Is Bring Your Own Device (BYOD) Going Away?

The Bring Your Own Device (BYOD) phenomena has gone on for a number of years now, but no one really knows for certain how it impacts organizations today. If you read surveys, you might get the idea that BYOD is either exploding or fading. The surveys that readers of Security for Web Developers, HTML5 Programming with JavaScript for Dummies, and CSS3 for Dummies are most likely to read say that BYOD is fading. The problem with those surveys is that they’re taken by IT professionals in large organizations that have an official policy of not allowing the device. Disallowing BYOD doesn’t mean that users actually follow the policy.

In reading other articles, you might be the idea that BYOD is actually exploding. The problem with these articles is that they’re based on supposition, not fact. There is no data to back up the claim that BYOD is becoming more prevalent in the workplace. Therein lies the problem. The only official surveys talk to IT personnel on the record and not to users off the record. No one would admit to using a disallowed device—potentially throwing their job away over the purity of information.

Human nature being what it is, my feeling is that people are probably employing BYOD when they feel they can get away with it. After all, why use multiple devices to perform work when a single device does it all? Users don’t care about hardware, software, data, or anything else for that matter. They care about getting their work done, getting off on time, and getting paid—end of question. Consequently, it makes sense that if users feel that it’s possible to get by using a single device to do everything, they’ll do so. However, I have absolutely no data to back this feeling up and you have to accept my claim for what it is—a feeling.

Something that I’ve been emphasizing in my books is this idea of risk. In order to create applications that work well, yet protect organizational assets, it’s important to assess the risk of every policy and every action. Being overly cautious means that applications will work slowly, lack features, and possibly crash a lot. Users don’t like cautious applications and won’t use them if at all possible. Opening the flood gates is a bad idea too. Yes, the application will run quickly and allow a user to do just about anything, but the user won’t thank you for having to stay extra hours at work to fix problems created by an application that loses data or causes other problems because it doesn’t provide an acceptable level of risk avoidance.

No matter what survey you look at, BYOD is still a presence in the workplace, so you need to write applications in such a manner that they deal with the risks presented by BYOD in a reasonable manner. What this means is checking every bit of data you receive from anywhere for potential risks, but not unnecessarily hobbling the user with policies that really won’t mitigate any risk. Let me know your thoughts on the effects of BYOD in your organization and the actual level of BYOD use at