In a recent SearchCIO.com CIO Opinionator, we started with a somewhat controversial premise: Is the CIO wasting precious time managing BYOD policies? SearchCIO.com features writer Karen Goulart told readers that 41% of U.S. information workers and IT leaders used at least three electronic devices for work in 2012, according to Forrester Research Inc. These devices allow IT workers to conduct business from multiple locations at all times of the day, but are not always company-issued.
The CIO should be no more directly involved in BYOD than should the Head of Corporate Services be directly involved in BYOL (Bring Your Own Lunch).
While these numbers confirm that bring your own device (BYOD) policies are important in enterprise organizations, Simon Yates, an analyst at Forrester Research Inc., suggested the time CIOs devote to BYOD policies would be better spent focusing on developing mobile innovations. Philip Clarke, an analyst at Nemertes Research Inc., said that organization should hire a chief mobility officer to manage these matters. Ken Dulaney, an analyst at Gartner Inc., conceded that there's no black-or-white answer when it comes to the CIO's role in mobility.
To expand on the debate, we asked our readers, "How involved should the CIO be in BYOD policy?" We posited that CIOs could run the show, delegate responsibility or pass responsibility to a new position. The conversation stirred a robust date in our comments section, suggesting that managing BYOD policies while still leaving time for mobile innovations is a complicated matter for many CIOs:
- "CIOs need to delegate to a qualified person in their organization. This will keep them in the loop for the decision making. I can tell you from experience that the 'run the show' approach will bog down the CIO in detailed work, debate and discussion which can be done by others."
- "Interesting topic that is front and center. Mobility has to be a key focus, and the CIO should have accountability for the enablement. We do have codes of conduct but a single breach could crush an organization. Finding a balance will be key."
- "The CIO should be no more directly involved in BYOD than should the Head of Corporate Services be directly involved in BYOL (Bring Your Own Lunch)."
- "I believe in bring your own device but have rules so that everyone understands what the company will allow or not allow. However, with BYOD comes the security, and to protect these devices on the network comes at a cost, so the issue is who carries the cost."
- "Agree especially with Philip Clarke's point of view. The best practice is to form a committee that spans multiple departments -- IT and the various business roles -- to plan your firm's mobility strategy. The CIO has to be responsible for that, but probably not personally attending each meeting. BYOD will probably be a part of your mobility strategy; if so, the committee will need to develop a BYOD policy. From there, you move into execution. You'll need tools (like automated security controls) to monitor and enforce your BYOD strategy."
- "Surely mobility, and therefore BYOD, should sit under the end user computing umbrella. Whoever owns end user computing in an organization, be it fat client, thin client, VDI or hybrid environment, needs to accept [that] these devices form part of the mix in how end users are working accessing corporate data."
- "BYOD is a major, complex strategic issue. As such, CIOs should be involved in setting BYOD policy. There is probably some room for delegating some aspects of that, but the CIO needs to be closely involved."
- "Depending on size of enterprise: I'd pick 'run' it for SMB, 'delegate' for larger, but would not want to wash my hands of it ('pass it off')."
- "What could be more important to the CIO than the 'delivery' of information technology?"
- "For BYOD, responsibility should be delegated to a person or group with business skills encompassing IT, HR and Legal."
- "... Mind you, someone still needs to be responsible for cleaning up the mess!!"
More on mobile innovations and BYOD
Will mobile device virtualization solve BYOD issues?
How data protection strategy is evolving in an era of cloud and BYOD
Four trends, including BYOD and cloud, that are reshaping corporate IT
Most commenters seem to agree that the CIO needs to be involved in BYOD policy making. But while CIOs shouldn't be removed from the process, there needs to be some delegation of responsibility -- BYOD is complicated, policy making is time-consuming and the CIO's ultimate value is in driving the organization forward through developing mobile innovations.
Who handles BYOD policies at your IT organization? Are they the CIO's responsibility, or do IT leaders focus more on mobile innovations instead? Do you strongly agree -- or disagree -- with any of the respondents above? Share your BYOD policy strategy in the comments section below.