Tech & Sourcing @ Morgan Lewis


Based on the explosive growth of smartphones over the last three years, Bring Your Own Device (BYOD) policies have been widely adopted for corporate email and other work-related tasks. Industry analysts, however, are starting to indicate that BYOD is failing to deliver on many of its promises, that its implementation is riddled with potential pitfalls, and that many companies fail to implement standard security policies essential to using BYOD.

For example, as CIO magazine notes, experience has shown the following:

  • Limited cost savings. Hidden costs associated with BYOD can erode cost savings. Employees quickly rack up personal costs on their devices, expense report growth is burdensome, and regulatory compliance can be costly.
  • Employee resistance. Many employees would rather carry two phones than provide their employers with access to and control over their private data. Employees are also wary of being subject to strict BYOD policies.
  • Productivity issues. Although some companies have enjoyed productivity gains from BYOD, blurring the lines between work and personal life can hinder employees’ resistance to distractions.

BYOD initiatives may be failing for many reasons, including the following:

  • Inadequate security. Companies should require and monitor appropriate encryption, passcodes, and updates. A recent survey showed that almost 40% of corporate users did not have any password or other security measures in place to prevent unauthorized access to their mobile devices.
  • Inadequate control. Companies should limit acceptable devices to those that have been adequately tested for use with their networks. In addition, companies should integrate devices with a container approach so that administrators can prevent disclosures of sensitive information.
  • Inadequate compliance. Employees should be required to understand and comply with applicable BYOD policies. For example, employees must notify their employers of lost devices as soon as possible to mitigate potential consequences. Unfortunately, policy compliance may be lacking: employees commonly store work-related data on their personal devices and access unsecured or unknown Wi-Fi networks.

Expectations are still high for BYOD, but recent reality checks should encourage more considered implementation.