“Bring Your Own Device”: Are You Ready?

In the last three years, we have seen the rise of anew movement: BYOD, or bring your own device. This movement is gaining strengthmainly as a result of the rise in personal smartphone and tablet ownership. BYODwill affect adoption of mobile learning (mLearning), and mLearning managers need to stay abreast of developments, both in the movement and in their ownorganizations.

In this article, we outline the broad concerns that you, thedeveloper or manager of mLearning, should take into account in your planning.This is only an introduction; you will certainly see more articles on thesubject in Learning Solutions Magazinein coming months.

About BYOD and BYOT

BYOD is the trend of employees bringing theirpersonally owned smartphones and tablets to work with them, not only forpersonal use but also to access company e-mail, servers, and databases.

Employees have been bringing their own mobile devices towork for the last decade or longer. At first, these devices, mainly personal digital assistants (PDAs) and feature phones, were largely unable to accesscorporate information and networks. This changed with the introduction of“smart” devices—chiefly the iPhone, the iPad, Blackberry, and Android—several years ago, but many organizations are only beginning to react to thepotential security problems.

There is a related trend, known as BYOT (bring your own technology): employees bringing in and using their own Web browsers,productivity software, e-mail clients, media players, and other software inorder to do their work. BYOT also includes the use of personal online accounts—Dropbox being the most frequently cited in this connection, although not byany means the only service of concern—to store documents and other files foroff-site and after-work access.

BYOT and BYOD are the result of many factors, not the leastof which is the continuing breakdown of the separation between private life and“the job.” Organizations benefit from reduced costs, since the employee usuallypays for the devices and associated data plans, and may also pay for part orall of their maintenance and repair, the software, the online accounts, and soon. The organization may find that it needs to pay for fewer PC hardwareupgrades and it may benefit from apparently increased productivity,as employees can work anywhere, any time. Employees may benefit from flexibilityin working hours and location, the convenience of working on a device theyalready own and with apps they already know, or from rewards and recognitionfor the additional amount of work they perform.

Is a lot of BYOD going on?

How big is this trend? How big could it get? Look at thedata reported in the eLearning Guild Research Report, Mobile Learning: The Time is Now.

In the survey for this report, 98 percent of Guild members reportedowning at least one personal mobile device, and over 70 percent reported using theirpersonal devices to accomplish some of their work. Not only that, two-thirds ofthe respondents say they own two or more mobile devices. The research reportalso identifies the trends in adoption of each of the major mobile platformsand device types by mLearning developers. As you might expect, interest in andsales of smartphones and tablets, and the relative numbers of those using iOS,Android, Blackberry, and Windows shows up in the data.

It is true that Guild members may not be representative ofall employees in all organizations, but the numbers reported in other surveysare also significant. Mobile device ownership and use at work is clearlycrossing that famous “chasm” between the early adopters and the mainstream.

At the same time, the Guild’s report cautions, “Whilethe evidence is that they have thedevices, some do not, or more importantly willnot, use their personal devices for work. This has implications for policiesabout whether to provide devices or to use the devices employees already have.”With almost 30 percent of respondents indicating that they do not use their personaldevices for work, this is an important consideration.

The BYOD movement is already big enough to create problemsfor at least one device manufacturer.

Cisco announcedMay 24 that it will stop making the Cius tablet, which they positioned forenterprise purchase rather than by individuals. In the announcement, OJ Winge, senior vice president of TelePresence Technology Group, noted that a workplace “is no longer a physical place, but a blend of virtual andphysical environments; where employees are bringing their preferences to workand BYOD (‘bring your own device’ to work) isthe new norm; where collaboration has to happen beyond a walled garden;and any-to-any connectivity is a requirement, not a ‘nice to have.’” Instead,Cisco will focus on collaboration software that works across multiple operatingsystems. Analysts felt that Cisco had underestimated BYOD.

Other analysts feel that BYOD is also at least part of thereason for the failure of the Blackberry Playbook and the HP TouchPad.

Is BYOD all good news?

Although there are benefits from BYOD, there are also somesignificant issues, and these need consideration in planning to introducemLearning and to continue existing mLearning initiatives—because employeeswill want to use their own devices for mLearning and for performance support aswell.

ICT Issues

For organizations, there are three main sets of informationand communication technology (ICT) issues associated with mobile computing:security, costs, and support requirements. None of these, in and of themselves,has to do with learning, but they are related to the data, information,technology, and devices used to deliver mobile learning and performance support.

Security

At first, you might wonder why mLearning would be a securityconcern. It isn’t so much mLearning as it is that, first, security is always atthe top of the list of ICT issues. Second, when mLearning addressesenterprise-specific matters—such as how an organization does things, how acompany markets its products and services, specific technology employed—security is very much a concern.

Security of the physical devices is an important element. Ifa device is lost, stolen, or finds its way into the wrong hands, we must consider that anyproprietary data on the device is compromised.

Security of data during its transmission between the mobiledevice and the organization’s data center is another important element. Inaddition, the security of remote access to the organization’s information mustbe ensured.

There may be other security concerns, such as protectingclient, customer, or patient data, that could come into play when anorganization implements mobile performance support alongside or as part of itsmLearning initiative.

Costs

Mobile communication, unfortunately, is not free fororganizations or for the employees who want to use their own mobile devices todo their work. If there are data plans involved for the devices, someone has topay for the data plan—including additional charges incurred when there are largevolumes of data transfer, such as video and audio. Who pays, and how much? Ifthe company data is located behind a firewall, the secure system for accessingit from mobile devices will be paid for by the organization. If theorganization offers Wi-Fi inside its facilities to support mobile devices, itwill be necessary to add equipment that can handle all the employee devices(possibly large numbers of them) that will be in use.

Support requirements

The support component—the Help desk, for example—isanother expense and another resource requirement. 70% of a typicalinformation technology (IT) group’s budget goes to support existing infrastructure. There’s not much leftover for dealing with employee-owned devices and software. Troubleshooting getscomplicated when the help desk staff is not familiar with the employee’sdevice. It would be possible to leave employees on their own when they needsupport (except for e-mail), but this risks lower employee satisfaction andlessened productivity when they can’t figure out how to connect their personaldevice to the company network.

Dealing with the issues

So far, only a small number of organizations have put BYODpolicies in place to help manage the ICT issues, the intellectual propertyconcerns, and other security issues associated with mobile devices and apps.

As an example of how these policies play out, IBMdrew some attention with theirs on May 25 this year. Following a review of itsBYOD policy, it banned employee use of Siri at work—and disabled Siri oniPhones owned by employees who had access to corporate information via theirdevices. In addition, the company “discouraged” the use of Dropbox and Apple’siCloud at work, in favor of its own services.

While BYOD policies will vary according to the nature oforganizations and their business, there are some typical elements that you cananticipate. Not all of these will be acceptable to all employees, and thiscould affect usage of mLearning, especially if your initiative planning anticipatessubstantial use of personal devices. Here are four of these that may beparticularly sensitive:

• The employee must provide access to personallyowned devices if they become part of a workplace investigation, or they becomesubject to a legal hold in a civil litigation case.
• The employee may not conduct corporate business using personal accounts, including prohibition of sending e-mails from acorporate address to the employee’s private e-mail account.
• Any device assigned to an employee will belocked down, including remote wipe. 
• Non-compliance will result in blocked access toActiveSync from the device.

Key elements in most BYOD strategies include the use ofdevice management and security controls to enforce the policy. This meansinstalling device management clients on smartphones and tablets. It also meansinstalling VPN clients. Employee devices can be configured by theorganization over-the-air (OTA), and they can be erased remotely if they arelost or stolen. All devices will be monitored for compliance in real time, todetect out-of-date device operating systems and unapproved apps, and to providejailbroken and rooted detection.

There will be approved apps, and apps that are discouragedor forbidden. It may be that full wireless network access will be limited tocompany-owned smartphones, while others may be restricted to a quarantined network—a separate network that has limited access.

Expect that there will be clearly spelled out terms and conditions and acceptable use policy (AUP). There will need for explicitagreement with the user regarding OTA enrollment, acceptance of AUPs andliability, and provisioning. Not all mobile platforms and models will besupported. The terms and conditions will also need to spell out who pays forrepairs, replacement, and data plan charges.

To keep BYOD from becoming BYOT, there will likely becertain other requirements in the policy in addition to those outlined above;be sure that your mLearning design stays within these guidelines:

• Never store confidential corporate data on anunencrypted device.
• Never share or store files via third-partycloud-based solutions.
• Provide secure communication to the device.

Looking ahead

As mentioned earlier in this article, future articles inLearning Solutions Magazine will address additional details and developments inBYOD policy and in the movement itself.

Because many employees are unaware of the security dangerspresented by mobile apps and devices, you can expect to see more organizationsimplementing BYOD policies in the coming months. If your organization has a BYOD policy now,you will want to work with your IT group to ensure that what you want toimplement in mLearning is compatible with that policy. If there’s not a policyyet, you will want to make sure that IT understands the need for the learningorganization to be a stakeholder in its development.