With practically all the people you know walking around with more computing power in their pockets than could have been mustered by an army of lab-coated technicians a few decades ago, it's not surprising that Bring Your Own Device (BYOD) is the now thing. What is surprising, though, is how some companies, software publishers, other vendors and corporate employees themselves seem to be treating the implications of this change.
Gartner, the IT research and advisory company, defines BYOD as "an alternative strategy allowing employees, business partners and other users to utilize a personally selected and purchased client device to execute enterprise applications and access data."
There are variations in which devices are personally selected but purchased by the company (for example, COPE: Corporate Owned, Personally Enabled), but most of the BYOD world is just what you think it is: people using their own smartphones, tablets, laptops—even game consoles, smart TVs or other smart devices with Internet access—to perform two functions that have been protected by high walls since the beginning of the Information Age: execute enterprise applications and access data. This article discusses some of the unintended (or unanticipated) consequences of companies adopting a BYOD strategy.
Executing enterprise apps:
There's an agreement for that
If flying cars ever take off, the existing rules of the road will probably have to be revised. George Jetson encountered (and obeyed) floating stoplights on his way to work, but real highways in the sky will probably lack that kind of similarity to their terrestrial models.
Like Jetson's commute, the high-flying world of BYOD is now operating mostly under terrestrial rules, and that can be a problem. Software licensing agreements drafted before BYOD contain definitions and terms that get stretched out of shape when draped across the new paradigm (What's a user? A device? Access?). If enterprise applications are licensed per device, as is often the case, what are the licensing implications when a user accesses enterprise applications on six different devices?
Some software publishers require different kinds of licenses for work performed on corporate premises and remotely. Some make a distinction between a "qualified device" and a "qualified third-party device." Some want to know if the device is accessing a virtual desktop infrastructure. Many users, purchasing agents and technology implementers may have trouble finding their way through this licensing jungle without a guide, but here even the guides can get lost.
As publishers struggle to find ways to get their fair revenue from the consumerization of IT, they will notice that BYOD almost inevitably results in certain situations that make a software audit a rewarding activity (for them, not their customers).
Software audits are increasing rapidly. Any questions about the adequacy of corporate licenses become a lot harder to answer when employees access corporate email or office productivity suite on tablets, smartphones, and laptops—the laptop on which employees often click acceptance to individual licenses for productivity tools for which the company already has agreements in place with potentially conflicting provisions.
Accessing data: File that
confidential memo next to the
vacation pictures
The tug-of-war between convenient data access and prudent security has been going on for a long time, even on standard company-owned devices. Adding BYOD to the convenient access side of the rope might send the prudent security team tumbling to defeat.
That smartphone in your pocket (or sitting on the counter at Starbucks tempting fleet-footed thieves while you fumble for your credit card) probably offers easy access to your work email and thousands of attached files on your Microsoft Exchange server. It and the other devices you use on your home network and elsewhere may store work files the same way they store personal pictures, home movies, and other files.
Subscribe to Law Technology News
