- Where Insurance & Technology Meet

Several Dimensions of Theory Vs. Reality For BYOD

It seems like a straightforward question:  Should employees be allowed or encouraged to use their own electronic devices at and for work?  Informal conversations with our peers suggest it is not so easy to come up with a simple answer and, as a result, there doesn’t seem to be a consensus among Canadian insurers and brokers on a direction, much less policies.  Our question:  Will reality provide the answer faster than we can decide on the theory?  And what is that reality anyway?

It Seemed Like a Good Idea ….

It’s easy to find reasons why BYOD (bring your own device) should be allowed and possibly encouraged for smart phones, tablets, laptops, etc.:

  • Improving productivity – Employees will work better with devices they are already using.  Plus, consumer devices tend to lead with new functionality (see our blog post on  Consumerization).
  • Young employee demand – Millennials will be turned off by employers who are not providing their preferred devices.
  • Employees will find a way to use the devices anyway – With common standards for the web,  it is relatively easy to access common applications from different devices.

Then Corporate Reality Hit ….

IT has some legitimate concerns.  Security is paramount.  Cited  in a recent,  Larry Collins, vice president of e-solutions and risk engineering at Zurich NA, noted that each of these devices is a small computer and is a target for hackers, putting corporate data at risk.

In addition, portable devices are easily lost or stolen.  A May 2012 Wall Street Journal report notes that “Airlines say they are warehousing hundreds of iPads and other tablet computers and e-readers left behind by travelers. Carriers try to reunite the devices with their owners but are often thwarted by the lack of ID tags, password protection and Apple Inc.’s reluctance to track down owners based on serial numbers.”

But security is only the start.  Some consultants are suggesting that the whole construct of BYOD is questionable.  Insurance&Technology recently published an article based on a discussion with Jason Malo, research director at CEB’s TowerGroup.  Malo summarizes his overall view of BYOD as:  “Everybody’s saying ‘How do I do it?’ I say, ‘Don’t.'”

Malo feels that the productivity argument is spurious.  Increases in productivity are a result of mobility itself.  “it’s not about whether it’s their device or not,” he says.   In regards to cost savings, Malo cites Aberdeen Group research which indicates personal devices are actually more expensive than corporate issue.  He notes that virtual maintenance, management, and security drive the increased costs.

Malo dismisses the demands by Millennials by noting that in the current economic environment, younger workers have less leverage in negotiating terms of employment.

But Reality Can Be, Well, Relative …

So is that the end?  We don’t think so, and Malo himself provides some of the back up.  When dismissing the demand by Millennial employees, he adds that, “According to the CEB Global Employee Data Survey, senior-level employees are nearly twice as likely to be early adopters of ‘consumer’ devices as Gen Y employees.”

Seems to us that it would be more difficult to dismiss this group’s requests than a few twenty-somethings.

Moreover, Malo acknowledges that non-corporate devices are already penetrating enterprises and getting around security measures.  Malo’s response is Interesting.  “All security provisions have their weaknesses, so that can never a reason not to implement it,” Malo advises. “Weakening your security outlook is not going to help.”

Malo seems to be counseling IT to continue to escalate the security war against its own employees, including senior executives.  We suggest the kids at home not try this without supervision.

What do you think?

There are lots of issues with BYOD, some technical, many managerial (such as the discussion about unpaid overtime for ‘connected’ workers).  Our question is this:  Will the Reality of BYOD upset the Theory of  perfect IT security?  Or can the Reality of the Big Corporation crush the Theory of BYOD?

What are you doing and what is your organization doing?  And what will the Reality be a year from now? Leave a comment below.



Jason Malo

Nice post. It’s a really fascinating topic.

One clarification I’d offer is that the heart of the issue is enablement. If senior managers (or any employees for that matter) have viable use cases for “consumer” devices in the enterprise, why not procure them for them? In some cases you could actually give them a tablet in lieu of a laptop.

This discussion should not about denying access to transformative devices with scary stories of security gone wrong. It should be about enabling them in a way that aligns to need first, with security being a major requirement. If the only way to get tablets and smartphones into the hands of employees was through BYOD I’d be more supportive of the “theory”. But, there’s a difference telling a senior executive “No” and “Here’s a shiny new tablet for you.”

And before you say “cost”, consider how much it costs to create corporate apps that function across many different permutations of device + OS, as well as account for all the possible security profiles. One or two standard platforms will cost less to enable, manage, audit and secure than the myriad device types that will walk in through the front door. IBM learned first hand and provided caution regarding the hiddent costs that many don’t consider.

One silver lining to all this is whether you choose a BYOD path or corporate-issued, many of the enablement requirements are similar. Either way, companies need to think well beyond just getting devices in peoples’ hands and hooking them up to a service provider.

Blair Currie

It truly is an interesting topic.

While “BYOD” currently refers to Bring your own device, we at IMS ( are also starting to look at it from the perspective of “Bring your own data”.

When it comes to telematics there is a debate over who owns the data generated by telematics devices. If one delves deeply into the issues of privacy a logical conclusion is that the driver actually owns the data and that he/she may assign or allow others to use the data for the purposes of assessing risk, pooling liabilities and possible marketing purposes.

Insofar as it can be argued that the driver owns the data then there will surely come a day when he or she can shop this data to a number of insurance companies in search of better rates. This is where we see the transition from “Bring your own device” to capture data to “Bring your own data” to various insurance agencies.

It is here where insurance brokers can re-enter the value chain by working with telematics service providers and/or drivers to help find insurance companies.

At present there are some barriers to BYOD (data) including widely recognized standards for data. But these standards are currently being addressed. So that both BYOD (device) and BYOD (data) will be both realities for the insurance companies – along with the privacy and security issues they may bring.

Comments are closed.