There is no doubt that the mobile revolution has taken hold, and nearly all companies must support a growing diversity of smart-device use in mobile finance. The phenomenon of “bring your own device,” or BYOD, is driven by a seemingly insatiable demand from employees for the most appealing devices making their way to market and from managers who want real-time mobile access to financial planning and accounting systems. My firm’s estimate is that 55% to 65% of companies allow some form of BYOD, and that number will continue to grow.
But the variety and pace of change of mobile devices is presenting major challenges, particularly in highly regulated industries where financial transactions and personally identifiable information are commonplace. These challenges must be addressed if an organization is to safely deploy mobile finance software without running afoul of government regulations such as the Sarbanes-Oxley Act and Payment Card Industry (PCI) rules, risking the consequences of legal actions by irate customers or losing highprofile customers when something goes wrong.
To navigate the BYOD environment effectively, organizations should look at these five critical business challenges:
1. Device and platform diversity
Given the increasing array of popular devices with different operating systems and capabilities, it is unlikely that companies will be able to dictate use of a single device as they did in the past. Not all devices are equal when it comes to security—Android is less secure than iOS, which is less secure than BlackBerry—so companies must supplement devices with security capabilities they may not have. This requires adding third-party enhancements as part of a mobile device management (MDM) strategy. It may also include limiting the number of devices to a few select models from which users may connect to the corporate infrastructure.
2. App development and delivery
It is imperative that companies allow only apps that are known to be secure to interact with back-end corporate systems. This means approving, selecting or building enterprise apps. It could also include preventing users from downloading business-related software from mass-market app stores or having the company deploy a private app store offering only preapproved apps. Although cloud-based apps seem like a good way to avoid the issue, they do not adequately resolve data leakage problems, nor do they allow users the ability to work when outside of wireless coverage areas. Most enterprise apps are still on-device rather than cloud-based, although my firm expects cloud-based app adoption to grow slowly.
3. Security and compliance
Companies must create and enforce a security policy to comply with regulations and market expectations. This means all data must be secured when connected to the organizational infrastructure and, while at rest, on the device. It further requires that enhanced levels of authentication, virtual private networks and encryption be enabled (or added to the device using third-party software). Finally, it requires a mechanism that prevents “diverting” data from corporate apps to personal ones such as Web email and storage services. The cost of “leaked” data records is high; Ponemon Institute estimates that it costs $258 a record. That means losing a device that holds 10,000 records would cost $2.58 million.
4. Lifecycle management and governance
It is important to recognize that BYOD does not nullify the organization’s responsibility for management and governance. Companies must set policies for users and enforce them using automated methods such as MDM. Organizations must manage the entire lifecycles of mobile devices including retirement and migration to new devices. (The average mobile device has a less-than-18- month life expectancy.) Furthermore, many organizations mistakenly believe support is not an issue with BYOD because users take care of their own needs. Instead, my firm finds the cost burden for BYOD support can increase over standard one-platform environments by 15% to 25% or more.
5. TCO and ROI
Most companies I talk to do a poor job of measuring total cost of ownership (TCO) and return on investment (ROI) for mobile devices. Indeed, my experience has shown that when companies implement a BYOD policy, they often have no idea of the cost involved on a per-user or per-device basis, let alone the differences between device types and user classes. Companies often focus on the false economy of saving on the acquisition costs of devices in BYOD, when those costs are generally only 15% to 25% of a device’s TCO. In fact, the burden placed on IT and support operations is often significantly higher with BYOD. And although users claim they are more productive when using their favorite mobile devices, which they acquired and brought to work, this may not always be the case. Organizations should measure and evaluate the TCO and ROI of mobile device use to minimize costs and maximize productivity.
I see too many organizations simply reacting to employee wants and desires without fully understanding the implications or determining the best approach to BYOD. My firm’s work with many organizations leads us to believe that a business must have a complete mobile finance strategy in place to address these critical issues before it implements a broad-based BYOD policy. Failure to do so can lead to unexpected consequences, including significantly higher costs, lack of productivity gains, legal entanglements and decreases in customer satisfaction. Those are risks no chief financial officer is willing to take.