Deloitte_bring_your_own_device_092112.pdf
-
Upload
luzuko-terence-nelani -
Category
Documents
-
view
214 -
download
0
Transcript of Deloitte_bring_your_own_device_092112.pdf
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
1/16
Bring your own deviceUnlock value or yourorganization
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
2/16
2 Bring your own device
To BYOD or not to BYOD? 1
The BYOD management challenge 2
Find nirvana 4
BYOD, your way 11
Embrace to succeed, reject to fail 12
Content
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
3/16
Bring your own device 1
To BYOD or not to BYOD?
Theres an accelerating trend in the workplace raising new
challenges for todays CIO: the bring your own device
(BYOD) revolution. Already, two-thirds of the Canadian
workforce use personal devices for worka number
expected to reach three-quarters by 20151. According to
IDC, 40% of devices used to access business applications
are consumer-owned, up from 30% just a year ago2.
As employees increasingly use unmanaged and unsecured
devices to transfer data into and out of the corporateinfrastructure, organizations face a variety of challenges,
from compliance issues to data leaksand those challenges
will only intensify as the number of mobile devices and
operating systems proliferate. 71% of businesses believe
mobile device use has already caused an increase in
security incidents, with many citing concerns about the
diminishing privacy of corporate email, customer data,
network login credentials and other sensitive information3.
And these statistics tell only part of the story, as IT groups
typically underestimate the proportion of employees using
their personal devices for work purposes by as much as
50%4. As the BYOD trend gains momentum, it is clear that
IT organizations caught unprepared will face mounting
network management and security issues.
On the flip side, BYOD presents many opportunities for
those prepared to face the challenge. According to 62%
of CEOs, BYOD enhances creativity and boosts employee
productivity5 and 54% of the workforce agrees6. While
productivity can be difficult to measure, BYOD gives
employees anytime, anywhere access to corporate data,
enabling them to work while on the go.
BYOD also improves hiring and retention and boosts
employee morale. According to 63% of CEOs, permittingemployee-owned devices at work positively influences
employees view of the company7.
The benefits dont stop there. By investing in the
tools, solutions and practices required to support
BYOD, organizations can mature their technology and
infrastructure capabilities to deliver IT services more
efficiently and effectively. This positions them to:
Improve end-user services, such as self-support models,
on-time and on-demand technical support, etc.
Adopt device-agnostic security policies and practices,including easier-to-manage centralized security
capabilities
Build agile IT processes that are more responsive to
changing business needs (e.g. ability to add new users
more efficiently following a merger or acquisition)
Develop an end-user productivity platform that enables
true mobility and anytime, anywhere access
Spurred on by the consumerization of IT, BYOD is here
to stay, particularly as employees continue to favour the
flexibility and usability of their own devices. As a result,
companies can no longer afford to ask whether or not
they should BYOD. Instead, they must determine how to
enable BYOD in a way that mitigates its risks and creates
value for the entire enterprise.
Consumerization of IT refers to the rising influence
consumer-focused technology experiences have on
technology expectations at work9.
BYOD is a widely-used phrase that refers to
employees using their own computing devices
such as smartphones, tablets and laptops for
work purposes.
When Eaton Corp., a 100-year-old hydraulics maker,
introduced BYOD to the sales orce, their sales cycle
ell rom days and weeks to hours and minutes8.
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
4/16
2 Bring your own device
Although BYOD is the new face of mobile consumerization,
numerous challenges follow in its wake, ranging from
human resource (HR) and legal issues to compliance and
security risks. Given the lack of BYOD standardization,
organizations can expect to face challenges in four main
areas:
Governance
With BYOD raising significant data, privacy and securityconcerns, organizations must put the right policies and
processes into place to protect themselves and their
employees from potential legal and liability risks. When
creating BYOD governance processes, an organization
needs to:
Develop well-defined policies for BYOD, something that
todays early adopters are moving forward without
Create consumerization policies that maintain a balance
between user flexibility and security
Consistently control and enforce policies, which is
complicated by the current lack of standardized tools
(e.g. mobile device management) and an environment oflow vendor maturity
Take legal issues into account in their implementation, as
they strongly influence policy making for BYOD
Consider the impact of BYOD on existing policies, such
as control rights for lost or stolen devices, appropriate
usage, and support Service Level Agreements, to avoid
potential contradictions and confusion
Organizational
In addition to representing an economic and technological
shift, BYOD is also driving a change in corporate culture
and employees are leading the charge. To address these
workforce realities, organizations must do more than listen
to what employees want. They must also determine the
repercussions that may arise if employees do not embrace
their new BYOD strategy. As a result of these organizational
implications, companies will need to:
Balance employee needs for flexibility and accessibility
with the enterprises needs for security
Address the impact of BYOD on the organizations
culture, including HR and overtime policies,
managements requirements for working onsite and
employee expectations regarding uniform access and
privileges. For instance, will all your employees be able to
select the platform of their choice? Or will this differ by
class of employee?
Put incentives in place to encourage employees to adopt
BYOD
Mobilize and sustain the BYOD program through
appropriate training and communication
FinancialAlthough some organizations approach BYOD as a cost
saving opportunity, the numbers dont add up. Hardware
device costs, which are often seen as the major savings
opportunity, only account for 20% of the total cost of
device ownership10 and these savings are more than offset
by the costs associated with:
Improving the organizations information security posture
Training staff to support multi-device platforms
Changing expense policies as costs traditionally allocated
to the capital budget now need to be accounted for
differently on financial statements. Stipends, for example,cannot be capitalized
Increasing data costs (e.g. broadband / 3G / wireless
costs) associated with the growth of unmonitored data
usage
Engaging in lengthy projects to effect policy and
procedural changes
Changing platforms to virtualize applications, open
corporate networks and implement new
management tools
The BYOD managementchallenge
Organizations struggle to balance
fexibility and security.
Misconceptions around cost savings
can lead organizations to ools gold.
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
5/16
Bring your own device 3
Technology
Todays $500 handheld device packs more computing
power than a $10,000 server did a decade ago. Whats
more, the ubiquitous availability of free or cheap
applications creates unprecedented threats to information
security. Organizations taking a casual approach to these
trends are bound to suffer, as even the most novice
employee can wreak havoc for IT. As a result, BYOD is
compelling corporate IT units to manage this complexity
and risk while still enabling the business to exploit its
benefits. This puts corporate IT teams under pressure to:
Manage multiple end-user device platforms and
integrate with the IT infrastructure
Provision, activate and support a multi-device
environment
Secure data networks by investing in the right tools,
including the re-engineering of existing network
architecture if required
Strategically invest in applications and infrastructure,
such as virtualization networks and cloud applications,
which complement business goals and enhance the
capability to support BYOD
Determine how to enable access to corporate resources,
such as corporate/enterprise applications and data,
through virtualization, mobile apps, etc.
Define enterprise mobility programs that cover not just
the technology issues but also the business issues to help
secure continued investment for BYOD programs
Costs Savings
Hardware Stipends for devices, warranty
costs, etc.
Hardware device purchase
Software Operating system, antivirus
licensing costs
Pre-defined allowances / stipends
for wireless / data usage
Infrastructure and application
upgrade
Security tools, mobile device
management, upgrade to cloud-
based / browser-based / platform-
independent apps
Reduction in device support costs
through leveraging more self-
support compared to traditional
agent-assisted service desk support
IT support Changes to processes to support
multiple devices and platforms,
support staff training
Decreasing hardware refresh
program costs as more and more
employees adopt BYOD
Miscellaneous Broadband / 3G / wireless costs,
changes to enterprise expense
management processes, potential
tax liabilities, loss of volume
discounts on devices, software
licenses and wireless / data usage
DataDevice
management
SupportApplicationsPersonal
device
Virtualization
Security
Versioning
(OS & apps)
Network(public
/private)
Manage the personal device
Common BYOD costs and savings
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
6/16
4 Bring your own device
As organizations ride the BYOD tsunami and launch
initiatives to tame it, structured approaches are few
and far between. As a result, most responses to this
unsettling trend have been reactionary. This needs to
stop. If organizations hope to reach both their short- and
long-term objectives, it is time to adopt a multi-tiered
approach that addresses key BYOD challenges.
Step 1: Define BYOD objectives
Before embarking on a BYOD journey, organizations must
begin by answering one fundamental question: why are
they implementing BYOD? Frequently, organizations try to
accomplish too much with their BYOD initiatives and findthemselves pursuing three often-conflicting goals: cost
reduction, risk mitigation and productivity enablement.
While all three objectives are valid, successfully
implementing a BYOD program requires a tradeoff. For
instance, it is not possible to simultaneously install detailed
security precautions and provide users with extensive
flexibility and options. Doing this will only heighten risk
due to looser security controls. Similarly, a strict security
stance will likely interfere with an organizations ability to
realize productivity gains. Organizations that attempt to
meet all three goals will invariably set themselves up for
downstream challenges, as the lack of clear and consistent
objectives impede their efforts to appropriately define and
implement new policies.
To determine BYOD objectives, organizations need to
begin by soliciting input about business strategies, goals
and planning. For instance, a business strategy focused
on increasing the size of your mobile workforce wouldbe a key BYOD driver and one that may influence an
organization to place a higher priority on productivity
enablement when determining tradeoff decisions.
Find nirvana
Defineobjectives
Evaluate risks
Define policy
Operationalize and implement
Key BYOD considerations
Define BYOD objectives
Align BYOD objectives with your overall strategy
Decide on a position: cost reduction vs. increaseproductivity vs. risk mitigation
Evaluate risks
Identify internal and external risks that will impathe success of your BYOD program
What is the degree of current personal devicepenetration within your organization? Whatregulatory risks exist?
What are the implications to your organization?
Define policy
Effective BYOD programs require enterprisewidecollaboration (ie. finance, HR and legal)
Key policy considerations include:eligibility,support, reimbursement, policyviolations, etc
Operationalize and implement
Identify and evaluate vendor solutions based onalignment with your objectives and policies
Streamlined device certification is key to providetimely access
Elements to effective management
Define BYOD objectives
Why are you doing BYOD? E.g. to reduce costs,mobilize workforce, reduce risks
BYOD programs should be rooted in specificbusiness objectives, aligned with overallenterprise strategy
Evaluate risks
What key business and technology risks mustbe accounted for?
Critical enterprise risks should be consideredwhen defining your BYOD program
Define policy
Define BYOD program elements that addressrisks and exploit benefits
Ensure collaboration between technology,business, finance, HR and legal
Operationalize and implement
Evaluate and implement supporting solutionsaround security, data loss, device management,etc. as per your defined policies
Approach to BYOD management
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
7/16
Bring your own device 5
Cost reduction
Productivityenablement
Riskmitigation
Consideration Description
People Employee interest in BYOD What percentage of employees are interested in adopting BYOD?
What percentage of employees are using personal devices for work
purposes today?
Employee expectations What are your employees expectations around BYOD? (e.g.,selection of specific devices/platforms, level of reimbursement, etc.)
Current entitlements Who is currently entitled to corporate-owned devices today? Why?
Are there opportunities to scale back corporate-owned devices?
What are the costs (hardware, software, service, etc.)?
Process Device management What processes are in place for managing devices? (e.g., backup/
recovery, app management, software management)
How are lost/stolen devices managed today? (e.g., remote lock,
remote wipe, etc.)
Technology Security What are the current security policies and practices in place today?
(e.g., any local data must be centrally managed, encrypted and
backed up)
To what extent will existing security practices constrain BYODopportunities?
Tools What tools/solutions are used today for device management?
What are the costs? (hardware, software, service, support)?
Defining your BYOD objectives requires you to make tradeoffdecisions between inherently conflicting goals cost reduction,productivity enablement and risk mitigation
BYOD programs that are founded on all three goals are not setupfor success, as down stream activities regarding policy definition,governance and process enhancements will be impeded by thelack of a clearly defined decision criteria
Make tradeoff decisions
Current state considerations
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
8/16
6 Bring your own device
Risk type Risk Description
Internal Employees can be dissatisfied by the
limited selection of supported devices.
Employees favor flexibility and minimal restrictions on device
use.Organizations may be exposed
to liability concerns arising from
device usage or implications posed
by reimbursements you provide to
employees.
Where and when devices are used could shift liability
ownership to your organization. For example, employees
working onsite, who lose their phone or have them damaged,
may be entitled to full device replacement paid for by the
employer.
Supporting too many devices and
inefficient support processes can result
in incremental costs.
Devices are consumer-focused, have limited out of the box
security, and come in a variety of different platforms and
makes, which inhibits ITs ability to manage and control
devices.
Undisciplined use of devices by
employees can expose your organization
to additional security threats.
The consumerization of devices and resulting advancement of
applications, app stores, data portability (e.g., on the cloud),
etc. promote user behavior that can be incongruent with
whats ultimately best for your organization.
External Competitors may possess productivity
advantages if your BYOD program is not
appropriately defined and executed.
A BYOD program that contains high degree of control on
device usage, platforms, and applications can impede potential
productivity gains and ultimately result in competitive risks to
your business.
Your organization may be exposed to
regulatory risks that result from data
breaches, information loss, etc.
Poor management of end point data and sensitive information
can lead to regulatory exposures that could be debilitating to
your business.
Mishandling of personal information
can quickly become public knowledge
and severely tarnish your brand and
reputation.
Privacy issues are top of mind in todays business world, as
organizations are increasingly accumulating and exploiting
personal information. Compromising an employees personal
information can lead to severe consequences for your
organization.
BYOD policies may infringe on employee
rights, such as requirements for
overtime pay.
Employees that are participating in BYOD, and are contacted
outside of normal working hour for work purposes, may be
entitled to overtime pay.
Increasing level of device diversity and
complexity may stress your abilities to
manage these devices.
Proliferation of multiple devices and platforms (as the result
of consumerization) minimizes the feasibility of a simple and
single solution to device management. Your organization,
facing significant hurdles in effectively managing devices, may
incur unforeseen costs and be exposed to security concerns.
These decisions will similarly be influenced by the
current state of people, processes and technology. An
organization needs to define its business and technology
objectives, work to uncover information about the level of
interest in BYOD among its employees, the current level
of entitlements for corporate-provisioned devices and
evaluate existing security policies and practices.
Common BYOD implementation risks
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
9/16
Bring your own device 7
Step 2: Evaluate risks
BYOD programs bring a new focus to many risks that an
organization already faces, such as those associated with
the potential loss of sensitive data residing on unmanaged
devices. However, BYOD also comes with new risks,
including the potential for employee dissatisfaction, liability
concerns, competitive pressures and privacy issues. By
evaluating your organizations risks in advance, you can
both identify areas of concern and define appropriate
mitigation strategies.
Make it count
Effective risk evaluation requires participation from both
business and technology stakeholders. Risks should be
assessed for probability and impact, with corresponding
response strategies developed in line with business
and technology interests. The defined BYOD objectives
combined with current state analysis are key inputs when
an organization is engaging in risk evaluation discussions.
Control risks, reap rewards
By defining response strategies early in the BYOD journey,
risk evaluation leads to a no surprises experience.
When combined with defined objectives, risk evaluation
also helps set parameters for future BYOD discussions.
For example, effective governance requires robust policy
making, aligned with enterprise-wide interests. Risk
evaluation ensures those interests are defined in advance
with appropriate business and technology input, which can
strengthen both policy making and enforcement activities.
By evaluating your organizations risks in
advance, you can both identiy areas o concern
and dene appropriate mitigation strategies.
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
10/16
8 Bring your own device
Element Key considerations
Activation What is the process for enabling a new employee with a device?
Device management How will devices be remotely managed? What level of centralized control will exist? What level
of management will be done at the end-point (e.g., containerization)? How will devices be
locked, wiped and restored?
Lost/stolen device What happens when a device is lost, stolen or damaged? What process should the employee
follow for reporting the event, and obtaining support? Will the device be remotely wiped?
Support What kind of support, and how much support, can a user expect from your organization?
Acceptable use What kinds of devices, platforms, applications, services and accessories are allowed under the
BYOD program?
Reimbursement Who pays for the initial device? What level of stipend is available? Is it consistent across all
eligible users? Is it available recurrently (e.g., stipend refreshes every 2 years)? What will be
reimbursed (hardware, service, etc.)?
Privacy How will employee privacy be protected? Will your support group have access to personal
information?Policy violations How will policy violators be dealt with? Will BYOD policies contradict or conflict with other
policies (e.g., HR policies for employee responsibilities, overtime, etc.)?
Eligibility Who is eligible for the BYOD program? What roles, levels, etc. are eligible and in what way
(e.g., tiered eligibility)?
Step 3: Define policy
Once objectives are clearly understood and risks are
measured, an organization can begin to define the
policies that will govern a BYOD program. Common policy
elements include device management, such as remote
management, lock/wipe and restore; reimbursement, such
as responsibility for hardware costs and stipend levels; and
policy violations.
Collaboration is key
Given the number of levels it touches, effective policy
formulation requires collaboration organization wide,
including; business, technology, HR, finance and legal
functions. This is especially important as an organization
begins to assess the implications of its policy decisions
on its risk profile. This may lead to potentially revisiting
previously-defined risk response strategies. Coordination
between various technology groups is also critical, as a
lack of collaboration between security, operations and
application management teams can result in confusing
and inconsistent policies and practicesleading to
user frustration and unacceptable user behaviour. A
comprehensive policy discussion requires a collection of
unique perspectives that can only come from across an
organization.
Typical BYOD policy decisions
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
11/16
Bring your own device 9
Reinforce over time
As most corporate managers know, enacting a new policy
is rarely sufficient to gain buy-in. Policies also need to be
enforced by adopting formal governance mechanisms
across the enterprise. To facilitate this level of governance,
it is important to continuously report on the level of
employee participation in any BYOD program, by tracking
data such as device usage, application usage, incidents,
etc.
BYOD programdiscussion
Discussion areas Business HR Legal IT IT ops Appdev
Security
Activation Risk Device segmentation Authentication requirements
Device management Contractors and partners Limited system access (e.g. web portals) Code of conduct agreements
All devices Min/max device levels (hardware, firmware
and operating system) PIN length, retry and timeout App encryption and cleanup
Lost/stolen device High-risk usage scenarios Email/data loss prevention Limit system access (via VPN) Wipe/rebuild after exposure to high risk
geographies
Support Support/help desk Limited supported devices/models Lock, wipe and restoration Exceptions (e.g. for executives)
Acceptable use
ReimbursementAdministrative Expense rules and controls for company-paid
access plans
Privacy
Personal devices
Filter sensitive data Employee acceptance of lock/wipe decisions Use of encrypted containers
Policy violations Compliance Policy monitoring Consequences of intentional violation
EligibilityLiability Employee signs code of conduct External media access and encryption
Sample policy responsibilities11
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
12/16
10 Bring your own device
Step 4: Operationalize and implement
Once an organization begins to implement its new policies
by developing core processes and capabilities, the BYOD
program starts to come to life. Beyond leveraging existing
IT processes, like service activation and provisioning,
this step also generally involves the introduction of new
technology capabilities, such as device backup and
recovery, remote lock and wipe, and app support and
management. Whether there are existing processes in
place or new ones are required, an IT organization will be
front and centre in translating BYOD decisions into defined
programs. To succeed at this task, the IT organization must
keep several things in mind.
One size does not fit all
While mobile technologies are still reaching maturity,
there are a variety of solutions available to address the
growing needs of todays businesses. This includes highly-
customized solutions that address specific business needs,
as well as enterprise-wide product suites that provide
end-to-end mobile device management. To navigate the
array of choices and select the appropriate solutions, IT
organizations should turn to their BYOD objectives, risk
mitigation strategies and policy definitions for guidance.
Open up the network
Network access controls (NAC) have become a popular
and effective way to manage the risk of employee-owned
devices. NAC allows organizations to control whichdevices can access each level of the organizations internal
network. For example, with NAC, enterprises can enable
employees to connect their devices to the network with
only basic user authentication protocols, while requiring
more extensive authentication procedures for users who try
to perform configurations or health checks, for instance.
Other NAC features include encrypted email sessions,
mobile VPN and encrypted traffic for specific apps.
Control the data, not the device
In managing employee devices, most companies pay
particular attention to information stored locally on the
device12 . To control this data, companies use device- and
file-level encryption as well as containerizationa process
that isolates personal data on a device and prevents it from
contaminating corporate applications and data. Using
technologies such as VPN and virtual desktop environments
on mobile platforms, containerization products can be
cost effective to implement and operate. They also allow
organizations to focus only on supporting the containers,
rather than the entire personal device. This can significantly
reduce support costs, while limiting an organizations level
of liability.
Consider mobile device management
Of course, mobile device management (MDM) solutions
extend beyond containerization by enabling organizations
to control all personal devices across the enterprise. These
solutions allow administrators to remotely locate and wipe
devices, install anti-virus and anti-malware software and
enforce corporate policies relating to passwords and other
security measures. Essentially, MDM lets organizations
control these employee-owned devices in the same way
they control legacy systems, such as PCs and laptops.
Base technology decisions on your
objectives, risk response strategies
and policies.
Containerization allows
organizations to limit their
responsibilitiesand exposureor
controlling personal devices.
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
13/16
Bring your own device 11
BYOD, your way
By leveraging a process that fosters collaboration,
proactive decision making and effective risk evaluation,
you can begin to build a BYOD program in a structured
and measured way. Approached effectively, an
organization will:
Align with business strategies
By engaging business stakeholders and reviewing
business goals and strategies, an organization can build
a BYOD program that aligns with its overall strategic
direction. This allows an organization to define a BYOD
program that promotes corporate objectiveswhether
this includes developing a more mobile workforce or
extending an existing enterprise mobility strategy.
Balance enterprise needs
By engaging business and technology stakeholders to
help define BYOD objectives, and ensuring participation
from key functional groups (e.g., HR, legal, finance)
during policy development, an enterprise is better
positioned to openly discuss and address its needs. This
enables the creation of a BYOD program that addresses
compliance requirements, is consistent with HR policies
and reflects financial considerations.
Realize goal-driven results
By rooting the development of a BYOD program in
well-defined goals, an organization can build a solid
foundation to pursue BYOD. This allows it to leverage
relevant data and insights, such as industry peer
comparisons, leading practices and trends, to evaluate
the opportunities and threats posed by BYOD and make
appropriate decisions for the BYOD strategy.
Proactively manage relevant risks
Through an emphasis on risk evaluation and involvement
of key stakeholders from across the enterprise, risk
decisions are made at the right time, and by the right
people, as part of the journey towards building a BYOD
program. The result is a no surprises experience
and a BYOD program that reflects pre-defined risk
mitigation decisions determined by key members of an
organization.
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
14/16
12 Bring your own device
Embrace to succeed,reject to ail
Current BYOD management practices are fraught with a
variety of different challenges and pitfalls. Organizations
are revisiting IT policy decisions made several years ago, in
the midst of an ever-changing landscape of devices and
platforms. Traditional mindsets (e.g. this is a technology
problem) and a tendency to fall back to age-old processes
have led organizations to policies that poorly serve the
enterprise and expose the organization to increased
security threats and risks. Misconceptions regarding
potential cost savings and employee adoption hinderexecutive leadership from steering the organization down
the right path. The lack of standardized and commonly-
accepted BYOD solutions only magnifies these challenges,
often requiring organizations to react to pressures imposed
by BYOD with little structure and forward thinking. Building
an effective BYOD strategy and management capability has
become a critical exercise.
Before any organization can succeed at this, it is important
to clarify misconceptions and understand key business
drivers. Although BYOD has yet to deliver significant cost
savings, it does contribute to improved productivity and
employee morale. More significantly, its true value may lie
in the future, as organizations adopt new BYOD policies,
technologies and processes that help them mature their
infrastructures and extend their capabilities.
There are several steps involved in building an effective
BYOD program. Technology must work hand-in-hand with
its business counterparts; relevant functional groups must
be engaged throughout the process; and efforts must be
rooted in the answer to a basic yet fundamental question:
why are you doing BYOD?
The result is a BYOD program that is aligned with corebusiness strategies, balances the needs of your enterprise,
and is rooted in its core objectives and reflects risk
mitigation decisions proactively made with appropriate
representation from relevant stakeholders.
BYOD is inevitable. Your employees are driving the
trend. Your peers are managing its opportunities
and threats. The choice to address BYOD is not a
matter of if, but when.
An approach that starts with defining your BYOD
objectives and assessing your risks can help you
navigate the multitude of BYOD management
pitfalls.
To get started, engage your business and
technology stakeholders to understand your
rationale for BYOD. Unlocking these objectives will
set you on the right path.
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
15/16
Bring your own device 13
Endnotes
1 Rockel, Nick. (February 2012). Bring your own device to work is more than a trend. Globe and Mail.
2 Bradford Networks. (2011). Bring Your Own Device (BYOD) Unleashed in the Age of IT Consumerization. Retrieved from http://resources.
idgenterprise.com/original/AST-0055442_BradfordWP0103_2_.pdf
3 Lessard, Tyler. (April 2012). BYOD: Powerful Enabler or Impending Catastrophe? Retrieved from http://www.itbusinessedge.com/cm/community/
features/guestopinions/blog/byod-powerful-enabler-or-impending-catastrophe/?cs=50155
4 Bradford Networks. (2011). Bring Your Own Device (BYOD) Unleashed in the Age of IT Consumerization. Retrieved from http://resources.
idgenterprise.com/original/AST-0055442_BradfordWP0103_2_.pdf
5 Trend Micro. (February 2012). Trend Micro Releases New Consumerization and BYOD Research: IT Executives and CEO Survey Final Report.
Barcelona: Mobile World Congress 2012.
6 Marsh, Chris. (September 2010). Latest Enterprise Mobility Survey: Sometimes Less Control Means More Productivity. Yankee Group Research Inc.
7 Trend Micro. (February 2012). Trend Micro Releases New Consumerization and BYOD Research: IT Executives and CEO Survey Final Report.
Barcelona: Mobile World Congress 2012.
8 Kaneshige, Tom. (April 23 2012). Are BYOD Workers More Productive?. CIO Magazine.
9 Foley, Mary Jo. (January 2010). The consumerization of ITand of Microsoft. Retrieved from http://www.zdnet.com/blog/microsoft/
the-consumerization-of-it-and-of-microsoft/5019
10 Wallin, Leif-Olof. (October 2011). Gartners View on Bring Your Own in Client Computing. Gartner
11 Girard, John. (October 2011). Seven Steps to Planning and Developing a Superior Mobile Device Policy. Gartner
12 Maiwald, E. (2012), Gartner: Mobility and Security. Gartner
Contacts
Arish Kathawala
416-601-6506
Ashwin Kumar
416-643-8292
David Noseworthy
416-874-3288
Erick Vandeweghe
416-775-7405
Fawad Baig
416-867-8146
Ian Y. Cheng
416-775-4756
Jaspal Dhillon
416-775-7187
Urooj Khan
416-775-8606
-
7/27/2019 Deloitte_bring_your_own_device_092112.pdf
16/16
www.deloitte.ca
Deloitte, one of Canadas leading professional services firms, provides audit, tax, consulting, and financial
advisory services through more than 8,000 people in 56 offices. Deloitte operates in Qubec as Samson Blair/
Deloitte & Touche s.e.n.c.r.l. Deloitte & Touche LLP, an Ontario Limited L iability Partnership, is the Canadian
member firm of Deloitte Touche Tohmatsu Limited.
Deloitte refers to one or more of Deloitte Touche Tohmatsu Limited, a UK private company limited by
guarantee, and its network of member firms, each of which is a legally separate and independent entity.
Please see www.deloitte.com/about for a detailed description of the legal structure of Deloitte Touche
Tohmatsu Limited and its member firms.
Deloitte & Touche LLP and affiliated entities. 12-2814