How to Successfully Establish BYOD and CYOD Policies | Lucidchart Blog
Skip to main content

For a lot of industries, employees can’t perform their essential job functions without the right technology. And traditionally, it has been the responsibility of the company and its IT department to order and provide devices that help employees get the job done.

Starting in 2009, however, that responsibility became more complicated when Intel recognized that its employees would bring their own devices to use at work. Over time, many companies have decided to lean into this trend and officially institute a BYOD (bring your own device) policy, as opposed to supplying employees with devices of the company’s choice. According to a 2018 survey conducted by Lucidchart, 19% of IT professionals reported that their organizations currently use a BYOD policy and 29% use a CYOD (choose your own device) policy.

Even though these policies put the responsibility on each individual employee to select (and often pay for) their devices, they also present a lot of challenges to IT departments.

Luckily, there are multiple solutions to the potential challenges of implementing BYOD and CYOD policies—so companies can reap the benefits with less hassle.

Advantages of BYOD and CYOD policies

In the 2016 BYOD and Mobile Security Report, more than 800 cybersecurity professionals selected the main drivers and benefits of BYOD for their companies:

  • Improved employee mobility (61%)
  • Greater employee satisfaction (56%)
  • Increased employee productivity (55%)
  • Reduced cost (47%)
  • Reduced security risk (21%)

Take a closer look at how device policies can impact your organization in each of these areas.

Improved employee mobility

Just as buzzy as the terms BYOD and CYOD is the term “employee mobility.”

In the modern workplace, employees don’t always work from the same location day in and day out. As companies go global, they might require an employee to travel frequently or take an assignment outside of their own country. And remote workers are on the rise—Lucidchart’s 2019 IT report shows that, two years ago, remote workers made up, on average, 36% of an organization’s workforce. That number has jumped to 45% and is expected to reach 54% in the next two years.

BYOD and CYOD policies allow employees to be more flexible, giving them the hardware they need—plus access to email, calendars, files, and essential applications—to perform their jobs from any location.

Greater employee satisfaction and productivity

This one is pretty simple. Employees are happier when they can use the devices that they are most comfortable with—and they work faster.

Toward the start of the BYOD trend, a 2013 Cisco study showed that, on average, 49% of employees felt that they get more work done on their own laptops, smartphones, and tablets. A Frost & Sullivan study from 2016 quantified that increase in productivity—mobile devices reportedly saved users 58 minutes each day, plus 42% of users said they innovated faster.

Cisco also reported that 46% of employees also wanted to use their own devices in order to combine their work and personal lives, suggesting that device policies can give employees a better work-life balance.

Slight cost savings

BYOD policies can look enticing to companies—because this option eliminates the cost of purchasing hardware for each and every employee, it has the potential to save businesses hundreds of thousands of dollars. Back in 2013, Cisco reported that BYOD policies saved companies an estimated $3,150 per employee per year. Cue the dollar signs in executives’ eyes.

But, as you’ll see from the challenges listed below, the situation is a lot more nuanced than that. Yes, businesses can save costs in hardware and training by requiring employees to bring in their own devices. However, though you’ll spend less on devices, you’ll likely spend more on support to accommodate multiple devices, foster collaboration, and minimize security risks.

On top of the increased support, many companies have decided to give employees a stipend to purchase the devices they need for work. According to a 2018 Oxford Economics survey, 89% of organizations provide a full or partial stipend to compensate for mobile phone expenses.

IBM recommends that businesses should not base the decision to implement BYOD on cost savings because the savings will be minimal. However, though device policies may not reduce costs as intended, they do not seem to dramatically increase costs either, and since many employees use personal devices of their own volition, it makes sense to centralize and formalize your policy.

Reduced security risk

Another reason to meet employee demand for BYOD or CYOD? Employees are already using their personal devices at work, whether leadership approves or not. Research from Clutch shows that only 40% of employees using personal devices are regulated while they use those devices.

In a 2016 report from Syntonic, which specifically looked at the use and adoption of personal smartphones for work-related purposes, the top reason that C-level executives wanted to establish a BYOD program (with 44% of respondents) was to “protect secure information and reduce future risk.” By implementing a device policy, organizations can make a move to understand how employees use their devices and increase security.

Challenges with BYOD and CYOD policies

As with so many trends in technology, not everyone has immediately jumped on the BYOD/CYOD bandwagon, even with all of the advantages that companies stand to gain.

Lucidchart’s 2019 IT report sheds some light on why companies might still insist on choosing and providing hardware for their employees. As part of the survey, professionals reported that some of the biggest challenges related to device policies include:

  • Resolving compatibility issues to allow for effective workplace collaboration
  • Staying on top of different software updates
  • Training staff on multiple systems
  • Maintaining top-notch security

Even if changing workplace conditions make these policies a necessity, IT professionals are right to have concerns—businesses can’t start allowing employees to bring or choose their own devices without considering these factors and making organizational changes to support the policy.

So let’s break down each of these factors and see how businesses could overcome them.

Challenge #1: Compatibility issues

If you give employees the option to choose the devices they use, you’ll end up with different operating systems throughout the company—in the IT survey, organizations that had implemented BYOD and CYOD policies have, on average, 42% Windows users, 33% Mac users, and 25% Linux users.

With various operating systems in play, companies might run into an issue of commonly used software not being compatible across devices, creating versioning issues and making it more difficult for employees to collaborate.

The solution

First, businesses can curtail many of the challenges listed in this article by establishing a CYOD policy over a BYOD policy. If IT departments ask employees to select their devices from a pre-approved list, IT will know which operating systems they need to accommodate when they choose software.

Companies can implement workarounds for employees who need to use software that isn’t offered on the right operating system—but it will cost them. For example, many users install virtualization programs to use Windows programs while they’re running their Mac OS, and leading software, such as Parallels Desktop and VMWare Fusion, starts at $79.99 per year. After that, the user would still need to pay for and install the other operating system, such as Windows 10 Pro, which costs $199.99 per user.

Cloud-based software can more easily solve the compatibility issue. With applications such as G Suite, Microsoft Office 365, Salesforce, Box, Slack, Confluence, Jira, and Lucidchart, employees can access the information they need from a centralized location from any operating system. And because employees are working off one single source of truth, rather than sending different versions back and forth, they know that they have the most up-to-date information and can collaborate more easily.

Challenge #2: Increased IT support

Some concerns that the Lucidchart IT survey uncovered—such as staying on top of different software updates and training staff on multiple systems—boil down to one challenge: organizations will need more IT support in order to handle multiple operating systems and devices.

Supporting this claim, when the 2014 HDI Support Center Practices & Salary Survey reported a 57% increase in trouble tickets, 26% of IT professionals attributed the increase to “use of personal equipment/devices” and another 23% to “supporting mobile devices.”

The solution

Companies who are concerned about their IT departments supporting too many devices should consider these solutions:

  • Switch to a CYOD policy that limits employees to a few approved devices.
  • Establish policies around the types of situations that IT will handle (e.g., employees need to call their providers about billing, but IT can help employees connect to the company network).
  • Look for devices and software that provide extensive support materials or even personalized training for the company.

However, in some cases, an increased number of support tickets may not be a concern (the time IT will spend setting up adequate security is a different story). Let’s take a look at IBM, a company that should know a thing or two about technology.

At the 2015 Jamf Nation User Conference, Fletcher Previn, now the CIO at IBM, explained how, earlier that year, the company offered employees the choice to switch from a PC to a Mac when it was time to upgrade their hardware. 73% of employees took the Mac.

With this change, IBM experienced up to $535 savings per Mac, largely due to the fact that Macs require less IT support. Because Apple produces higher-quality OS software, the IT department didn’t need to go from employee to employee performing updates as often. IBM also noted that only 5% of employees required Help Desk assistance as opposed to 40% of PC users. After Previn revealed IBM’s Mac choice program, many large enterprises, including SAP, Capital One, and Walmart, followed suit.

The takeaway? By letting employees use the devices they are most familiar with, organizations can encourage self-sufficiency and reduce support costs.

Challenge #3: Security and privacy

Although a desire to reduce security risks is a top driver for moving to BYOD and CYOD to begin with, such device policies present security risks of their own. In the 2016 BYOD and Mobile Security Report, security concerns (39%) and employee privacy concerns (12%) inhibit BYOD adoption the most.

Due to the loss of control and visibility into personal devices, companies may become more susceptible to security threats, such as:

  • Data leakage or loss
  • Unauthorized access to company data and systems
  • Increased exposure to malware
  • Users’ ability to download unsafe applications or content
  • Theft or loss of devices
  • Threats to compliance requirements
  • Employees leaving the company with insider knowledge

Not only do employees put sensitive company data at risk when they use their personal devices, but they also unwittingly expose their personal data because they don’t fully understand privacy risks. Security Magazine reports that 77% of employees say they haven’t been trained about the risks of using their devices at work.

The solution

Again, many companies have opted for a CYOD policy to give the organization more control over devices. Albert Lewis, CISSP, principal examiner for the Federal Housing Finance Agency, told Security Magazine, “When you buy devices in bulk, that’s a huge savings, plus you get to deploy and manage the devices the way you want to. That central management becomes a big part of the CYOD approach.”

IT organizations implementing both BYOD and CYOD programs, however, should develop policies and processes with security controls before implementing. The 2016 BYOD and Mobile Security Report cites top risk control measures that respondents have in place for mobile devices, many of which apply to other types of company-purchased hardware:

  • Password protection (63%)
  • Remote wipe for unexpected employee departure, lost/stolen devices, or hacked devices (49%)
  • Device encryption (43%)
  • Data removal or device disposal for employees leaving the company (38%)

Additional policies might involve:

  • Blocking IPs outside the company (IT may need to set up VPNs for remote workers at an additional cost)
  • Requiring two-factor authentication
  • Using cloud-based software with document control and data encryption
  • Using identity management software, such as Okta or OneLogin, to set up single sign-on and allow admins to easily provision/de-provision employees with software
  • Establishing clear exit processes, such as wiping or repossessing devices

Companies should absolutely implement the best security practices for a BYOD or CYOD environment, but they should also plan for the associated costs. In Security Magazine, Kristi Horton, senior cybersecurity risk analyst at Gate 15, stated about BYOD policies, “When you’re considering the cost, consider how much it’s going to cost you to implement the security controls necessary to comply with best practices for security.”

Conclusion

Although BYOD and CYOD policies present several challenges, there are enough benefits, including increased mobility and productivity, to make these device policies worth your consideration. But perhaps the most compelling reason to implement these policies is that your employees are likely to use their chosen devices either way.

The workplace will continue to change, especially as new technologies emerge. By embracing these changes rather than working around them, companies can decrease costs and security risks—and pick up some fringe benefits along the way.

To learn more about challenges that IT organizations face due to an evolving workplace, download the 2019 IT Report from Lucidchart.

Download the Lucidchart IT report