issue. As such, CIOs should be involved in setting BYOD
policy. There is probably some room for delegating some aspects of that, but the CIO needs to be
- "Depending on size of enterprise: I'd pick 'run' it for SMB, 'delegate' for larger, but
would not want to wash my hands of it ('pass it off')."
- "What could be more important to the CIO than the 'delivery' of information technology?"
- "For BYOD, responsibility should be delegated to a person or group with business skills
encompassing IT, HR and Legal."
- "... Mind you, someone still needs to be responsible for cleaning up the mess!!"
More on mobile innovations and BYOD
Will mobile device virtualization solve BYOD issues?
How data protection strategy is evolving in an era of cloud and BYOD
Four trends, including BYOD and cloud, that are reshaping corporate IT
Most commenters seem to agree that the CIO needs to be involved in BYOD policy making. But while CIOs shouldn't be removed from the process, there needs to be some delegation of responsibility -- BYOD is complicated, policy making is time-consuming and the CIO's ultimate value is in driving the organization forward through developing mobile innovations.
Who handles BYOD policies at your IT organization? Are they the CIO's responsibility, or do IT leaders focus more on mobile innovations instead? Do you strongly agree -- or disagree -- with any of the respondents above? Share your BYOD policy strategy in the comments section below.
This was first published in November 2012