BYOD Policies vs. the Realities of Corporate IT

The BYOD, or bring your own device, concept is gaining a lot of ground lately--and rightly so, as many of us dream of using our favorite technologies to get work done. Instead, it's becoming clear that there's a huge gap between user expectation and the realities of corporate IT.

Personally, I've found company-provided IT equipment to be substandard and of limited use. In the worst example, about a year ago I was given a 6-year-old laptop with Windows XP, a Celeron CPU and just 1 Gbyte of memory. I could run Outlook or Microsoft Word, but not both. I gave the computer back and refused to use it. More recently, it was a brand-new Lenovo T420. I was hopeful. In practice, however, the Symantec bloatware (Antivirus, pcAnywhere, Altiris) caused the machine to reboot about once per day. This led to consistent loss of data and work, as well as frustration. I now do most of my work with a personal laptop.

These are just specific examples. I also waste a lot of time working around the limitations of full disk encryption, use of corporately mandated software, virus/malware engines, remote control, VPN clients and the bloated MS Office software that isn't optimal for everyday use. As a network engineer, I need a lot of non-standard software--PuTTy, Java clients--to function every day. It usually takes days for approvals and authorizations to happen before I can get the software installed by the corporate desktop team.

As a freelancer, I can and do make extensive use of online services such as Dropbox, GoToMeeting, Skype and Google Apps. I also use online services for automatic laptop backup. My address book is synchronized to my phone and computer, and backed up via Apple's iCloud.

These services set my expectation for BYOD and the service level I want to achieve if my devices are inside the corporate network. In fact, they set the expectation for what corporate IT should provide for all its users.

There are very few companies that will let me use these services because they simply don't conform to corporate policies for issues such as security, data retention and control. My data is distributed; they want data centralized. My information is mine; they want control of everything, since they can't differentiate between personal and company information. I want ease of use and freedom of expression; corporate IT wants ownership, restricted access with data controls and, finally, remote wipe capabilities.

In the current method, BYOD doesn't work for me. I will never connect my devices to the corporate networks, for fear of theft of my personal data or that the company would wipe my personal data from all of my devices, including my phone, laptop and tablet. The company will also likely prevent me from using my most productive apps. And I'm going to loathe it for that.

I want to use tools that make me productive, not tools that suit corporations' need for cost control, asset management or data loss prevention. And that's the BYOD problem. The reality is that people want better tools and would prefer to use devices that deliver that. In fact, they're demanding it.

The tension between consumer usage and corporate purpose is a massive gulf of expectation deficit. Consumer technology such as Apple's iPhone and Google Android can be truly useful, and a delight to use.

The corporate IT of today is simply not able to deliver the promise already offered by consumer technology. The IT department will hold back productivity and prevent effective use of tools because of good corporate policies--policies that are based on sound, old-fashioned reasons rooted in law and good corporate governance.

And users are going to hate us for it.