Facing Security Concerns, Employees and IT Compromise with “CYOD”

Historically, BYOD (or "bring your own device") has been defined as a movement in which the IT department allows employees to access the network on their personally-owned devices. This "just say yes" approach to BYOD has presented IT and employees with many challenges, including issues of data security, collaboration, support, and usage policy. Facing frustration with BYOD, many CIOs are compromising - they know their employees want to work on the devices they use at home, but the devices must be approved and supported by the organization.

This new strategy is called CYOD (or "choose your own device") - employees are offered a choice between several business-approved devices. With CYOD, IT may have a better handle on data security and a more manageable usage policy, while employees are still able to comfortably and productively work on familiar tools. In this post, we're featuring the findings of an IDC Financial Insights study of tablet usage in the banking industry, focusing on one large bank as it attempts to strike a balance between corporate-owned and employee-owned devices, while emphasizing the importance of standardization.

As you read through this, keep in mind how the bank could streamline their issues of procurement cost and security concerns by providing employees a list of approved devices that meet the bank's needs.

- IT Peer Network Administrator

IDC Financial Insights conducted an in-depth interview with a large global bank with over $1 trillion in assets. Due to the sensitivity of the topic, the organization asked to not be named.

With the increasing adoption of smartphones and tablets, users are carrying a mix of corporate-issued and employee-purchased devices that need to be managed and secured, though not necessarily by corporate IT. Many banks and credit unions are trying to stay on top of this issue. The large global bank IDC spoke with is no exception. What is unique, however, is that the bank is looking at tablets as a way to tackle the consumerization head-on.

The bank is trying to minimize corporate-owned – and thus corporate-liable – devices as it focuses on reducing procurement costs as well as management costs. The first phase of tablet integration focuses on employee-owned devices, but the bank is also working on a plan for corporate-owned devices.

Enterprise Standardization

The organization will focus its integration efforts on tablets powered by Intel processors running Microsoft's Windows 8 Pro operating system.

The reasons stated for standardizing on these devices include:

  • Data creation: employees may need to create data, not just consume it. The bank felt that the majority of consumer-owned devices are not necessarily designed for data creation.
  • Corporate applications: There is a need to be able to run corporate applications, usually developed to run in the Windows environment.
  • Existing infrastructure: the organization can leverage existing infrastructure, including user authentication, printer setups, etc.
  • Compatibility: The tablets can join the bank's corporate domain and be managed by existing PC management tools.
  • Employee knowledge base: many employees are already comfortable on a Windows laptop/desktop environment; therefore, integration will not require significant investment in ramping up employees to comprehend new systems and processes.

Best Practices and Lessons Learned

When thinking about implementing a tablet strategy, institutions must look at all aspects. Most organizations are still in the midst of handling BYOD for the consumption of lighter functions but will look at corporate-owned devices for access to more robust applications and services. Separate policies will need to be developed for both; however, the ability to fully encrypt and lock down an employee-owned device should limit what activities are allowed.

The testing at this financial organization so far has been successful. Lessons learned include the following:

  • Corporate- and business-oriented applications will likely not be run on BYOD and will be rolled out only to corporate devices.
  • Tablets will likely replace notebooks that are being used for email/presentations/light applications. This will equate to a significant cost savings as organizations will be able to realign their corporate IT assets.
  • Tablets issued by corporate need to be locked down to prevent any unauthorized applications or software from being installed by employees.
  • Current customer feedback has been positive, in particular the ability to open multiple windows and multitask allowing for improved collaboration across the enterprise on various devices.
  • Normal maintenance windows (weekends and nights) do not necessarily apply because employees are more likely to be active even after the office has closed for business.

In the comments section, tell us how you see BYOD evolving in 2014 - do you think CYOD is a more realistic option?

Is business collaboration a top-of-mind issue for you? Check out Prowess's study on collaboration both inside and outside the firewall.

For more conversations about IT Center and BYOD, click on the hashtags below:

#ITCenter #BYOD

Portions of this blog originally appeared as a whitepaper from Prowess Consulting.