You can't solve BYOD because it's not a problem

Not a week goes by that I don't receive a press release or read a news article about some new product or other that "solves BYOD." Vendors and customers that look at BYOD as a problem to solve, and not an opportunity to take advantage of, are missing the point.

Not a week goes by that I don't receive a press release or read a news article about some new product or other that "solves BYOD." Vendors and customers that look at BYOD as a problem to solve, and not an opportunity to take advantage of, are missing the point.

The bring your own device (BYOD) trend is happening because workers want to be more flexible, efficient and, ultimately, productive. That is not a problem. The problem is that the tools you've given your employees all these years -- the three-year-old BlackBerry, the Web app that only works in Internet Explorer 6, the VPN that takes five minutes to sign on to -- no longer cut it. BYOD is users' response to the problem. What will your response be?

You can adopt a formal BYOD program, putting policies and products into place that strike the right balance between user freedom and corporate security. Just make sure you choose this route for the right reasons. (Hint: Don't do it expecting huge BYOD cost savings.)

If the idea of letting any old smartphone or tablet off the street onto your corporate network freaks you out, you can limit the personal devices you'll support, or you can buy specific devices for employees. This corporate-issued model is something a lot of organizations are familiar with thanks to BlackBerry, so it may be a better fit for some -- as long as you buy devices that employees will want to use, and you don't lock them down so much that you take away their consumer appeal. "WHAT? NO YOUTUBE?!?!?"

The enterprise mobility management approach you choose will depend on your organization's goals, security requirements and risk tolerance, as well as your users' needs. It really doesn't matter which technologies and policies you implement, as long as they enable employees to be more productive and give IT the level of security and control it needs (not wants; those are often two very different things).

BYOD is disruptive. It brings challenges. It takes control out of IT's hands. But these issues are simply the natural fallout from IT's inability to keep up with users' technology needs. That is the problem that needs to be solved.

Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

As a long time systems administrator, I cannot help but shaking my head to all the new buzz words created by the industry to make more money.

There is nothing wrong with keeping your own device at home, and let me provide the tools you need to get your job done.

I have no intention of keeping up with the users private needs. If you have tech needs not covered by your current equipment, let me know. I'll consider your needs and again provide the tools you need.

Keep yuor own device at home, and with it the malware and non standard software you enjoy that are of no use to do your job.


Gee. This comment box is small. No matter.

Great post Colin. I'm with you on this one. BYOD is opportunity, not a problem. I don't agree that BYOD is some marketing term jumped up by $$$ hungry software companies. It's a reality.

I don't think the future is in sysadmin being very 1990's and lording over users decreeing what devices they can and cannot use. It rather smacks of Henry Ford 'You can have any colour you like - so long as its a Blackberry"...

Is that consummer choice? Or do we intend to run IT like its behind the iron curtain. Where IT admins come across like Joseph Stalin deciding on every piddling thing the user can and cannot do?



"Gee. This comment box is small" < use Chrome and stretch it.

But I agree with the rest of your comment. This is indeed a great post by Colin.



Thanks, Mike and Dan!

@bjornan, you seem very accommodating of your users, which is great. Unfortunately, most IT people don't take the same approach, or if they do, they're very slow to respond to users' demands, and that's not good for business.

Also, as Mike said, BYOD is not a term created by vendors to make more money. Of course, vendors are trying to make the term their own and generate hype. But beyond all that, BYOD is a real phenomenon that IT can't afford to ignore.



I hate to criticise, but what an 'old fashioned' attitude !!

Good employers these days are realising that their employees can be much more happy and  productive if they have tools which allow them to combine their home and work lives and perform either set of duties interchangeably throughout the day.

I appreciate that not all work environments are conducive to this approach, but for many the ability to deal with a 'life' problem while at work, or a 'work' problem while at home are compelling and differentiating capabilities which make a job more attractive and less stressful.

I agree that these activities need to be policed, and that IT needs to bake in security around each set of activities but this is becoming essential.

I have worked several projects recently where employers are deploying technology which allows the work/life balance to be sliced and diced throughout the day, and for them, attracting good new talent is only possible because they differentiate themselves from other employers in this way.

Personally,  I was offered a job in my current company where I can use one set of devices for both home and work use, or at your company where the way I should run my life is mandated by your IT and security teams....I'm afraid you lose.

Only this week I have used my work devices to book services online for my personal life (car service and cinema tickets), but I have also used those same devices to respond to several critical emails at 2100 and 2300 hours, and have been happy to do so as my employer is flexible and realises the benefits of this work style.

Access to online content and capabilities is almost a human right these days and those who try to implement work environments where this is sanctioned and prevented will soon discover that they go the way of the dinosaurs.


In reply to bjornan:

The knife cuts both ways.  If you want your users to leave their personal devices aside during work hours, be prepared for them to set aside their corporate devices as soon as the workday ends.  That's not exactly leveraging the "mobility" feature of mobile devices.

Furthermore, unless you are deploying the best tech available in hardware & apps, your users will choose their own anyway.

I'm not saying it's impossible, in fact, I think it's a great scenario when a company is innovating and providing the best possible tools to their employees!  I just think it's rare.

Let's continue the dialogue!  Tweet at me @Bitzer_Walt


I do not consider the term BYOD to imply that you should be able to access your private online services while at work, I consider it to describe the case when you could use your own device to access work related resources. The fact that you bring your own phone, pad or whatever to work, is not relevant as long as i prevent you from accessing company resources. This is not BYOD. I could even go as far as providing wireless internet access for your private devices (which I do), it's still not BYOD.

BYOD is when I accept you to use your privately owned devices in order to get your job done, and this is where it gets complicated. I fail to see any use case where this would benefit either you or the employer.

The flexibility Colin talks about in this article (without being specific, none of you have), should be accomplished with the set of tools I provide to my you. And I can do so more easily and secure with the devices I can control, than I could with your device. There is no flexibility in giving you constrained access to my network, using VDI/TS or whatever to get the company resources to your device. The flexibility is achieved when I start giving you access to the online resources of your choice, from the same device I have provided for you to do your job.

My point is that if I cannot provide user freedom on company owned devices, I have either failed to do my job, or my corporate setting is such that I could probably not accept BYOD in the first place.

However, feel free to bring your own device to work, and enjoy the freedom it gives you. As long as you cannot access company resources, it is not BYOD. It's like having your private transistor radio in your office, it is fine with me.

Giving access to company resources from home has nothing to do with BYOD either. If you need to be able to access company resources from home, you will use the laptop I have provided for you. I could even consider giving you VPN access from your home computer, allowing ica connection to our TS. We have been doing this for ages, it's got nothing to do with BYOD.

Perhaps I am not all that much in disagreement with the rest of you. Perhaps I just have a different understanding of the term BYOD.



All good until the CFO walks into your office and tells you he wants to read emails on his new, personal iPad. Or the CEO tells you she wants to use her personal MBP for reporting expenses. Or it might even be you, on vacation, needing to access some internal system for an emergency patch from your personal iPhone.

Even if it is a corporate owned device, do you actively prevent users from accessing Gmail and Dropbox? If not, they can use the corporate devices you gave them, and the corporate data that's on it, as if it's their own devices.

All this has been discussed on at length and at great detail for the past couple of years. BYOD is fact - deal with it.



Although somewhat silly, this topic is still VERY important in .GOV environments where data leakage is all too rampant due to "any device, anywhere" and state-sponsored hacking.

Truly secure companies and those companies that have a "put the device away" policy are doing this for valid reasons (security, distracted driving / conducting, eavesdropping, etc.).

I see BYOD as a good thing to reduce complexity as long as the productivity result is greater than the risk.



@SillyRabbit - Just implement DLP.  Problem solved.  Bahahahahahahahahahha!


@SillyRabbit Or look at self-destructing data. :P


@Christoph - Thank you for posting that link. Have you used Vanish? Any feedback is appreciated. I read through the abstract (proposal whitepaper) and see some usefulness. However, for this type of solution to be truly useful, it must be ubiquitous and pervasive. PGP is used by certain agencies and authenticated sender technology is used by others.

When BYOD or MDM is brought up in discussions, I can almost guarantee most orgs aren't prepared for the complexity and cost of managing these scenarios.

Should the "charge" be lead by device manufacturers, mobile carriers, "the enterprise" or others? All comments are welcome.


@bjornan I think you are being pragmatic but are missing a key point. People want access to work stuff on their personal owned devices and tech needs to evolve to enable that. More of that will be enabled over time. In other words the perimeter of what you control to give the users access to work material is moving for many use cases. Good comments from you though.