The Benefits and Risks of Various

“Bring Your Own” Policies

Jesse van Oostveen - 10409750

Thesis Bachelor Information Science

Faculty of Science, Mathematics and Information Technology

University of Amsterdam

Final version: 08-07-2015

Supervisor: Loek Stolwijk

Second Reviewer: Dick Heinhuis

1

Abstract

One of the most popular IT trends currently going on within organizations is that of “Bring Your Own Device” (BYOD). More organizations are looking into how they could implement their own BYOD policy. Consequently some find that implementing BYOD is not safe enough and instead opt for a “Choose Your Own Device Policy” (CYOD). Other policies that employers may look into are “Bring Your Own Software” (BYOS) and mixture of both BYOD & BYOS and CYOD & BYOS. The purpose of this thesis is to help organizations gain insight into each of the the five policies and present the benefits and risks that are attached to them. Through a literature study information was gathered of each of the five policies. Potential benefits and risks were also identified. After that a SWOT analysis was performed on each of the five policies to find what benefits and risks come with each policy. Finally a comparative SWOT analysis was done. It was found that BYOD is to be considered. Based upon these findings a number of recommendations are given. Keywords: Bring Your Own Device, Choose Your Own Device, Bring Your Own Software, Benefits, Risks, SWOT Analysis

2

Table of contents

Abstract 1

1 Introduction 4

1.1 Problem statement 6

1.2 Objective 7

1.3 Research question 7

1.4 Design 8

2 Methodology 9

3 Literature study 10

3.1 “Bring Your Own” policies…………………………………………………………………………………10

3.1.1 Bring Your Own Device………………………………………………………………………….10

3.1.1.1 Definition…………………………………………………………………………………..14

3.1.2 Choose Your Own Device………………………………………………………………………15

3.1.2.1 Definition…………………………………………………………………………………..16

3.1.3 Bring Your Own Software………………………………………………………………………16

3.1.3.1 Definition…………………………………………………………………………………..18

3.2 Potential benefits……………………………………………………………………………………………..19

3.2.1 Cost……………………………………………………………………………………………………….19

3.2.2 Human Resources………………………………………………………………………………….21

3.2.2.1 Employer perspective………………………………………………………………..21

3.2.2.2 Employee perspective……………………………………………………………….24

3.2.3 Innovation…………………………………………………………………………………………….25

3.2.3.1 Employer perspective………………………………………………………………..25

3.2.3.2 Employee perspective……………………………………………………………….26

3.3 Potential risks…………………………………………………………………………………………….…….27

3.3.1 Cost……………………………………………………………………………………………………….27

3.3.1.1 Employer perspective………………………………………………………………..27

3.3.1.2 Employee perspective……………………………………………………………….28

3.3.2 Human Resources………………………………………………………………………………….28

3.3.2.1 Employer perspective………………………………………………………………..28

3.3.2.2 Employee perspective……………………………………………………………….30

3.3.3 Legal……………………………………………………………………………………………………..31

3.3.4 Security………………………………………………………………………………………………...32

3.3.4.1 Employer perspective………………………………………………………………..32

3.3.4.2 Employee perspective……………………………………………………………….35

3.3.5 Technical……………………………………………………………………………………………….35

3

4 SWOT Analysis and Results 37

4.1 Bring Your Own Device SWOT Analysis……………………………………………………………..38

4.2 Choose Your Own Device SWOT Analysis………………………………………………………….41

4.3 Bring Your Own Software SWOT Analysis………………………………………………………….43

4.4 Bring Your Own Device & Bring Your Own Software SWOT Analysis………………...45

4.5 Choose Your Own Device & Bring Your Own Software SWOT Analysis………………47

4.6 Comparative SWOT Analysis……………………………………………………………………………..49

5 Conclusion 57

5.1 “Bring Your Own” policies………………………………………………………………………………...57

5.2 Benefits & Risks…………………...…………………………………………………………………………..59

5.3 Recommendations……………………………………………………………………………………………61

5.4 Discussion…………………………………………………………………………………………………………62

6 References 64

4

1 Introduction

With the rise of mobile technology and the amount of consumers owning a mobile device1 2, it

is only natural that these consumers wish to be able to use their own mobile devices for their

work. Being able to use your own phone, tablet or laptop seems much more appealing than

using an immobile, and most of the times outdated, workstation. Forrester Research estimates

that by 2016, 350 million employees will use mobile devices for work of which 200 million will

bring their own (Schadler & McCarthy, 2012).

This concept is known as Bring Your Own Device, hereafter; BYOD, and is a trend that

originated in 2009 when Intel noticed that more and more employees brought their own

mobile devices to use for work (Burns-Sardone, 2014). According to Malcolm Harkins, Chief

Security and Privacy Officer of Intel, rather than rejecting it, the senior staff of Intel embraced

this new phenomenon (Harkins, 2013).

Figure 1: Amount of searches for “Bring Your Own Device” on Google

Although Intel was quick to embrace BYOD, other companies were not. As seen on figure 1, it

took until 2011, when Unisys3 and other technology companies implemented a BYOD policy, for

the BYOD trend to fully emerge. The reason Unisys opted for a BYOD policy, was that they

found that their employees wished to use different devices than the ones Unisys provided them

(Burt, 2011). Furthermore, Unisys had ordered IDC, the International Data Corporation, to

conduct a study on the consumerization of IT. This study found that in 2011 there was a 10

percentage point increase of the use of personal devices for work in comparison with 2010

(Gens et al, 2011). They also predicted that the usage of mobile devices for work would

increase, whereas the usage of desktop pc’s would decrease (Gens et al, 2011). The

1 Source: Number of smartphones sold to end users worldwide from 2007 to 2014. Retrieved from:

http://www.statista.com/statistics/263437/global-smartphone-sales-to-end-users-since-2007/ 2 Source: Worldwide tablet shipments from 2nd quarter 2010 to 1st quarter 2015. Retrieved from: http://www.statista.com/statistics/272070/global-tablet-shipments-by-quarter/ 3 Source: Unisys Establishes a Bring Your Own Device (BYOD) Policy. Retrieved from: http://www.esg-global.com/blogs/unisys-establishes-a-bring-your-own-device-byod-policy/

5

implementation of BYOD by technology companies such as Unisys made many organizations

look at their own workplace policy, and whether they should implement their own BYOD policy.

Furthermore, Gartner predicts that by 2017 half of the employers will require

employees to bring their own device for work4. They also predict that by 2016, 38 percent of

companies expect to stop providing devices to employees, due to the implementation of a

BYOD policy. Though these are just predictions at the moment, they do show that BYOD is a

phenomenon that is expected to grow.

Although some organizations do wish to upgrade to a more mobile workplace, they do not find

that BYOD is their best option. For example, since 2011 the Dutch government has tried to

implement a new policy called ‘New Ways of Working’ (in Dutch: het Nieuwe Werken)5, an

attempt at making the workplace more mobile and less workstation dependent. Their attempt

of BYOD that came with it was called Choose Your Own Device, hereafter; CYOD, in which

employees can choose their own device. These devices are provided by the government, much

like a lease car. The reason that the government opted for CYOD was that the Dutch

intelligence and security service, the AIVD, did not deem BYOD safe enough for use within the

government6.

CYOD could be considered a more restricted choice than BYOD. Although it grants the

employee the choice of a device for work, employees are only allowed to bring in and use those

devices chosen by the organization, consequently making it a more restricted choice.

Conversely, organizations could allow their employees more freedom by letting them use their

own software, which would be Bring Your Own Software, hereafter; BYOS. Employees would be

free in choosing their own software to use for work, be it a different operating system such as

Windows or Linux, or different documentation software such as Google Docs or Office 365.

Usually, when referring to BYOS, it is in combination with BYOD. BYOS is seen as an

extension of BYOD in the consumerization of IT (Castro-Leon, 2014), resulting in the freedom of

letting employees use the software and hardware they desire for work. Although it is not as

likely, BYOS could also be combined with CYOD, resulting in giving employees freedom of

software but restricting them to work related devices only. Taking all these options of “Bring

Your Own” policies in consideration, the following small decision tree can be made:

4 Source: Gartner Predicts by 2017, Half of Employers will Require Employees to Supply Their Own

Device for Work Purposes. Retrieved from: http://www.gartner.com/newsroom/id/2466615 5 Source: Het Nieuwe Werken bij het Rijk; ervaringen uit de praktijk. Retrieved from: http://www.hnwbijhetrijk.nl/files/hnwbijhetrijk_nl/HNWR%20Compleet_versie%20HNW%20week.pdf 6 Source: Bring your own device, choose your own device. Retrieved from: https://www.aivd.nl/publish/pages/2452/bring_your_own_device.pdf

6

Figure 2: Decision tree of “Bring Your Own” policies

1.1 Problem statement

According to Harkins, the payback of BYOD for Intel has been better productivity, an improved

response, containment and recovery time for incidents and greater control due to fewer

unauthorized devices on its network (2013), However, Harkin also says that BYOD comes with

heightened risks, such as having employees carry sensitive company data on their mobile

devices (2013). This shows that although BYOD comes with benefits in the aspect of business

management, it comes with risks in the aspect of security. In his article, “BYOD Trend Pressures

Corporate Networks”, Burt seems to agree, writing that “businesses can save money by letting

employees buy their own devices, but they must then find secure, efficient ways to let

employees, contractors and guests gain access to the corporate network, while protecting data

and applications” (Burt, 2011, p. 30).

To tackle these security issues, a company could opt for CYOD, which provides more

security in comparison with BYOD. However it also restricts employees to these work devices,

making CYOD essentially the same as the “getting your own work device” policy. But the study

by Gens et al. shows exactly that a company-owned device is not what employees want to use,

they want to use their personally-owned devices (2011). This could be seen very clearly at

Unisys, where they found that employees wanted to use their own devices rather than the ones

Unisys was buying them (Burt, 2011). However, Unisys also found that employees wanted to

buy the devices they were most comfortably with (Burt, 2011), which means that Unisys may

not have provided the right devices for their employees. CYOD however, if done right, should

provide choice for the employees, meaning that although it is not as free as BYOD, it could still

provide devices that employees are most comfortable working with.

Lastly, although BYOS might seem like a logical next step, opinions about BYOS are

mixed. In an article of Forbes, an American business magazine, the author wrote that the Bring

Your Own Software trend will be a brief one and that “managing an ecosystem internally with

BYOS is a nightmare because, most often, it’s not integrated with any other solutions and

7

applications”7. The author also describes security risks and argues that data integrity could be

affected by the use of third party software. An author of Wired, an American magazine that

reports on how emerging technologies affect culture, the economy and politics, however had a

much more positive view on BYOS and wrote that it could not only be much cheaper to use

third party software, it can also make the job easier for employees8. Neither authors are

necessarily wrong and these articles show that although BYOS comes with benefits in the

aspect of business management, it also comes with risks in the aspect of security.

This shows that each policy comes with their own benefits and their own risks. And that

is something many organizations fail to think through when implementing a BYOD, CYOD or

BYOS policy. They will focus heavily on the benefits of one aspect, neglecting the risks of a

different aspect.

1.2 Objective

The objective of this research is to highlight the different “Bring Your Own” policies and what

benefits and risks are attached to them. These benefits and risks have various aspects, such as

security or cost for example, and will contain both employee and employer perspectives.

Consequently this research should provide insight on why an organization should pick one

policy over another and will make a number of recommendations in regard to the various

“Bring Your Own” policies.

1.3 Research question

For this research the following main research question is posed:

What are the benefits and risks of the various types of “Bring Your Own” policies?

From the main research question the following three sub-questions are derived:

1. What are the different types of “Bring Your Own” policies?

2. What are the benefits of each “Bring Your Own” policy?

3. What are the risks of each “Bring Your Own” policy?

7 Source: The Bring Your Own Software Trend - And Why It Will Be Brief. Retrieved from: http://www.forbes.com/sites/ciocentral/2013/03/07/the-bring-your-own-software-trend-and-why-it-will-be-brief/ 8 Source: BYOS is Here to Stay, and That’s a Good Thing. Retrieved from: http://www.wired.com/2013/10/byos-is-here-to-stay-and-thats-a-good-thing/

8

1.4 Design

The structure of this thesis is as follows; in chapter 2 the methodology is described. Chapter 3

consists of a literature study where all the “Bring Your Own” policies, the potential benefits and

the potential risks will be researched and defined to answer each of the three sub-questions.

After that, chapter 4 will present a SWOT analysis of every “Bring Your Own” policy and their

respective results and also a comparative SWOT analysis. Chapter 5 will then give a conclusion,

a number of recommendations and will then conclude and reflect this thesis with discussion.

9

2 Methodology

To answer the three sub-questions a literature study was conducted. This literature study

consisted of literature on the three “Bring Your Own” policies and literature on the

consumerization of IT. The literature was found using a variety of search terms such as “Bring

Your Own Device”, “BYOD”, “Choose Your Own Device”, “Bring Your Own Software” and

“consumerization of IT” on both the online University of Amsterdam Library and Google

Scholar. Important to note here is that due to a lackluster result of literature found using these

terms, snowballing was used to gather more relevant literature. Another important note is that

due to the lack of both academic research and academic literature on the “Bring Your Own”

policies and consumerization of IT that was available, practitioner studies and literature were

also included in this literature study.

The literature study gave insight into each of three “Bring Your Own” policies and what

potential benefits and risks are attached to them. From these potential benefits that were

found, three aspects were identified, Cost, Human Resources and Innovation. All three aspects

contained benefits from an employer perspective and both Human Resources and Innovation

also contained benefits from an employee perspective. Likewise for the risks five aspects were

identified, Cost, Human Resources, Legal, Security and Technical, all of which contain employer

perspective and all but Legal and Technical contain employee perspective. After that the

benefits were sorted into strengths and opportunities and the risks were sorted into

weaknesses and threats. Following that a Strengths, Weaknesses, Opportunities, Threats

(SWOT) Analysis was conducted on for each policy. With these SWOT analyses a comparative

SWOT analysis was done from which conclusions were drawn.

10

3 Literature study

First, the “Bring Your Own” policies will be researched in section 3.1, discussing each policy in

sections 3.1.1 through 3.1.3. After that the potential benefits and the potential risks of the

various policies will be discussed in section 3.2 and section 3.3 respectively. These potential

benefits and potential risks consist of both employer and employee perspectives and contain

various aspects, such as Cost or Human Resources.

3.1 "Bring Your Own" policies

This section will discuss the different “Bring Your Own” policies; Bring Your Own Device in

section 3.1.1, Choose Your Own Device in section 3.1.2 and Bring Your Own Software in section

3.1.3. In every section literature on the respective policy will be reviewed, researching what the

“Bring Your Own” policy is and how it is used. Each section will close with an academic

definition of the policy.

3.1.1 Bring Your Own Device

Looking at the academic world, the term “Bring Your Own Device” first appeared in 2004, in a

study by Ballagas et al. The concept that was then associated with BYOD, was not the same as it

is now, but rather the concept of allowing people to interact with large public displays, such as

projectors, using mobile devices, namely camera-enabled mobile phones (Ballagas et al., 2004).

Although this study was used by others, the term “Bring Your Own Device” never stuck around

in this context, and it would take until 2011 for the term to appear again, this time associated

with the current concept of BYOD. Other related terms to BYOD, such as “Bring Your Own

Technology”, “Bring Your Own IT”, “Bring Your Own PC” and “Bring Your Own Computer”

appear to have never been academically used prior to 2011. The only related term really used

academically was “Bring Your Own Laptop”, used to describe students bringing their laptops to

the classroom.

There is however another term that could be very closely associated with BYOD, the

consumerization of IT. Consumerization of IT could be defined as “privately-owned IT resources,

such as devices or software that are “co-used” for business purposes” (Niehaves et al., 2012, p.

1) in which co-used means using it for both personal and work-related tasks. This definition

refers to both devices, such as smartphones, and applications, such as cloud-storage (Niehaves

et al., 2012). This means that the consumerization of IT could be considered both BYOD and

BYOS, and most of the times a mixture of both. However, in this section it will refer to the BYOD

variant.

Going back as far as 2004, Moschella et al. wrote a paper on the consumerization of IT,

in which they write that the defining aspect of consumerization the concept of dual use is, one

device for both personal and work related use. Furthermore they describe the consumerization

of technology as disruptive technology which has three stages. In stage one it is seen as a toy or

11

a joke, as it has less capability than business systems and networks. In stage two it is seen as a

threat, as it now has the same capability as the business systems, disrupting normal

procedures. In stage three it is seen as the obvious, it replaces the previous systems as it has a

higher capability. At the time of writing, Moschella et al. believed that consumer facilities had

well moved beyond stage one and would soon find itself in stage two, disrupting existing

business structures (2004). They also believed that between 2005 and 2015 consumerization

would reach stage three, meaning it would replace the previous business systems. This

prediction was not entirely off, as organizations have been looking into implementing BYOD

since 2011.

Another prediction that they made, tied to BYOD, is that private infrastructures will get

replaced by public infrastructures. They state that chief information officers will need to find a

way to manage this change, and the change of the environment of employee control to

increasing employee choice and freedom (Moschella et al., 2004). A final prediction that

Moschella et al. made was that there would be a broad series of technological changes over the

next two years, and that business had to start responding (2004). This prediction however, did

not turn out to be true. Looking at software, there were no notable technology changes

between 2004 and 2007 that affected businesses, as cloud computing, for example, emerged

much later. Looking at hardware, there were no notable technological changes between 2004

and 2007 either, as the first real smartphones did not come out until 2007 and tablets, as they

are today, did not come out until 2010. Thus, this prediction did not turn out to be true, as

there were no notable technological changes between 2004 and 2006. Additionally, it took until

2011 for organizations, other than Intel who did this in 2009 (Burns-Sardone, 2014), to

implement BYOD.

Looking at the term and concept of BYOD now, there appears to be two types of BYOD in

literature; BYOD in a business setting, much like IT consumerization, and BYOD in an

educational setting, much like “Bring Your Own Laptop”. When writing about BYOD in

education, the general definition appears to be “students using personally owned mobile

devices, such as smartphones, tablets and laptops for education” (Burns-Sardone, 2014;

Imazeki, 2014; Sangani, 2013). Rather than treating these personal devices as a problem,

educators are now seeing that they can be used as learning tools (Sangani, 2013). For example,

they can be used to work on assignments, note taking, research and foster student peer-to-

peer collaboration (Kobus et al., 2013; Lauricella & Kay, 2010).

A general concern however is that these mobile devices can be disruptive to education

(Burns-Sardone, 2014; Imazeki, 2014; Lauricella & Kay, 2010), a concern that is not completely

unfounded as studies have shown that regardless of class policy students will use their devices

to text or to surf the web (Barkhuus, 2005; Clayson and Haley, 2013; Tindell & Bohlander,

2012). Another concern is that not every student may own a mobile device, whether these are

12

laptops or tablets in higher education (Kobus et al., 2013), or smartphones and tablets in lower

education (Burns-Sardone, 2014). Although Kobus et al. found that Dutch university students,

even those of a low income, have a high probability of owning a laptop or tablet (Kobus et al.,

2013), this might not be the case in other countries. More so, parents of children in primary and

high school might not feel the need or have the money for their children to own a smartphone

or tablet (Burns-Sardone, 2014), making BYOD a tough policy for primary and high schools to

implement.

Despite these concerns, there does appear to be a future for BYOD in education. Burns-

Sardone found that high school students are both willing and proficient to use their

smartphones for learning (Burns-Sardone, 2014) and Lauricella & Kay wrote that of the 177

university students they observed, “most students spent over 50% of class time either taking

notes (74%) or engaging in academic activities (68%)” (Lauricella & Kay, 2010, p. 158).

However, since this thesis is about BYOD in a business setting, BYOD in an education setting will

not be discussed any further.

Looking at BYOD in businesses and IT consumerization, it was first implemented by Intel in

2009, who recognized that employees started to bring their own mobile devices to use for work

(Harkins, 2013). By 2010, Intel had about 30.000 employees using their own mobile devices,

and they expected this to grow to 70 percent of its 80.000 employees by 2014 (Harkins, 2013).

Harkins, the former Chief Information Security Officer and current Chief Security and Privacy

Officer of Intel, wrote that the implementation of BYOD gave them better productivity, because

employees respond faster and more with their own devices (Harkins, 2013), improved security,

because mobility improves the response, containment and recovering time from incidents for

Intel (Harkins, 2013), and greater control, because personally-owned devices are encouraged,

making it so that Intel has fewer unauthorized devices on its network (Harkins, 2013). He also

writes that there are heightened risks, as employees carry sensitive data on their personal

devices, but, says Harkin, “organizations must tackle these risks head-on” (Harkins, 2013, para.

7).

However, as stated before, it would still take until 2011 for other organizations to

implement BYOD. One of the early adopters here was Unisys, implementing it as early as

March. Like Intel, they found that more and more employees wanted to bring in their own

device to use for work (Burt, 2011). This was further backed by a study on the consumerization

of IT, conducted by the International Data Corporation, that found that there was a 10

percentage point increase in the use of personal mobile devices for work, from 30.7 percent in

2010 to 40.7 percent in 2011 (Gens et al., 2011). Another important finding by them is the

employee demand for mobility, where employees found that laptops, smartphones and tablets

were more critical for work than desktop pc’s (Gens et al., 2011). Laptops went up from 36

percent in 2010 to 49 percent in 2012, whereas desktop pc’s went down from 51 percent in

13

2010 to 35 percent in 2012. Smartphones and tablets went up 4 and 0 percent to 6 and 9

percent respectively. Further findings were that work is flowing into personal time, making

employees more productive. For example, almost 50 percent had used personal devices to

conduct work while on vacation, 29 percent while in bed and almost 20 percent while driving

(Gens et al., 2011). Lastly, they found that although IT groups acknowledge consumerization,

they are overwhelmed by it, making them struggle to keep up (Gens et al., 2011).

According to Castro-Leon, there are three driving forces behind consumerization; the

changing relationship between workers and employers, the redefining of enterprise boundaries

and the transition to a service-oriented economy (2014). Since 2008 there has been an increase

of a transient workers, such as flex-workers, part-time employees and contractors, whereas

full-time employees are decreasing (Castro-Leon, 2014). These transient workers often brings

their own tools, such as mobile devices. There is also a transition to a service-oriented

economy, leading to more service oriented software and programs, such as cloud services

(Castro-Leon, 2014). As more applications and data are going through the cloud, enterprise

boundaries are getting redefined, as workers can access corporate data from anywhere from

any device (Castro-Leon, 2014). Furthermore, the so called “millennial generation” is starting to

enter the workforce (Castro-Leon, 2014). These workers have a strong preference towards

consumerization, having grown up in this environment of mobile devices and cloud software

(Castro-Leon, 2014).

Consumerization is considered to be a major driver that redefines the relationship

between employees and the information technology organization (Niehaves et al., 2012). This

means that organizations will have to look at their IT organization, as employees will bring in

their personal devices to work despite work policy (D’Arcy, 2011). Banning the use of these

personal devices is also not an option, as this will, according to D’Arcy, “create new bigger

security holes as users skirt IT restrictions” (2011, p. 3). There is a shift in IT from a top-down

innovation to a bottom up-up approach (Niehaves et al., 2012), meaning that organizations will

have to adapt to this reverse technology-adoption life cycle where “employees bring experience

with consumer technologies to the workplace and pressure their companies to adopt new

technologies” (Andriole, 2012, p. 51). It is not just the technology that is affected however, as

consumerization will also affect the way of working (Niehaves et al., 2012).

The study conducted by the IDC was not the only study on the consumerization of IT, on

the contrary, in 2011 there were 15 studies alone. In the working paper, “Towards an IT

Consumerization Theory – A Theory and Practice Review”, Niehaves et al. gathered twenty-two

studies on the consumerization of IT and analyzed what the advantages and disadvantages of

consumerization are in five different areas of information systems; hardware, software, data,

people and procedures (2012). Other points of research were the advantages and

disadvantages of consumerization from both employee and organizational perspectives and

14

which theories in the context of information systems could increase the understanding of the

relationship between consumerization and employee performance (Niehaves et al., 2012).

Looking at the analysis of Niehaves et al. in the five different areas of information

systems, there were eight studies that found consumerization an advantage in the area of

hardware and eight studies that found it a disadvantage. In the area of software,

consumerization is found a clear advantage, where seven studies found that it was an

advantage, and only three studies found it a disadvantage. On the other hand, in the area of

data, consumerization is a clear disadvantage, where thirteen studies found it was a

disadvantage and only one study found it an advantage. Niehaves et al. argue that this is

because consumerization in the data area is primarily associated with negative aspects, such as

compatibility issues or data security risks (2012). Consumerization had the highest impact on

the area of people and procedures where, for the area of people, nineteen studies found that

consumerization was an advantage and only four found it a disadvantage and where, for the

area of procedure, twelve studies found it an advantage whereas fourteen studies found it a

disadvantage. Niehaves et al. wrote that both the area of people and the area of procedures

could directly be linked to the employee perspective and the organizational perspective (2012).

The actual advantages and disadvantages of both these five areas of information

systems and the employee and organizational aspect will not be discussed here, as the

advantages will be discussed in section 3.2 and the disadvantages in section 3.3.

3.1.1.1 Definition

Master student B. Peek wrote in her thesis on BYOD that “a generally accepted definition that

accurately describes the trend of ‘Bring Your Own Device’, or a scientific definition thereof, is

lacking” (Peek, 2012, p. 8). And although much has been written since, this lack of an

academically accepted definition still appears to be the case. Despite this lack of a general

definition, Peek’s own definition, which is: “The phenomenon where employees bring their own

personal mobile devices, such as smartphones, tablets, or laptops to their workplace, and use

their devices to access a variety of company, and personal resources, to perform tasks of both

work-related and personal nature” (Peek, 2012, p. 9), is very similar to what Armando et al. and

Muñoz & Adami define as BYOD, which is “employees using their own mobile devices at work . .

. paradigm in which employees are allowed access to sensitive resources through their personal

devices as long as they agree to comply with the organization's security policy” (Armando et al.,

2014, para. 5) and “The concept of users safely connecting to the company network with their

personal mobile devices to gain access to company resources” (Muñoz & Adami, 2012, p. 6)

respectively.

This shows that despite the lack of a general definition, academics share the same

general definition of what BYOD is, namely “the concept of employees bringing their own

mobile devices to work and using them to access company resources to perform work-related

15

tasks”. Comparing this with other work on BYOD in a business setting you can see that they all

contain this general concept of BYOD. Besides the three mentioned above, “using their own

personal devices for work-related tasks” (Disterer & Kleiner, 2013, p. 44), “allows employees to

use their private and self-financed IT device at work, connect the device to the corporate

network, access corporate data and use it for business purposes” (Loose et al., 2013, p. 3),

“mobile workers bringing their own mobile devices, with their data and applications, into their

workspace for both working and personal use” (Scarfo, 2012, p. 446), and “a business policy

adopted by management where they allow [employees] to use their personally owned devices

like smart phones, ipads, tabs etc at the workplace to access mails, databases etc” (Singh, 2012,

p. 1) are just a few examples of this.

3.1.2 Choose Your Own Device

CYOD was first mentioned in 2012, during the initial hype of BYOD. In his study Kernaghan

describes the issues of implementing a BYOD policy, one of which is how users are unhappy

with the choice of devices by organizations, which is named “choose your own device” (2012).

Master student Laarhuis also named CYOD in his thesis, in a part on the consumerization of IT

(2012). He describes that of the organizations that he researched, some had a CYOD

programme implemented. These CYOD programmes had two variants, one where employees

can choose any phone, so long they are Android or iOS, and one where employees can choose

between three smartphones, two laptops and a tablet (Laarhuis, 2012).

Although organizations were already implementing CYOD policies in 2012, as shown by

Laarhuis, it would take until 2013 for academics to really start mentioning CYOD. Furthermore,

unlike BYOD, CYOD does not have much, if any, literature focused solely on CYOD and what it

could mean for organizations. It is often only mentioned offhandedly, where writers will spend

one line explaining its meaning and then move on (e.g. Al-Khouri, 2013; French et al., 2014;

Loose et al., 2013).

In his publication, Absalom brings up a policy that can be related to CYOD, called

corporate-owned, personally enabled, hereafter; COPE (2013). This policy, much like its name

implies, lets employees use the devices that are provided by their employer for both work and

personal related tasks. This policy can be compared to having a company car (Absalom, 2013),

although they are provided by the organization for employees to use, they are still owned by

the company and they often come with strict rules. Another related policy is corporate-owned,

business only, hereafter; COBO. With this policy employers provide their employees with

mobile devices that are strictly for business usage. Both COPE and COBO can be related to

CYOD, depending on the definition of CYOD. This will be discussed in section 3.1.2.1

CYOD can be considered a safer, albeit more restricted choice than BYOD. Not all

organizations wish to use BYOD as it might, in their eyes, provide risks that are too great

because they, for example, deal with confidential or sensitive information (French et al., 2014).

16

Picking a CYOD policy limits the devices used to access corporate information (Ghosh et al.,

2013) and it lets the employer choose which devices can be used (Laarhuis, 2012). Although this

can be considered beneficial in terms of security, it might not give as much employee

satisfaction as a BYOD policy would (Ghosh et al., 2013).

3.1.2.1 Definition

While, like BYOD, there is no official academic definition for CYOD, academics generally use a

similar definition: “a policy where employees can choose from a set of devices which are

provided by the company” (e.g. Al-Khouri, 2013; Ghosh et al., 2013; Loose et al., 2013). This set

of devices are described as predefined (Kruidhof, 2014; Loose et al., 2013), meaning the

company decides which set of devices they allow for work.

In his thesis Laarhuis states that he found two kinds of CYOD variants, one where

employees can choose any phone, so long they are Android or iOS, and one where employees

can choose between three smartphones, two laptops and a tablet (Laarhuis, 2012). Going by

academic literature, variant one does not fit the general definition of CYOD, whereas variant

two does. Because employees do not pick from a set of predefined devices, but instead can pick

any device so long they have the right platform, variant one can, by current literature, not be

considered CYOD. This would mean that variant one is something else entirely, or the definition

of CYOD needs to include a case like variant one. However, because current literature does not

include it within the definition, variant one can currently not be considered CYOD.

Something that is not included in most definitions is whether these devices that are

provided by employers are strictly for business usage or can be used for personal purposes as

well. Exceptions are both Absalom and Loose et al., who state in their definition that these

devices can be used for personal purposes (2013; 2013). Although there is currently no

literature where CYOD is defined as strictly for business usage, this does not necessarily mean

that the definition of Absalom and Loose et al. are right.

What is more likely is that organizations each have their own CYOD policy, where they

define whether these provided devices can be used for just business or business and personal

purposes. Both COPE and COBO policies can be considered CYOD policies, where COPE is for

both business and personal purpose, and COBO is for strictly business only. Current literature

on CYOD does not rule out either COPE or COBO. Thus, CYOD can be defined in as “a policy

where employees can choose from a set of devices that are provided by the company, which can

be used, depending on the policy of the organization, for either strictly business or business and

personal purposes”. However, it is more likely that employees use them for business only, since

they already own a device for personal use.

17

3.1.3 Bring Your Own Software

Looking at the term “Bring Your Own Software”, very little is written in the academic world

using this term. In an article in Network Security, Van Leeuwen wrote a small piece on what

BYOS is and what the expected advantages and disadvantages were (2014). BYOS here is

described as a policy “where employees are free to use their own software, if they want to” (Van

Leeuwen, 2014, p. 12), with advantages such as an increase of individual user productivity,

easier use of personal software than provided software, and user compatibility with personal

employee devices (Van Leeuwen, 2014). However, Van Leeuwen also wrote that there can also

be some serious disadvantages, such as the lack of compatibility of output files between

different programs and that the IT support staff would have to know all possible software

applications (2014). Lastly Van Leeuwen wrote that all things considered, at that point,

choosing a BYOS policy did not seem like a good idea, but she also argued that more research

should be put into it (2014). While the article of Van Leeuwen provides some information on

BYOS, there is not much insight, it is just some general information on BYOS

Looking at the related term “Bring Your Own Apps” or “Bring Your Own Applications”,

hereafter; BYOA, it too has lackluster results in terms of academic use. There are no scientific

papers or studies aimed specifically at BYOS, and those that do write about BYOS write about it

as an extension of BYOD. For example Castro-Leon wrote that “BYOD can also involve bring

your own app (BYOA)” (2014, p. 20) and Ghosh et al. wrote that “The BYOD concept, is in itself

bringing in a new idea of Bring Your Own Technology (BYOT) and Bring Your Own Software

(BYOS) in which employees use non-corporate software and technology on their device” (2013,

p. 62). Both Castro-Leon and Ghosh et al. imply that BYOD can also involve BYOS, considering it

an addition.

Looking at the consumerization of IT, software is not nearly as much discussed as

hardware. Niehaves et al. define the software aspect of consumerization as “All types of

applications, including cloud-based ones” (Niehaves et al., 2012, p. 5). Most literature however,

focuses primarily on hardware and only have some general information on software. That is not

to say there is no information on the consumerization of software. In 2004 Moschella et al.

were already of the opinion that social networking was going to expand and that specialised

web services would emerge and be integrated into existing business systems. Although 2004

may have been too early to make this prediction, the value of social media has grown

enormous and as of 2010 cloud software has also had enormous growth9. Both social media

platforms and cloud software are finding their way into businesses if they have not done so

already, especially under employees.

9 Source: Gartner Predicts Infrastructure Services Will Accelerate Cloud Computing Growth. Retrieved from: http://www.forbes.com/sites/louiscolumbus/2013/02/19/gartner-predicts-infrastructure-services-will-accelerate-cloud-computing-growth/

18

In their study Gens et al. found that the usage of popular social media such as Twitter,

Facebook or Linkedin is growing in the workplace (2011). The usage of blogs, wikis, forums and

web or audio conferencing systems in the workplace is also growing (Gens et al., 2011). In a

survey done by Gens et al. employees say that they use these platforms for various reasons,

such as customer communication, employee communication, advertising, market research or

employee recruitment (2011). The reason employees choose these platforms is because they

often already use them personally, and wish to use something they are knowledgeable in.

Additionally, these platforms are mostly free, readily available and often already used by other

employees or customers (Gens et al., 2011).

Although Gens et al. showed how much employees value social applications and social

platforms, not much is said about cloud based software. Vaquero et al. defined the cloud in

2008 as “a large pool of easily usable and accessible virtualized resources (such as hardware,

development platforms and/or services)” (2008, p. 51) and identified three scenarios where the

cloud was used; infrastructure as a service (e.g. Dropbox), platform as a service (e.g. Google

Apps or Office 365) and software as a service (e.g. Google Docs). Much like social networking

these cloud based applications can keep employees connected (Schadler & McCarthy, 2012).

Furthermore, it makes it so that employees can work from any location at any time (Schadler &

McCarthy, 2012).

There is also non-cloud based software that employees might prefer over enterprise

software. For example, an employee might prefer using the operating system Linux over

Windows, or use a different spreadsheet program like the one that is used by the company.

Unlike cloud based software and social media or platforms, non-cloud based software is hardly

mentioned in consumerization literature. However, as explained above, Niehaves et al. state

that “All types of applications, including cloud-based ones, are associated with the term

‘software’” (2011, p. 5), meaning that non-cloud based software is also included within the

definition of consumerization of software. It is likely that when employees are allowed to bring

their own devices, they will want to use whichever software they use on it, whether this is

cloud based or not.

3.1.3.1 Definition

Much like BYOD and CYOD, BYOS has no formal definition within literature. Having said that,

most definitions used are fairly similar. In her article Van Leeuwen wrote two definitions of

BYOS, one by Dvorak, a writer for PCmag, which is “people can use their own device, use the

software they have chosen and with which they are familiar” (Van Leeuwen, 2014, p. 12) and

one general definition, which is “policy … where employees are free to use their own software, if

they want to” (Van Leeuwen, 2014, p. 12). Ghosh et al. also mention BYOS, in relation to BYOD,

and define it as “in which employees use non-corporate software … on their device”. Both the

definition by Dvorak and by Ghosh et al. would imply that BYOS is software used by employees

19

on their own devices. However, the definition by Dvorak is not an academic one, and Ghosh et

al. mention BYOS as an extension of BYOD. Ghosh et al. also state that employees would use

non-corporate software, whereas the definition that Van Leeuwen uses states that employees

can use both their own or corporate software.

Looking at the consumerization of IT literature, most writers use a broad definition that

states that “employees use their own applications on their own devices” (e.g. Gens et al., 2011;

Moschella et al., 2004; Schadler & McCarthy, 2012). Important here is that by definition in

consumerization literature these applications are used on personal devices. Furthermore,

Niehaves et al. state that “All types of applications, including cloud-based ones, are associated

with the term “software” (e.g., social networks, Google’s web applications, smartphone apps)”

(2012, p. 5).

Generally speaking BYOS is written about as an extension of BYOD, where employees

are free to use their own software (Van Leeuwen, 2014). Within consumerization literature it is

often about the use of consumer applications on personal devices (e.g. Gens et al., 2011;

Moschella et al., 2004; Niehaves et al., 2012). This makes it a safe conclusion that generally

speaking BYOS is considered an addition of BYOD. Additionally, it is unlikely that there will be a

BYOS policy when there is no BYOD policy. Thus, a general academic definition would be “a

policy where employees are free to use their own software, such as cloud-based software, social

networks and mobile applications, on their own devices”.

Although this thesis also includes the option of a CYOD and BYOS policy, no specific

literature suggests that such a policy is used in practise. Although some literature suggests that

employees are allowed to install their own software (e.g. Ghosh et al., 2013; Kruidhof, 2014), it

is never implied whether this software can be used for work. This could mean that

organizations have no interest in such a policy, or it could mean organizations simply have not

thought of it. However, due to the popularity of CYOD or COPE policies, CYOD and BYOS might

still be a thing in the future. Thus this policy will still be discussed during the SWOT analysis.

3.2 Potential benefits

Through both practitioner and academic literature, three aspects containing potential benefits

were identified; Cost, Human Resources and Innovation. Each of these aspects contain

employer benefits, and both Human Resources and Innovation also contain employee benefits.

The potential benefits of each aspect will now be described and explained.

3.2.1 Cost

In the aspect of Cost there are a couple benefits. Like Corporate Image, these benefits are all

from an employer perspective. Although it is likely that costs will increase during the

implementation phase, it is expected that there will be cost savings on the long term (Peek,

2012).

20

Employers do not have to pay for devices

A benefit that is often mentioned in literature is that employers can save costs by not having to

provide and pay for devices for employees (e. g. Laarhuis, 2012; Miller et al., 2012; Smith &

Forman, 2014) as device and hardware costs are transferred onto the employee (Page, 2014;

Pell, 2014). Traditional hardware costs, such as workstation pc’s, can be reduced by letting

employees bring their own devices (Aerospace Industries Association, 2011; Al-Khouri, 2013;

Peek, 2012), and organizations that provide mobile equipment, such as work phones, to their

employees will no longer have to provide these devices, thus also reducing costs (Ghosh et al.,

2013; Laarhuis, 2012; Miller et al, 2012; Walker-Osborn et al., 2013).

Employers do not have to pay for data plans

Another benefit that is mentioned, often when talking about saving costs on not having to

provide corporate mobile devices, is that employers do not need to pay for data plans that

come with corporate mobile phones (Bell, 2013; French et al., 2014; Miller et al, 2012). As

employees bring in their own personal devices, they will also pay for their own personal data

plan. And because employers no longer need to provide corporate mobile devices, no data

plans need to be provided for these (Bell, 2013; French et al., 2014; Miller et al., 2012).

Employees do not need device training

A benefit that comes with employees bringing in their own device is that they already know

how to use their devices (Niehaves et al., 2012; Page, 2014), thus taking away the need to give

them devices training (Miller et al., 2012; Moschella et al, 2004). Employees use these devices

in their private life, effectively training themselves how to use these devices (Miller et al.,

2012), meaning that employers can save costs on device training (Ghosh et al., 2013; Miller et

al., 2012). Although there is a possibility that employees do not need device training in a CYOD

setting, this would only be the case if employers have the devices that employees are familiar

with. Furthermore employees would not train themselves with these devices in their private

lives, as these devices would be meant for work.

Employers do not need to pay for employee software

With BYOS comes the benefit that employers do not need to pay for employee software, as

employees would provide their own software (Aerospace Industries Association, 2011).

Employees would purchase and provide their own applications, software programs and

operating systems, lowering the costs for organizations (Aerospace Industries Association,

2011; Harris, Junglas, et al., 2011; Moschella et al., 2004). An example of this would be not

having to pay for support or upgrades for an outdated operating system or outdated company

software.

21

Employees do not need software training

Another benefit that comes with BYOS is that employees do not need software training

(Moschella et al., 2004), thus reducing the cost of training. Much like with devices, as they use

the software in their private lives employees are training themselves (Miller et al., 2012).

Furthermore, as new features appear, employees will simply try new things themselves in their

personal time instead of having to be trained by their employees (Murdoch et al., 2010).

Consumes less power

A minor benefit that was mentioned very little is that due to the use of personal or mobile

devices, less power is consumed (Andriole, 2012; Page, 2014). Workstations that consume a lot

of power get replaced by mobile devices. Although these mobile devices still need to be

charged, they often consume less power, thus leading to a decrease (Andriole, 2012).

3.2.2 Human Resources

Most benefits that were discussed in literature can be found in the aspect of Human Resources.

The increase of productivity, for example, was mentioned a lot in literature. For both employers

and employees the most benefits can be found in this aspect.

3.2.2.1 Employer perspective

Increase of employee productivity

One of the benefits that was mentioned most is that allowing employees to bring in their own

technology will increase their productivity (e.g. Earley et al., 2014; Koh et al., 2014; Niehaves et

al., 2012). Allowing employees to make use of their own technology will increase employee

morale (Niehaves et al., 2012), will make employees able to work harder, due to their

familiarity with the device (Disterer & Kleiner, 2013) and will allow employees to work outside

of office hours (Disterer & Kleiner, 2013; Eschelbeck & Schwartzberg, 2012), thus leading to an

increase of employee productivity. Although less impactful than BYOD or BYOS, organizations

with a CYOD policy have also seen an increase of employee productivity (French et al., 2014).

Looking at other organizations, a survey conducted by Cisco showed that the productivity of

employees had increased at workplaces where the use of personal devices was permitted (Koh

et al., 2014). Furthermore in another study 80 percent of the respondents reported an increase

of productivity after introducing a BYOD policy in their workplace (French et al., 2014). Lastly, in

their case study Niehaves et al. found evidence that allowing employees to bring in their own

technology had a positive influence on their work performance (Niehaves et al., 2012).

Increase of employee satisfaction

Another benefit that is often mentioned is that allowing employees to bring in their own

technology will increase their satisfaction (e.g. French et al., 2014; Niehaves et al., 2012; Peek,

22

2012). Not only that, it is one of the main benefits that organizations expect from providing a

“Bring Your Own” policy (Gens et al., 2011; Peek, 2012). Reasons for this increase of satisfaction

are that employees gain flexibility (Peek, 2012; Pell, 2014), freedom of choice (Niehaves et al.,

2012; Peek, 2012) and the ability work with the technology that they prefer and own (French et

al., 2014; Niehaves et al., 2012; Peek, 2012). Furthermore, it makes work more enjoyable for

employees (Niehaves et al., 2012). For example, a study conducted by Dell and Intel showed

that six out of every ten employees would enjoy work more if they were able to use their own

devices (2011a). Lastly, implementing a CYOD policy will also increase employee satisfaction,

but less so than a BYOD policy (Ghosh et al., 2013).

Increase of efficiency

When employees get to bring their own technology, the efficiency of work will increase (French

et al., 2014; Ghosh et al., 2013; Koh et al., 2014). Employees are more familiar and comfortable

with their devices, leading to a more efficient way of working (Ghosh et al., 2013). Furthermore,

according to Harris, Ives et al., allowing employees to bring their own software will cause them

to find applications that can make their work more efficient (2011). In a survey given to

employees Harris, Ives et al. found that 25 percent of the respondents would spend a

considerable time looking for applications that would make them more effective at work

(2011).

Workforce mobility

One of the biggest benefits that comes with both BYOD and CYOD is the benefit of mobility

(Disterer & Kleiner, 2013; French et al., 2014; Peek, 2012). Because of the portability of these

devices employees are able to work from anywhere (Disterer & Kleiner, 2013; French et al.,

2014; Koh et al., 2014) and often do so as well (Avanade, 2012; Gens et al, 2011). Furthermore,

workers are not just able to work from anywhere, they are also willing to. An example of this

are the results of a survey where out of 3000 respondents “almost 50% of information workers

have used consumer technologies to conduct work on vacation, 29% while in bed, almost 20%

while driving and 5% while in a place of worship“ (Gens et al., 2011, p. 5). Thus employees are

more mobile and use this mobility to benefit the organization (French et al., 2014; Peek, 2012).

Work continuity

A benefit that comes with workforce mobility and BYOD is the benefit of work continuity

(Disterer & Kleiner, 2013; Koh et al., 2014; Niehaves et al., 2012). With a BYOD policy

employees will use one device for both personal and business use, which will cause a so called

blurring of work and lifetime (Disterer & Kleiner, 2013; Niehaves et al., 2012; Peek, 2012).

Because of this employees are less able to switch off from work (Dell and Intel, 2011b), there is

a higher demand for reachability outside of work (Disterer & Kleiner, 2013) and more social

obligations between employees (Disterer & Kleiner, 2013), causing them to work more even

23

when not on the job (Disterer & Kleiner, 2013; Niehaves et al., 2012). Consequently, employees

are more willing to work outside of office hours (Avanade, 2012; Disterer & Kleiner, 2013;

Niehaves et al., 2012), on the go (Disterer & Kleiner, 2013; Gens et al., 2011; Van Leeuwen,

2014) and even during holidays or vacation (Aerospace Industries Association, 2011; Gens et al.,

2011). For example, in the aforementioned study of Gens et al. they found that out of over

3000 respondents almost 50% admitted to having worked on vacation. Niehaves et al. also

found in their case study that with the use of personal devices there is a tendency to extend

working time for employees (2012).

Less need to give employees information technology support

With employees bringing in their own technology comes the benefit that these employees

often do not require support (Laarhuis, 2011; Pell, 2014). In his thesis study Laarhuis found that

within an organization that implemented CYOD, there were fewer support requests. Because

employees use technologies that they are familiar with, they are more competent with these

technologies (Prete et al., 2011) and because of that are more easily able to solve problems

(Dell and Intel, 2011a). Thus, BYOD, BYOS and CYOD, provided employees are familiar with the

selection of devices, can lead to fewer support requests, and less of a need of information

technology support overall.

More attractive to potential employees

Implementing a BYOD policy can give the organization an employee-friendly and forward-

looking corporate image (Meulensteen, 2014). Furthermore, it makes an organization more

attractive to future employees (Disterer & Kleiner, 2013; French et al., 2014; Loose et al., 2013;

Peek, 2012). A highly significant correlation was found between the attractiveness of an

organization offering a BYOD policy and the intention of future employees to use their own

devices (Loose et al., 2013).

This attractiveness is especially true for young workers of the so called “millennial

generation” (Castro-Leon, 2014; Disterer & Kleiner, 2013; Loose et al., 2013; Peek, 2012), who

are considered digital natives having grown up with these devices (Drury & Absalom, 2012;

Loose et al., 2013). These young workers often expect to be allowed to use their own devices

(Castro-Leon, 2014; Drury & Absalom, 2012; Loose et al., 2013). Furthermore, implementing a

BYOD policy may even play a vital role (Loose et al., 2013), as organizations that do not allow

personal devices may struggle to find new talent (Hanify, 2014). For example, Jill Knesek, head

of security of BT, has said that the lack of a BYOD policy in their organization is affecting their

ability to recruit new talent10.

10 Source: BT security chief: We are ‘struggling and overly conservative’ on BYOD and cloud. Retrieved from: http://www.computerworlduk.com/news/it-vendors/bt-security-chief-we-are-struggling-overly-conservative-on-byod-cloud-3443530/

24

This shows that despite being a major company, the lack of a BYOD policy will affect the ability

to recruit young talent.

Lastly, BYOD can also be very attractive to transient workers (Castro-Leon, 2014). As

these transient workers often only work with an organization for a relatively short time, it is

impractical to adopt to the existing tools and processes (Castro-Leon, 2014). Instead these

transient workers would rather bring their own tools, thus making BYOD a more attractive

policy for them.

3.2.2.2 Employee perspective

Increase of job satisfaction

From an employee perspective a major benefit is that with employees being able to use their

own technology they gain job satisfaction (Niehaves et al., 2012; Peek, 2012; Scarfo, 2012).

Consumer technology, both hardware and software, is considered more fun, more intuitive and

better for what people want to do than enterprise technology (Harris, Ives et al., 2011;

Murdoch et al., 2010), leading to an increase of job satisfaction (Niehaves et al., 2012). CYOD is

also said to increase job satisfaction, though to a lesser extent than BYOD (Ghosh et al., 2013),

provided the organization has devices that the employees want.

Increase of flexibility

A benefit that comes with the mobility of BYOD and CYOD is that employees can be much more

flexible with their work (Disterer & Kleiner, 2013; Niehaves et al., 2012; Peek, 2012), more so

with BYOD than with CYOD. Employees are able to work wherever and whenever they want to

(Disterer & Kleiner, 2013; Ghosh et al., 2013; Niehaves et al., 2012) and where or when they are

needed (Pell, 2014) making their work much more flexible. It is not just the flexibility of where

and when employees work, but also how they work (Loose at al., 2013; Niehaves et al., 2012).

Although software is hardly mentioned when talking about flexibility, an employee that was

interviewed by Niehaves et al. did remark that “If I were allowed to use private software, this

would make me more independent […] depending on the rights granted or not granted. […] All

in all I would be more flexible” (Niehaves et al., 2012, p. 16). Thus, an employee would most

likely be more flexible when allowed to bring their own software as well.

Increase of autonomy

Another benefit that comes with BYOD, BYOS and to a lesser extent CYOD, is greater freedom

or autonomy for the employee (Disterer & Kleiner, 2011; Niehaves et al., 2012; Peek, 2012). As

employees are more familiar with the technology that they use (Disterer & Kleiner, 2011), they

are able to make their own technical decisions and require less support of the organization

(Harris, Ives et al., 2011). Furthermore, with BYOD comes the freedom to do work from

whichever device an employee wants to use. BYOS is also considered to provide more

autonomy, as employees become even more independent and flexible (Niehaves et al., 2012).

25

More convenient

The benefit of convenience comes with the fact that employees will no longer have to carry

both personal and business devices (Miller et al., 2012; Niehaves et al., 2012; Peek, 2012). In

her case study Peek found that employees found it very beneficial that they no longer had to

carry around multiple devices for both work and personal matters (2011). Consequently

employees only have to remember to bring one smartphone to work, use this to check their

work emails and use it make calls, while also being able to use it for personal matters.

Compared to having two smartphones where one is strictly for business use, BYOD is much

more convenient (French et al., 2014; Koh et al., 2014).

More intuitive

A benefit that comes with both BYOD and BYOS is that employees are more familiar with the

technology that they bring. Because employees are more familiar with the devices and software

and use it in their private lives, they find them more comfortable (Disterer & Kleiner, 2013;

Ghosh et al., 2013; Niehaves et al., 2012) and are more intuitive to using them (Harris, Ives et

al., 2011; Moschella et al., 2004; Murdoch et al., 2010).

Connectivity

A final benefit in the aspect of Human Resources that comes with both BYOD and CYOD is that

of connectivity (Drury & Absalom, 2012; Disterer & Kleiner, 2013; Koh et al., 2014). By giving

employees work devices, or allowing them to use their personal devices, they have access to

company resources and are able to do work at any place (Drury & Absalom, 2012; Ghosh et al.,

2013; Koh et al., 2014).

3.2.3 Innovation

In the aspect of Innovation there are several employer benefits and one employee benefit.

These benefits are related to the innovation that comes with bringing in both new and existing

consumer technology.

3.2.3.1 Employer perspective

New technology adoption

One of the benefits of employees bringing their own technology is that these employees bring

new technology (Gens et al., 2011; Ghosh et al., 2013). Generally speaking new technology will

enter the consumer market way before it gets adopted by organizations (Earley et al., 2014)

and employees will often buy this new technology, whereas for organizations it could take

years before they buy this. The same can be argued for software where employees, preferably

if the organization allows it, bring new applications before organizations even think of using

26

those (Earley et al., 2014). Thus allowing employees to bring their own technology can lead to

the adoption of new technology.

Faster adoption of technology

Another benefit is that employees adopt new technology faster compared to organizations

(Aerospace Industries Association, 2011; Murdoch et al., 2010; Niehaves et al., 2012). The

technology cycle of employees is far shorter than that of organizations (Harris, Ives et al., 2011;

Harris, Junglas et al., 2011; Murdoch et al., 2010) for both hardware and software. For example,

consumers, or in this case the employees, replace their smartphones every 20 months, whereas

organizations change these every 28 months (Murdoch et al., 2010). Another example is an

operating system, which employees generally change every three-and-a-half years, but an

organization changes every eight years (Murdoch et al., 2010). Thus, having employees bring

their own technology can help keep the organization stay in tune with the latest capabilities of

hardware and software (Laarhuis, 2011).

New technologies open new opportunities

Allowing employees to bring their own technology may lead to new opportunities and

innovations (Avanade, 2012). For example, the idea of a Canadian nurse to use the camera of

mobile phones lead to lower costs, enhanced patient care and reduced staff frustration for the

hospital that she worked at (Harris, Ives et al., 2011). Furthermore, these new technologies may

lead to new ways to approach new and existing customers for both employees and employers

(Gens et al., 2011; Niehaves et al., 2012). Lastly, because of the innovation that comes with new

technology, organizations can become more competitive in the market (Ghosh et al., 2013;

Scarfo, 2012).

Consumer technology has more computing power

As explained previously, organizations often take longer to gain new technology, whereas most

consumers, or employees, try to keep up with the newest technology (Harris, Ives et al., 2011;

Harris, Junglas et al., 2011; Murdoch et al., 2010). As technology evolves it gains more

computing power, thus, devices and applications brought by employees are often more

powerful than those used by organizations (Harris, Ives et al., 2011; Murdoch et al., 2010).

Furthermore, consumer applications, such as those by Microsoft or Google, often work with

massive computing power that are used and improved by people around the world (Murdoch

et al., 2010). Enterprise applications cannot keep up with this, simply because the scale is not

there (Murdoch et al., 2010).

27

3.2.3.2 Employee perspective

Able to solve business problems using consumer technology

A benefit from an employee perspective is that employers can use consumer technology to

solve business problems (Andriole, 2012). For example, the aforementioned Canadian nurse

solved an existing business problem by using her camera phone which in turn lowered costs,

enhanced the patient care and reduced staff frustration (Harris, Ives et al., 2011). Letting

employees bring their own technology lets them be more innovative (Harris, Ives et al., 2011;

Harris, Junglas et al., 2011; Peek, 2012) due to their familiarity with this technology. Thus they

can use their technology to solve obstacles that would keep them from doing their work

(Andriole, 2012).

3.3 Potential risks

For the potential risks five aspects were identified, Cost, Human Resources, Legal, Security and

Technical. Most of these risks are from an employer perspective, as they are put much more at

risks than employees are, but there are however risks from an employee perspective in the

aspect of Cost, Human Resources and Security. The potential risks will now be described and

explained.

3.3.1 Cost

As was explained in the Cost aspect of the potential benefits, although cost savings are

expected on the long term, it is also expected that costs will increase during the

implementation phase (Peek, 2012). This is because employers will need to invest. There are

however more risks than just investment in the Cost aspect.

3.3.1.1 Employer perspective

Employers need to invest in security

Before employers can truly implement a BYOD, BYOS or even a CYOD policy, they will need to

invest in security. This investment is absolutely required (French al., 2014; D’Arcy, 2011; Harris

et al., 2012), as security risks will be much higher (Disterer & Kleiner, 2013). For example, when

employees are allowed to bring their personal devices there is a higher chance of malicious

software entering corporate network (Ghosh et al., 2013; Romer, 2014).

Employers need to invest in devices

In the case of CYOD, employers will also need to invest in a set of devices that employees will

want to use (Disterer & Kleiner, 2013). This set needs to be revised often, as consumer

technology is highly divergent and quickly changing, and so are the wishes of employees

(Disterer & Kleiner, 2013).

28

Employees will need security training

Another risk in the aspect of cost is that employees will need security training (Avanade, 2012;

French et al., 2014), thus costing an employer. Employees are not aware of the security risks

and do not believe that security is their responsibility (Thomson, 2012). Thus, they have to be

made aware of the risks through security training.

Multiple platforms will need support

Employers will also need to invest in the integration of multiple platforms (Aerospace Industries

Association, 2011; Disterer & Kleiner, 2013; French et al., 2014). Not only will they have to

invest in this integration, they will also have to invest in supporting all these platforms (Disterer

& Kleiner, 2013; D’Arcy, 2011; French et al., 2014). Furthermore, in the case of BYOS,

applications may not be compatible, thus requiring an adjustment to be made which could also

lead to extra costs (Van Leeuwen, 2014).

Incompatibility of legacy systems

A final risk for an employer is that the legacy systems might be incompatible with personal

technology or corporate owned devices (Murdoch et al., 2010; Niehaves et al., 2012). This

would require an employer to invest in ways to make it compatible, or possibly even replace

legacy systems, which could all turn out to be very costly.

Security failure could lead to extra costs

The final and potentially most devastating risk for employers is that with BYOD and BYOS, and

to a lesser extent CYOD, security is more likely to fail leading to high costs (Dimensional

Research, 2012; Thomson, 2012) or, in the worst case, business discontinuity (Bell, 2013). As

more employees start bringing in mobile devices, the chances of a security failure also increase

(Thomson, 2012). These costs can be extremely high. For example, in a survey conducted by

Dimensional Research 57% of the surveyed organizations responded that mobile security

incidents cost them from $10,000 to more than $500,000 (2012). Not only that, there is also the

cost that comes with the damage to the corporate reputation (Thomson, 2012).

3.3.1.2 Employee perspective

Higher costs for employee

A potential risk that comes with BYOD, and to a lesser extent BYOS, is that there are higher

costs for an employee (Peek, 2012). Not only will organizations with a BYOD policy require

employees to buy and bring their own devices, it will also require employees to pay for

maintenance and support for the device (Peek, 2012). For example, if an employee breaks his

or her device, she will be required to repair it as soon as possible, as she cannot work without

it. Furthermore, if the device cannot be repaired, the employee is required to purchase a

29

replacement. In the case of a laptop or tablet breaking, this could potentially lead to some very

high costs for an employee.

3.3.2 Human Resources

The aspect of Human Resources contains risks such as the disruptiveness of personal devices

and the potential unhappiness of employees with a work policy. For employees there are also

potential risks such as an increase of workload.

3.3.2.1 Employer perspective

IT will need to support multiple platforms

Other than the support of multiple platforms being a risk in the Cost aspect, it can also be

considered a risk in the aspect of Human Resources. Although in the Cost aspect it is mainly

about the cost of integration, in the aspect of Human Resources it is about the need of IT to

support multiple platforms. Although support requests supposedly decrease with a “Bring Your

Own” policy (Laarhuis, 2012), IT will still need to be able to support those employees that need

it (Dell and Intel, 2011a). In the case of BYOD and CYOD IT will need to be able to support

multiple software platforms (Castro-Leon, 2014; Disterer & Kleiner, 2013; Smith & Forman,

2014). Although this is easier with CYOD, as corporate decides which platforms will be used, it

does increase complexity. For example, not all IT employees are familiar with Apple products

and are thus unable to provide support for this platform (French et al., 2014). This complexity

increases even further in a BYOS situation (Disterer & Kleiner, 2013; Gens et al., 2011; Van

Leeuwen, 2014). As Gens et al. put it, IT will need to support “more devices, times more apps,

equals exponentially more complexity” (Gens et al., 2011, p. 4).

Disruptive

A risk that comes with the introduction of personal devices in the workplace, is that these

personal devices may be disruptive to work (Davenport, 2011; French et al., 2014; Laarhuis,

2012). For example, some employees might not have the discipline and will spend a lot of time

surfing the web, checking social media or sending personal messages (Davenport, 2011). While

this may not be the case for most employees, it is a risk that needs to be kept in mind.

Recruiting

Introducing a CYOD policy may have an impact on the recruiting capabilities of an organization

(D’Arcy, 2011; Loose et al., 2013; Miller et al., 2012). As the so called millennial generation is

entering the workforce, there a strong expectation of being allowed to bring your own

technology (Miller et al., 2012). Not allowing workers to bring their own technology may affect

the ability to bring in and keep top talent (D’Arcy, 2011; Thomson, 2012), it could even be vital

for the younger workers (Loose et al., 2013).

30

Unhappiness with work policy

Another risk that comes with BYOD and CYOD is that some employees could be unhappy with

the policy and either ignore it (D’Arcy, 2011; French et al., 2014 Peek, 2012) or leave the

organization to work somewhere else (D’Arcy, 2011; Loose et al., 2013). In the case of CYOD, it

is often because employees are unhappy with the set of devices that are provided by the

organization (Avanade, 2012; Kernaghan, 2012). In a survey conducted by Avanade, 25 percent

of the surveyed employees said the organization they work for did not have the type of device

they want, 25 percent said the devices did not have the capabilities they want and 20 percent

said the organization did not provide the brand that they wanted (Avanade, 2012). It is difficult

for organizations to keep up their chosen set of devices with the quickly changing demands of

employees and there is always a risk that a platform will no longer be demanded (Disterer &

Kleiner, 2013). Furthermore, when employees are used to their own personal devices, they

could build up a reluctance to use corporate devices (Miller, 2013). Especially young workers

consider their own personal devices as superior to corporate devices (Loose et al., 2013).

Likewise, employees might not be appreciative of a BYOD policy (Dell and Intel, 2011a;

Drury & Absalom, 2012). Although it is uncommon among those that grew up with these

devices (Drury & Absalom, 2012), there are also workers that prefer to keep personal and work

devices separated (Dell and Intel, 2011a; Drury & Absalom, 2012). Another factor here is where

the organization is based. For example, according to Dell and Intel, a proportion of the workers

in Western European countries, Australia and North America would rather keep their personal

and work devices separate, whereas a large majority of workers of countries in Asia and South

America are quite happy to use the same device (Dell and Intel, 2011a).

3.3.2.2 Employee perspective

Increase of workload

From an employee perspective, one of the risks that comes with BYOD and BYOS is that it

increases the workload (Gens et al., 2011; Loose et al., 2013; Niehaves et al., 2012). Because

employers are able to work at any time from any place, they are also expected to do more

work. Especially IT departments are of the opinion that BYOD and BYOS will increase their

workload (Gens et al., 2011). They will need to manage more platforms and applications while

also dealing with more security threats (Gens et al., 2011).

Overlap between personal and work time

Another thing that comes with BYOD is that there will be an overlap between personal and

work time, possibly leading to working longer hours. Although this could be considered a

benefit, it can also be considered a risk, as employees may be expected to do work outside of

office hours (Aerospace Industries Association, 2011; Disterer & Kleiner, 2013; Peek, 2012).

Because of BYOD, employees are less able to switch off from work (Dell and Intel, 2011b) and

31

feel a pressure to work longer hours (Dell and Intel, 2011a), something that employees might

not always be appreciative of (Drury & Absalom, 2012; Hanify, 2014; Peek, 2012). For example,

Chicago police officers sued their department because they felt forced to respond to emails and

calls outside of work hours11. Lastly, according to Drury & Absalom there is a higher level of

comfort with this overlap of personal and work time in high-growth markets, such as Brazil,

India and South Africa, than there is in mature markets, such as France, Germany and the US

(2012).

Loss of privacy

A final potential risk for employees that comes with BYOD is the risk of losing, or having less

privacy (Disterer & Kleiner, 2013; Peek, 2012; Smith & Forman, 2014). As employees start using

their personal devices for work, company data will inevitably be stored on these personal

devices (Castro-Leon, 2014; Ghosh et al., 2013; Miller et al., 2012). Organizations will want to

protect this data, and in order to do so they will most likely want to monitor these devices

(Peek, 2012; Smith & Forman, 2014; Walker-Osborn et al., 2013). As personal data will also be

stored on the device, it will put the privacy of an employee at risk (Disterer & Kleiner, 2013,

Ghosh et al., 2013; Miller et al., 2012).

3.3.3 Legal

In the aspect of legal there are a couple of risks for employers. Some of these however are very

dependent on the national law.

Data loss accountability

With both BYOD and CYOD comes an increased chance of losing data, and with that the risk of

accountability. Although the question who owns corporate data on a personal device might

have a different answer in different countries (Harris, Ives et al., 2011), generally speaking the

organization is still responsible, as it is corporate data (French et al., 2014; Eschelbeck &

Schwartzberg, 2012; Pell, 2014). Thus, with corporate data being carried around on personal

and corporate data, there is an increased risk that organizations are accountable for. There are

also industries, such as the medical field or banking industry, where organizations should be

even more careful with BYOD, as government regulations may not allow corporate data leaving

the organization on personal devices (French et al., 2014).

Wage and hour violations

With BYOD, CYOD and BYOS comes the ability to do work outside of the office and outside of

work time. However, for the employer this also brings a risk of wage and hour violations (Smith

11 Source: BYOD Lawsuits Loom as Work Gets Personal. Retrieved from: http://www.cio.com/article/2386534/byod/byod-lawsuits-loom-as-work-gets-personal.html

32

& Forman, 2014). It can be difficult for both employers and employees to record and

compensate overtime when the employee works on their own devices (Smith & Forman, 2014).

There are also employees that may not want to work outside of works hours, but feel expected

to. This could lead to lawsuits, such as the aforementioned lawsuit by Chicago policemen that

felt like they were forced to respond to calls outside of work hours.

Software licensing

A risk in the aspect of Legal that comes with BYOS is that there may be software licensing issues

(Aerospace Industries Association, 2011; D’Arcy, 2011). Companies will have to take a good

look at software licensing, as software vendors make distinctions between different user

categories (D’Arcy, 2011). Furthermore, employees might be using unlicensed or illegal

software, of which the organization may be held responsible (Van Leeuwen, 2014). Lastly, since

an organization is not the owner of the software, it cannot hold the supplier liable if the

software fails (Van Leeuwen, 2014).

International law

A final risk that employers may come across is that of international law. In the case of BYOD and

CYOD, if an employer were to cross the border custom officials may have the right to examine

anything that is being carried on a mobile device, which could include corporate data

(Aerospace Industries Association, 2011). In the case of BYOS, data can be stored on a cloud

server that could be in a different country, meaning that the laws of the host country would

apply (Smith, 2009). Some countries, such as the US, have laws that may allow them to gain

access to this data (Van Leeuwen, 2014).

3.3.4 Security

For an employer most risks can be found in the aspect of security. When written about risks,

security was often the most mentioned within literature. Effectively, employers are no longer in

control of devices and data (Castro-Leon, 2014; Ghosh et al., 2013; Miller et al., 2012), making

security quite difficult.

3.3.4.1 Employer perspective

Loss of control

Employers are effectively losing control with the introduction of a BYOD and BYOS policy

(Castro-Leon, 2014; Earley et al., 2014; Ghosh et al., 2013). They lose control due to a couple of

reasons. First of all the amount of devices that will connect to the corporate network will

increase exponentially (Koh et al., 2014), making it harder to control all the devices (Ghosh et

al., 2013; Meulensteen, 2014). Secondly, organizations can no longer control which devices can

connect to corporate network (Castro-Leon, 2014). Thirdly, corporate data will be on devices

that are not managed by the organization (Andriole, 2012; Earley et al., 2014; Niehaves et al.,

33

2012). And finally, it will be difficult to control and manage employees working from a different

location (D’Arcy, 2011). Other reasons are a lack of uniformity between devices (Van Leeuwen,

2014), new technology entering before it is leveraged by the organization (Earley et al., 2014)

and the inability to know where corporate data is due to the many different devices and

applications (Absalom, 2013; Niehaves et al., 2012).

Lose ownership of data to a third party

If policy allows it many employees are likely to use, often free, cloud based services (D’Arcy,

2011; Romer, 2014). Not only is it harder to protect externally stored data (Aerospace

Industries Association, 2011; Niehaves et al., 2012), there is also a very real danger that third

parties may claim ownership over data that is stored within their cloud servers (Romer, 2014).

For example, the terms of Google drive state that “by using the service, customers grant Google

and its partners the right to reproduce and modify any uploaded data in order to operate,

promote, or improve Google services” (Romer, 2014, p. 14). Employees are often unknowing of

the terms that cloud services have and will almost always give consent, thus giving cloud

services ownership of corporate data.

Corporate data will be stored on personal devices and applications

With a BYOD and BYOS policy employees will most definitely store corporate data on personal

devices and applications (Castro-Leon, 2014; Ghosh et al., 2013; Miller et al., 2012). For

example, according to Dimensional Research, customer data that was stored on personal

devices increased from 47 percent in 2012 to 53 percent in 2013 (2012). Not only is it very

difficult to separate personal and corporate data on these devices (Disterer & Kleiner, 2013),the

data is also impossible to control and could lead to very damaging data leaks (Niehaves et al.,

2012). Furthermore, if organizations do not have back-ups of this data, the loss of a device

could lead to a loss of corporate data and intellectual property (Page, 2014). Additionally, as

explained before, the use of cloud services may lead to the loss of ownership (Romer, 2014).

Increased risk of data leaks

By allowing employees to transport personal or corporate devices with sensitive data on them,

there is an increased chance of data leaks (Dimensional Research, 2012; Koh et al., 2014; Smith

& Forman, 2014). Devices containing corporate data can easily be lost or stolen (Ghosh et al.,

2013; Smith & Forman, 2014), and these devices often have weak or no security whatsoever

(Ghosh et al., 2013; Koh et al., 2014; Peraković et al., 2012) as most of these devices were not

designed with data security in mind and users often have them turned off for convenience

(Romer, 2014). There is also the chance that disgruntled employees that leave the organization

may bring valuable corporate data with them to a competitor (Ghosh et al., 2013). Lastly, there

is also an increased risk of data leaks when employees use public cloud services (Romer, 2014).

34

These public cloud services are often not as secure (Bisong & Rahman, 2011) and also add the

risk of third parties claiming ownership (Romer, 2014).

Data confidentiality and integrity may get compromised

With the mixing of personal and corporate data there is a risk that the confidentiality and the

integrity of corporate data may get compromised (Disterer & Kleiner, 2013; Peek, 2012; Romer,

2014). For example, unauthorized parties, such as an employee family member or friend, might

accidentally gain access to corporate data by using the device of an employee, thus

compromising the integrity of the data (Disterer & Kleiner, 2013; Smith & Forman, 2014). There

is also a risk that personal data may accidentally end up within corporate file servers (Romer,

2014)

More vulnerable to attacks

Another security risk is that introducing a BYOD and BYOS policy makes an organization more

vulnerable to attacks (Ghosh et al., 2013; Koh et al., 2014; Miller, 2013). Being able to bring any

device or application makes an organization more vulnerable to malicious software, such as

viruses and malware (Ghosh et al., 2013; Romer, 2014). A lot of users do not have security on

their mobile devices (Ghosh et al., 2013), perhaps with the exception of their laptop, and are

not aware of the danger they could pose. As Disterer & Kleiner put it, “it must be assumed that

the negligent or incautious behavior of users during private use will be transferred to business

use”(2013, p. 46). Employees will then connect their devices with the corporate network,

accidentally spreading the malicious software, leading to an infected corporate network (Earley

et al., 2014, Koh et al., 2014; Miller, 2012). There is already an increase of mobile device

targeted malware (Romer, 2014), and employees are often completely unaware that their

mobile device is even infected.

Employee software may not be up to date

Because employers are no longer in control of devices, they are also unable to force employees

to keep their software updated. This can be a risk for employers, as unpatched software is more

vulnerable to potential attacks, such as hackers or malware (Armando et al., 2014; Van

Leeuwen, 2014). This appears to be more so with Android than with Apple, as Android is an

open source platform and is thus more exposed to potential threats (Scarfo, 2012). There is also

the issue of discontinued and thus unsupported software (Van Leeuwen, 2014). As this

software is no longer supported, it will also pose a significant risk.

Disregard of policy

Completely banning the use of personal devices may inadvertently create bigger security holes

(D’Arcy, 2011). There is a risk that employees will disregard policy and bring their own devices

for work (French et al., 2014; Miller et al., 2012; Peek, 2012). Employees may do this because

35

they feel like their own device is superior (Miller et al., 2012; Murdoch et al., 2010) or because

they are unaware of the risks (Disterer & Kleiner, 2013; Miller et al., 2012; Niehaves et al.,

2012). Completely banning the use of personal devices may be impossible (D’Arcy, 2011;

Eschelbeck & Schwartzberg, 2012; Koh et al., 2014) and employees will likely ignore such a

policy (French et al., 2014; Miller et al., 2012), thus creating bigger risks (Eschelbeck &

Schwartzberg, 2012; Niehaves et al., 2012; Peek, 2012).

Disregarding policy may also be a minor risk with BYOD. Most BYOD policies include a

security measure that states a personal device with corporate data should be completely wiped

if lost or stolen (Disterer & Kleiner, 2013; Harris, Ives et al., 2011; Peek, 2012). Employees that

are aware of this may not alert the organization immediately, if at all, if their device is lost or

stolen because they do not wish their data to be wiped (Kernaghan, 2012). This can potentially

create a data leak because an employee disregarded policy.

3.3.4.2 Employee perspective

Personal data may get wiped

A risk from an employee perspective is that most BYOD policies have a security method that

requires the organization to wipe the device in case it is lost or stolen (Disterer & Kleiner, 2013;

Harris, Ives et al., 2011; Peek, 2012). However, because personal and corporate data are not

separated, personal data will also be wiped from the device (Disterer & Kleiner, 2013; Harris,

Ives et al., 2011). This puts the personal data of employees at risk, and employees should be

aware of this. There is also a chance that the data will be wiped by accident. For example, there

has been a case where the iPhone of an employee was accidentally wiped, resulting in the loss

of personal data (Hanify, 2014).

Employees may be required to give up their device

A final risk for employees is that organizations may require employees to give them their

device, and their data (Aerospace Industries Association, 2011; Burt, 2011; Smith & Forman,

2014). For example, in the event of a data leak, employers will want to investigate what

happened. Employees may be required to give up their devices which will not be returned

pending the investigation (Burt, 2011; Smith & Forman, 2014). Some employees may not agree,

and will try to settle it in court. Legally, there have been cases in favor of employees, but also

cases in favor of employers (Smith & Forman, 2014). Thus it is a risk that employees should

consider.

3.3.5 Technical

In the technical aspect that are three risks for an employer. There is a risk that the technical

infrastructure of an organization is insufficient, and there are risks that come with employees

relying on their devices and on third party services.

36

Network infrastructure may be unable to cope with the extra demand

As employees start bringing in more devices, organizations will have to ensure that the network

infrastructure is able to cope with the extra demand (Drury & Absalom, 2012; Meulensteen,

2014; Oliver, 2012). When employees are allowed to bring their own devices the number of

devices that will need to connect to corporate network will grow exponentially (Dimensional

Research, 2012; Koh et al., 2014). For example, in a survey conducted by Dimensional Research,

organizations were asked how much growth of devices that connected to the corporate

network there had been in the two years since they had implemented a BYOD policy (2012). 96

percent of these organizations said they had seen an increase, and 45 percent said it was more

than five times as many devices (Dimensional Research, 2012). This shows not only the growth,

but also the risk of not having a sufficient network infrastructure, as the network may get

clogged up by the amount of growth (Drury & Absalom, 2012).

Employees are dependent on service by third parties

Other than the security risks that come with third party services, there is also a risk of service

disruption (Bisong & Rahman, 2011). As employees start using cloud based software, they are

dependent on the availability of the cloud service (Bisong & Rahman, 2011; Niehaves et al.,

2012). Consequently, if a cloud service is unavailable, an employee will either not be able to do

work, or will have to find an alternative. As these cloud services are mostly free, and not

corporate owned, organizations can also not hold the third party liable if the service is

unavailable.

Inability to do work due to mobile device failure

With both BYOD and CYOD comes an increased risk of device failure, more so with BYOD than

with CYOD. Mobile devices are more fragile than standard workstations, and there could be a

disruption to work if the device of an employee fails to work (Aerospace Industries Association,

2011). For example, if an employee breaks the device, he or she will not able to work until it is

repaired. Although in the case of a CYOD policy the employer could provide an alternative, in

the case of BYOD the employee will have to purchase and bring their own alternative. The odds

of a device breaking is higher with personal devices because employees are constantly using

them, whereas with CYOD, ideally, an employee will only be using it at work.

37

4 SWOT Analysis and Results

First all Bring Your Own Policy will be SWOT analyzed and discussed through section 4.1

through 4.5. Every potential benefit is placed within Strengths and Opportunities and every

potential risk is placed within Weaknesses and Threats. Because there are both employer and

employee perspectives for the benefits and risks, employer perspectives are written in blue and

employee perspectives are written in red. After that a Comparative SWOT will be made of all

the Bring Your Own policies and discussed in section 4.6.

38

4.1 Bring Your Own Device SWOT Analysis

Figure 3: SWOT Analysis of Bring Your Own Device

39

Strengths that come with BYOD is that employers do not need to pay for devices, data plans

and device training, as employees purchase and these themselves. Because employees are

familiar with their device, they do not require as much support from corporate IT either. It also

saves costs by consuming less power, since workstations are replaced by mobile devices. These

devices that employees are bringing are often more powerful than the devices that corporate

use. Furthermore, if a new device comes out it is likely that an employee will buy this device

faster than that corporate would be able to provide this new device. Another strength is that a

BYOD policy is more attractive to potential employees. Especially those of the millennial

generation expect to be able to use their own device, and it could be vital in recruiting them.

For employees BYOD will lead to an increase of job satisfaction, flexibility and

autonomy. Using their own devices makes them more flexible, as they can work at any time

from any place which also grants them more autonomy, as they are less dependent upon

corporate, and more connectivity, as they are able to access company resources from their

device. They are also much more familiar with their personal devices, making them more

intuitive. This intuitiveness can also help them solve existing business problems by using their

own knowledge of their device. Finally, not having to carry both personal and corporate devices

is also much more convenient.

Opportunities for employers are the increase of employee productivity, satisfaction and

efficiency. Because employees are able to use their own device and more familiar with them,

they will able to work more efficient and have an increase of morale leading to more

satisfaction and an increase of productivity. Furthermore, because of the flexibility BYOD

provides and an overlap between personal and work time, they are also more likely to work at

home. And because these devices are all mobile, the workforce will become mobile as well.

Lastly, because employees often try out new things with their personal device, there is also a

possibility this will lead to new opportunities at work.

From an employer perspective, having to support multiple platforms can be very costly,

especially when there are a lot of different platforms that employees can potentially bring.

There will also be a need to make legacy systems compatible with a BYOD policy and to make

sure the network infrastructure can handle the extra demand, which can grow exponentially.

Because employers are losing control over employee devices, employers will absolutely have to

invest in security systems. Not only that, employers will also need to invest in security training

to make employees more aware of the risks that they pose. Employees are not only able to

connect to corporate network, they are also able to store corporate data on their personal

device and bring it with them, with potential disastrous consequences. Employers are still held

accountable for corporate data that is stored upon personal devices, and security failure could

be very costly.

A weakness of BYOD for employees is that there may be higher costs for employees,

because they have to maintain, repair or replace personal devices that are used for work. There

40

will also be an increase of workload, a loss of privacy due to employers monitoring their data on

personal devices, and an overlap of personal and work time. This overlap may not be

appreciated by every employee, as they often feel expected or forced to work outside of work

hours.

BYOD may be disruptive to employees. Some employees may not have as much

discipline and will be constantly distracted. There is also a possibility that employees may be

unhappy with a BYOD policy, as they would rather keep personal and work separated. Wage

and hour violation may also be a risk to employers, which is harder to monitor if employees

work a lot outside of the office and office hours. Although less likely, international law could

also be a threat, as an employee will most certainly bring his or her personal devices on a

vacation for example. Another threat is the inability to be able to do work due to device failure,

such as an employee breaking their device by dropping it. Because it is a personal device,

employers cannot provide an alternative, and employees may be unable to do work until it is

replaced. Lastly there are threats regarding security. Because employees are allowed to bring in

their personal devices and connect them to corporate network, the risk of data leaks are

increased, as employees may also bring their device with corporate data on it home, and the

risk of malicious attacks are also increased, as employees may accidentally bring a virus and

connect it to the network. If an employee had outdated software or firmware on their device,

such as an operating system, this could also pose a risk as they are more vulnerable, thus

making the employer more vulnerable. Personal and corporate data mixing also brings threats

with it. The integrity and confidentiality of the data could be compromised because an

employee might accidentally share it with a friend or family member. And there is also a risk

that employees will disregard policy. Because most organizations have a policy where they will

wipe the device if it is lost or stolen, employees may not notify their employer in such an event,

out of fear that their personal data will be lost.

There are also two threats from an employee perspective. First of all, there is the threat

that personal data can get wiped from the device as a safeguard against data breaches.

Secondly, in the case of a data breach employers will want to investigate what happened. In

such an event, employees may be forced to give up their device, either voluntarily or by court,

pending the investigation.

41

4.2 Choose Your Own Device SWOT Analysis

Figure 4: SWOT Analysis of Choose Your Own Device

42

When comparing the overall SWOT analysis of CYOD with that of BYOD, you can see that there

are less strengths and opportunities, but also less weaknesses and threats. CYOD can be

considered a safer choice, but also a choice that brings less benefits. Strengths for employers

are, like its BYOD counterpart, that power is consumed less, due to the replacement of

workstations, and there is also less of a need to give employees information support. It can also

be argued that employees do not require device training, assuming the employer provides a

choice that employees are familiar with. Furthermore, one could argue that since employees

get to choose from consumer technology, these will also have more computing power. For

employees there is an increase of flexibility and autonomy because they are able to do work

and bring with them mobile devices instead of being attached to a work station. There is also an

increase in job satisfaction, provided employees are satisfied with the set of devices that

employers provide. Employees are also able to access company resources at any location, thus

having the strength of connectivity.

Opportunities that come with CYOD is that employees are now more mobile. There may

also be an increase of productivity and employee satisfaction, but this will depend on the set of

devices that an employer provides. If the employees are happy and familiar with their devices,

morale will increase, they will work harder and they may also be more willing to work outside

of office hours. Likewise, they will also gain more job satisfaction.

Although the employer gets to pick the platforms, there will be an increase in cost as

employers need to start supporting other platforms. Both IT support and logistic support needs

to be available. Furthermore employers will have to invest in the devices themselves. This could

be very costly, as employees may not only have varying tastes between devices, they may also

frequently change their device preference. Employers will also need to invest in security

systems, as more platforms provide more risks and possible legacy compatibility changes. Lastly

they will also need to be aware of the fact that they are still accountable for data leaving the

building through corporate devices and the high costs that could arise if such data is lost. For

employees there will be an increase of workload. For example, IT workers will have to able to

provide support for more platforms.

A big threat with CYOD is that employees might be unhappy with the CYOD policy and

choose to ignore it. These personal devices will then use corporate network unauthorized and

unmonitored. Another threat is that it may be harder for an organization to attract new

employees, especially those of the millennial generation, as these have become expected of

bringing their own personal devices. Other less likely threats are violations of wage and hours,

international laws and the inability of being able to do work because of device failure. In the

latter case the employer is able to provide a replacement, and international law does not

concern employers unless their employees go on business trips with their corporate devices.

Lastly there will also be an increased risk of data leaks, as corporate data will be leaving the

office through corporate devices.

43

4.3 Bring Your Own Software SWOT Analysis

Figure 5: SWOT Analysis of Bring Your Own Software

44

Strengths that come with BYOS are that employers no longer need to pay for software and

software training, as employees purchase and bring these themselves. There is also less need to

give employees support, because they are able to hold their own with their personal software.

It may also be more attractive to new employees, as they may prefer to use their own software

for the job. Employees are also able to find and bring with them new software that can help

them do their jobs. Another strength is that most consumer software has more computing

power, something that corporate software often cannot compete with. For employees BYOS

brings an increase of job satisfaction and autonomy. Employees get to use the software they

enjoy and also the freedom to use what they think is best. The software that they choose is also

more intuitive because they have used it before and are more familiar with it. Because of this

they are often also able to solve problems. The opportunities that BYOS brings are an increase

of employee productivity, satisfaction and efficiency. Employees will likely spend time trying to

find software that helps them do their job. Not only will employees then be able to do their job

better, they are also able to do it more efficient. Furthermore, they will often inform their co-

workers if they have found a better way.

Much like with BYOD and CYOD, weaknesses are that multiple platforms will need

support and that employers will need to invest in security and security training. Security

training may however be more important in the case of BYOS, as employers would want to

avoid employees downloading malware on the corporate network. The incompatibility of legacy

systems may also be a bigger problem, as employees are using diverse programs that all may or

may not be compatible. Employers will also have no control over the software that is used to

access corporate resources. Corporate data may also be stored on public cloud servers which

may have not be secure. Lastly, there may be a problem with software licensing, as some

vendors make a distinction between personal and corporate use. There is also a risk of

employees using software that they have acquired through piracy. For employees there may be

higher costs, assuming that they purchase software, and a potential higher workload. For

example, if employees are able to do their work quicker and more efficient, they will also be

expected to do more work.

The threats that come with BYOS are mainly security threats. If an employee software is

not up to date, they could be more vulnerable, and thus make the employer more vulnerable.

Another threat is that employees will be saving corporate data within cloud servers. Not only

does this make the data more vulnerable, there is a possibility that these servers are in a

different country, where the host country laws will apply. Some countries may have laws that

allow them to access this data. There is however also a possibility that the third party may claim

ownership of the data that is stored on their server through their terms. Most employees do

not read these terms and will most likely give consent, thus giving away this data. A final threat

is that these employees are reliant upon the service of third parties, meaning that if there

would be a disruption of service employees may be unable to do work.

45

4.4 Bring Your Own Device & Bring Your Own Software SWOT Analysis

Figure 6: SWOT Analysis of Bring Your Own Device & Bring Your Own Software

46

Compared to just BYOD or BYOS, BYOD & BYOS brings only a couple more benefits, while also

bringing much more risks. Because most of these have been discussed, they will only be

discussed briefly. Looking at strengths, there a lot of ways for employers to save costs.

Employers do not need to give device and software training and do not need to pay for devices,

data plans, software. Another strength is that employees are able to use new technology with

more computing power, both hardware and software, to do their jobs. Lastly, much like BYOD

and BYOS, a strength of BYOD & BYOS is that it is more attractive to new employees, who wish

to be able to use their own technology. From an employee perspective, this policy increases job

satisfaction, flexibility and autonomy while also granting more convenience, intuitiveness and

connectivity. Employees are able to use their own technology from anyplace at any time and

are able to make their own technological decisions. Having to only bring one device for both

work and personal activities adds to their convenience, and because of their intuitiveness with

both their devices and their software they are able to solve the business problems that they

walk into. Much like BYOD and BYOS, the opportunities that BYOD & BYOS provide are that of

an increase of employee productivity, satisfaction, efficiency, workforce mobility and work

continuity.

Although most of the risks of BYOD & BYOS are the same as with BYOD, the risks of

BYOD & BYOS are higher than those of just BYOD or BYOS. For example, IT support will not only

have to support more platforms, they will also have to support more applications, further

increasing their complexity. Employers will have no control over both devices and software and

corporate data will be stored on both personal devices and applications. Employers will have to

spend more on security as they will have to protect themselves against attacks from both

employee devices and employee software. Security training will also be extremely important

due to the increased risks. Weaknesses for employees are also there. A BYOD & BYOS program

could end up being more costly to employees, as they would have to purchase both personal

devices and software to use for work. Furthermore there will be an increase of workload,

especially under IT workers, an overlap between work and personal time and a loss of privacy.

There are also more threats, some of which have an increased chance when compared

with BYOD or BYOS. For example, employers are more vulnerable to attacks and there is an

increased risk of data leaks because employees can bring their personal devices with corporate

data with them and store the data on public clouds. Furthermore, employees are much more

reliant upon both their device and the service of third parties. In case either of them fails an

employer may be unable to do any work. Consumer technology can also be considered more

disruptive, leading to more employees being distracted by either their device or their

applications. Lastly, employees might be unhappy with the policy, as they would prefer to keep

work and personal separated or are not comfortable with the amount of autonomy they are

getting. The two threats from an employee perspective are the same as with BYOD, their

personal data may get wiped or they may be required to give up their device.

47

4.5 Choose Your Own Device & Bring Your Own Software SWOT Analysis

Figure 7: SWOT Analysis of Choose Your Own Device & Bring Your Own Software

48

Comparing CYOD & BYOS to BYOD & BYOS, there a fewer risks while bringing the same benefits.

However, these benefits are to a lesser extent, as will be explained in the next section. Because

most of these have already been discussed, only the most important ones will be discussed. The

strengths of CYOD & BYOS are that employers do not need to pay for software, device training

and software training. Although having BYOS may be attractive to new employees, having CYOD

with it may make it not as attractive. For employees, much like its BYOD counterpart, there is

an increase in job satisfaction, flexibility, autonomy, more intuitive, but these are all to a lesser

extent than with BYOD. Opportunities also include an increase of employee productivity,

employee satisfaction, efficiency, workforce mobility, and new software that may open new

opportunities.

For weaknesses it is important to note that because it is a CYOD policy, employers will

need to invest in devices as well. Furthermore, they will also need to be able to support all

kinds of software while also being able to protect themselves. There is also the issue with

software licensing that may arise. For employees there is a risk that workloads may be higher,

as they are able to do more work, and an increase of cost if employees purchase software.

Lastly, there is a threat that employees might be unhappy with the work policy, and thus

will disregard it. They may feel like their personal devices are superior to they have chosen and

will instead start using those. There are also the threats that come with public cloud services,

such as saving corporate data on cloud servers, losing ownership of data to third parties and

the reliance on the availability of these third parties.

49

4.6 Comparative SWOT Analysis

Strengths

* is employee perspective

BYOD CYOD BYOS BYOD & BYOS

CYOD & BYOS

Employers do not have to pay for devices

S N/A N/A S N/A

Employers do not have to pay for data plans

S N/A N/A S N/A

Employees do not need device training

S S, assuming employees are familiar with the available devices otherwise it is a weakness

N/A S S, assuming employees are familiar with the available devices otherwise it is a weakness

Employees do not need software training

N/A N/A S S S

Employers do not need to pay for employee software

N/A N/A S S S

Consumes less power S S N/A S S

Less need to give employees information technology support

S S S S S

More attractive to potential employees

S N/A S, but less so than BYOD

S S, but less so than BYOD

New technology adoption S, hardware N/A S, software S S, software

Faster adoption of technology

S, hardware N/A S, software S S, software

Consumer technology has more computing power

S, hardware S, assuming

employees can choose from the latest technology

S, software S S, assuming

employees can choose from the latest technology

50

Increase of job satisfaction*

S S, but less so

than with BYOD

S S S, but less so

than with BYOD

Increase of flexibility* S S, but less so

than with BYOD

N/A S S, but less so

than with BYOD

Increase of autonomy* S S, but less so

than with BYOD

S S S, but less so

than with BYOD

More convenient* S N/A N/A S N/A

More intuitive* S N/A S S S, but only

software

Connectivity* S S N/A S S

Able to solve business

problems using consumer

technology*

S N/A S S S, but only

consumer software

Table 1: Comparative SWOT Analysis of Strengths

Comparing the strengths of BYOD and CYOD, it is clear that overall BYOD can be considered

more employee friendly. Not only is BYOD more convenient and more intuitive, it also more

attractive to new employees. Although both policies increase job satisfaction, flexibility and

autonomy, CYOD has this effect to a lesser extent than BYOD. In the case of job satisfaction it

also depends on whether the employer provides the devices that employees want. If that is not

the case, then CYOD may not increase job satisfaction either. Other strengths of BYOD in

comparison with CYOD is that there are most cost savings, such as savings on devices, data

plans. Although CYOD can also save costs on device training, this would depend on whether

employees are familiar with the set of devices. The opportunity of using technology with more

computing power would also depend on whether employees can choose from the latest

technology. Looking at BYOS it is, much like BYOD, a more employee friendly approach. For

example, it is considered attractive to new employees, but less so than BYOD.

Comparing BYOD & BYOS with CYOD & BYOS, CYOD & BYOS can once again be

considered more restrictive than its counterpart, BYOD & BYOS. Some of the strengths, such as

device training, depend on the devices that employees can choose from. Other strengths, such

as flexibility, autonomy and job satisfaction do increase, but not the same extent as it would

with BYOD. Lastly, because employees are only allowed to bring in their own software, there

are strengths that are limited to software only, such as new technology adoption and

technology being more intuitive.

51

There are also strengths that come with every policy. With every policy, there is less of a

need to give employees support, as they are more able to do things themselves. With the

exception of BYOS, all policies also consume less power as workstations get replaced by mobile

devices. All policies were also found to have an increase of job satisfaction and autonomy,

although this was found less at CYOD policies. Lastly, with the exception of CYOD, all policies

provide connectivity and an increase of flexibility, although this flexibility can be considered less

for CYOD policies.

Weaknesses

* is employee perspective

BYOD CYOD BYOS BYOD & BYOS

CYOD & BYOS

Employers need to invest

in security

W W, but to a

lesser extent than with BYOD

W W W

Employees will need

security training

W N/A W W W

Multiple platforms will

need support

(Cost)

W W, but the

employees chooses the platforms

W W W, but the

employees chooses the device platforms

Incompatibility of legacy

systems

W W W W W

Security failure could lead

to extra costs

W W, but the risks

are lower with CYOD

W W W

Employers need to invest

in devices

N/A W N/A N/A W

IT will need to support

multiple platforms

(Human Resources)

W W, but the

employees chooses the platforms

W W W, but the

employees chooses the device platforms

Data loss accountability W W, but the risks

are lower with CYOD

W W W

Software licensing N/A N/A W W W

52

Network infrastructure

may be unable to cope

with the extra demand

W N/A N/A W N/A

Loss of control W N/A W W W, although

more control is possible on corporate owned devices

Corporate data will be

stored on personal devices

and applications

W N/A W W W

Increase of workload* W W, but to a

lesser extent than with BYOD

W W W

Overlap between personal

and work time*

W N/A N/A W N/A

Loss of privacy* W N/A N/A W N/A

Higher costs for

employee*

W N/A W, but only if

the employee buys software for work

W W, but only if

the employee buys software for work

Table 2: Comparative SWOT Analysis of Weaknesses

Although BYOD has more strengths in comparison with CYOD, it also has more weaknesses. For

example, with BYOD comes the risk that network infrastructure may be unable to cope with

extra demand due to the increase of devices that connect to it. Employers will also lose control

over employee devices and corporate data, because employees are able to store corporate

data on their personal devices. A weakness for CYOD is that employers will need to invest in

devices that employees can use. For employees there is also the weakness with BYOD that they

lose privacy, due to employers wanting to monitor corporate data, and the weakness that they

will have higher costs because they have to maintain, repair and replace personal devices so

that they can do work.

The weaknesses of BYOS are very close to those of BYOD, with the exception of some.

For example, with BYOS employers do not have to worry about the extra devices that are

connecting to the corporate network. Employers do however have to worry about licensing

53

issues of software. Not only is there the risk of employees using licensed software to perform

work with, there are also software vendors that make distinctions between using software for

personal tasks and using software for work tasks. This could potentially have legal

consequences.

BYOD & BYOS has the same weaknesses as BYOD, although there is the added weakness

of software licensing as well. Comparing this with CYOD & BYOS, CYOD & BYOS only has three

weaknesses less than BYOD & BYOS. For example, employees at a CYOD & BYOS policies do not

have to worry about the overlap between work and personal time or loss of the privacy,

whereas those of BYOD and BYOS might have to. Also looking at CYOD and CYOD & BYOD, an

added risk of having a BYOS policy too is the loss of control that employees can maintain in a

CYOD only policy.

Overall there are a couple weaknesses that all policies have in common. All policies have

to invest in security, although the CYOD policy will have to do so in a lesser extent than the

other policies. Furthermore, because all the policies come with multi platforms, these platforms

will now require support, which will cost an employer more money and resources. Likewise

there is a risk that platforms are incompatible with legacy systems, thus requiring an

investment of employers to make them compatible. With all policies, but to a lesser extent

CYOD, there is also an increased risk of losing data. As is the case will all policies, employers are

responsible and accountable for this data, and a data breach may be very costly. Consequently,

with the exception of CYOD, all employees will definitely require security training. Lastly, for

employees there is an increase of workload in every policy, although for CYOD this increase is

less. There are also higher costs for the employee with BYOD and BYOD & BYOS and also with

BYOS and CYOD & BYOS, provided employees purchase their own software. However, this does

not always have to be the case as there is a lot of free software available.

Opportunities

BYOD CYOD BYOS BYOD & BYOS

CYOD & BYOS

Increase of employee productivity

O O, but to a lesser

extent than with BYOD

O O O, but to a

lesser extent than with BYOD

Increase of employee satisfaction

O O, but to a lesser

extent than with BYOD

O O O, but to a

lesser extent than with BYOD

Increase of efficiency O N/A O O O, but to a

lesser extent

54

Workforce mobility O O N/A O O

Work continuity O N/A N/A O N/A

New technologies open new opportunities

O N/A O O O

Table 3: Comparative SWOT Analysis of Opportunities

Comparing BYOD with CYOD, BYOD has three more opportunities. With BYOD employees can

increase their efficiency of work due to their familiarity with their devices. Because they are

using personal devices for both personal and work related tasks, there is also an overlap of

personal and work time. This overlap and the ability to be able to work from anywhere can lead

to work continuity. Lastly there is also the ability to do new things with their personal devices,

or potential new technologies that they bring to work. Comparing BYOS with BYOD, it provides

the same opportunities with the exception of workforce mobility and work continuity.

BYOD & BYOS provides the same opportunities as BYOD, although it could be argued

that productivity, satisfaction and efficiency should increase more so than with just BYOD,

because employees are able to use both personal devices and personal software. Comparing

CYOD & BYOS with just CYOD, it now increases efficiency as well due to employees being able

to find applications that will help them with work.

Overall, each policy is said to have an increase on employee productivity and employee

satisfaction, although CYOD, once again, is said to have less of an increase. With the exception

of CYOD all policies are also said to have an increase of efficiency and new opportunities

through new technology.

Threats

* is employee perspective

BYOD CYOD BYOS BYOD & BYOS

CYOD & BYOS

Disruptive T N/A N/A T N/A

Unhappiness with work policy

T T N/A T T

Recruiting N/A T N/A N/A T

International law T, crossing the

border

T, but it is less

likely unless it is a business trip

T, servers that

are in different countries

T T

55

Wage and hour violations T T N/A T T

Inability to do work due to mobile device failure

T T N/A T T

Employees are dependent on service by third parties

N/A N/A T T T

Employee software may not be up to date

T N/A T T T, although

more control is possible on corporate owned device

Disregard of policy T, not notifying

employer if device is lost or stolen

T, bringing in

personal devices to work

N/A T, not

notifying employer if device is lost or stolen

T, bringing in

personal devices to work

Data confidentiality and integrity may get compromised

T N/A T T T

Increased risk of data leaks T T, but less risk in

comparison with BYOD

T T, more so

than just BYOD

T, but less risk in

comparison with BYOD & BYOS

More vulnerable to attacks T N/A T T T

Lose ownership of data to a third party

N/A N/A T T T

Personal data may get wiped*

T N/A N/A T N/A

Employees may be required to give up their device*

T N/A N/A T N/A

Table 4: Comparative SWOT Analysis of Threats

Comparing BYOD with CYOD once more, you can see that BYOD has more threats than CYOD

does. Because employees are able to use their personal devices, they may also get distracted by

them. Employees that do not have the discipline may be affected in their work. There are also

security risks that come with BYOD. For example, since employers are no longer in control of

56

devices, they cannot force employee to have their software upgraded, leading to increased

vulnerabilities. Employers are also more vulnerable to attacks of malicious software and have

increased risks of data leaks, whereas with CYOD employers are less vulnerable and although

there is an increase of risk for data leaks, it is less so than with BYOD. However, CYOD also

contains the threat that an employer may be unable to hire new talent, as they wish to use

their personal devices and are unable to do so with a CYOD policy. And this unhappiness can

also come from within the organization. If an employee is unhappy with the current policy, they

may choose to ignore it. In the case of CYOD this would mean ignoring the CYOD policy and to

bring and use their own devices despite not being allowed to. For employees there are also

threats that come with BYOD and BYOD & BYOS. Although they are allowed to use their

personal devices, they often have to give consent that employers are allowed to wipe their

devices, both corporate and personal data, in case they are lost or stolen. A threat for an

employer here is that employees may not inform employers if their device is lost or stolen so

that their personal data will not be wiped, thus disregarding policy as well.

Threats that come with BYOS are mostly related to software, data and cloud servers.

Not only is there a risk that employees put confidential corporate data on public cloud servers,

there is also a risk that third parties claim ownership of this data through the terms of a public

cloud servers. Employees will often not have read these terms and thus give consent without

knowing the damage that they have done.

BYOD & BYOS does not only have more threats compared to just BYOD, it can also be

argued that the threads that they share are increased for BYOD & BYOS. It can be said that the

increased risk of data leaks and increased vulnerabilities to attacks are higher for BYOD & BYOS,

because employers have to worry about both personal devices and applications. For example,

employees are able to bring both malicious software from personal devices to the corporate

network and download malicious software while using the corporate network. Not only that,

BYOD & BYOS also bring the threats that BYOS has, such as the loss of ownership of corporate

data to third parties. Although some threats are different, CYOD & BYOS brings many of the

same threats as BYOD & BYOS does, although to a lesser extent.

Looking at all policies, the only threat that they all have in common is an increased risk

of data leaks, although this is to a lesser extent with CYOD and international law. Other threats

that, with the exception of CYOD, policies have in common are those of employee software not

being up to date, the risk of data confidentiality and integrity getting compromised and an

increased vulnerability to attacks.

57

5 Conclusion

This chapter will present the conclusions, recommendations and discussion. In section 5.1 the

first sub-question will be answered through findings that were found through the literature

study. Following that, sub-question two and three will be answered in section 5.2. Section 5.3

will follow with a number of recommendations regarding these Bring Your Own policies. This

chapter and thesis will then conclude with a discussion in section 5.4.

5.1 “Bring Your Own” policies

The goal of this thesis was to find the benefits and risks that are tied to “Bring Your Own

Device”, “Choose Your Own Device”, “Bring Your Own Software” and a combination of both,

“Bring Your Own Device & Bring Your Own Software” and “Choose Your Own Device & Bring

Your Own Software”. In order to do so, three sub-questions were derived, where to purpose of

the first sub-question was to gain more insight into the policies. This first sub-question is as

follows:

1. What are the different types of “Bring Your Own” policies?

Bring Your Own Device

Generally speaking, BOD is defined as “the concept of employees bringing their own mobile

devices to work and using them to access company resources to perform work-related tasks”.

BYOD can be seen as a part of the consumerization of IT, where employees stop using

corporate technology, both hardware and software, and start using consumer technology. This

co-use of personal devices for both personal and work related tasks is one of the reasons why

BYOD is considered a huge success. Consumerization, and thus BYOD, is said to be a major

driver that will affect the way of working for both employees and employers. Instead of

employers having control over devices in the workplace, employees will now pressure

employers to adopt their technology. Banning this use of personal device is also considered to

be unwise, as it will create bigger security problems. Another driver is the increase of transient

workers, who often prefer their own tools, in organization. Lastly, since the the millennial

generation is now starting to enter the workforce, there is more of a preference towards BYOD

Choose Your Own Device

CYOD can generally be defined as “a policy where employees can choose from a set of devices

which are provided by the company”. In this policy employees are able to choose from a set of

devices that can be used for work. In order for it to truly be CYOD, there have to be multiple

device and the employee has to be able to make the choice. Literature does not define whether

these devices are strictly for business use or also for personal use, but, since it is a corporate

device it is safe to assume that it is strictly for business. However, there have been policies that

58

both allow personal use and forbid it, namely “corporate-owned, personally enabled” and

“corporate-owned, business only”. Having said that, it is unlikely that, even when allowed to,

employees would use a corporate device for personal business if they already own a personal

device. CYOD is seen as a safer and more restricted counterpart for BYOD and is used by

organizations that do not think that BYOD is safe enough for them, such as government

institutions.

Bring Your Own Software

BYOS, or sometimes referred to as BYOA (Bring Your Own App), is a policy where employees are

allowed to bring their own software. A general definition for BYOS would be “a policy where

employees are free to use their own software, such as cloud-based software, social networks

and mobile applications, on their own devices”. Important to note here, is that with software all

software is meant, including operating systems, mobile applications and even social media.

Much like BYOD, BYOS can also be considered part of IT consumerization, as employees start

using applications both for personal and for work related tasks. Having just a BYOS policy by

itself is very unlikely, and when written about it BYOS is often referred as being an extension of

a BYOD policy. BYOS can be seen as a more open policy than BYOD, as employees are

completely free in their tools for work.

Bring Your Own Device & Bring Your Own Software

In this policy employees are allowed to bring their personal devices to work and use whichever

software they need to do their work. As stated above, BYOS is often referred to as being an

extension of BYOD. Within consumerization literature it is often described as applications that

are being used on personal devices. That, plus the unlikeliness of having just a BYOS policy by

itself, should make it a safe conclusion that BYOS is an extension of BYOD, meaning that if there

is a BYOS policy, there will always be a BYOD policy of sorts.

Choose Your Own Software & Bring Your Own Software

Literature did not suggest the existence of a CYOD & BYOS policy. Although there are

suggestions of being allowed to install software on these corporate owned devices, and

possibly even using them for personal purposes, it is never implied whether this software can

be used for work. Although corporate-owned, personally enabled policies are gaining more

popularity, it is unlikely that organizations with a CYOD policy will introduce a BYOS policy.

Organizations use CYOD because they want to remain in control of their devices and their data.

Introducing a BYOS policy would effectively be giving up this control.

59

5.2 Benefits & Risks

Through the literature studies potential benefits and risks were identified that were sorted into

strengths, weaknesses, opportunities and threats. With these a SWOT analysis was done for

each policy and a comparative SWOT analysis was done for all policies together. Based on these

SWOT analyses a conclusion can be drawn for sub-question two and three.

2. What are the benefits of each “Bring Your Own” policy?

3. What are the risks of each “Bring Your Own” policy?

Answering these questions will also answer the main research question, which is as follows:

What are the benefits and risks of the various types of “Bring Your Own” policies?

The benefits and risks of Bring Your Own Device

The biggest benefits that make BYOD stand apart from CYOD is that it is more employee

friendly. BYOD leads to an increase of job satisfaction, productivity, efficiency, flexibility,

autonomy, convenience and intuitiveness. Furthermore, employees are able more mobile, able

to do work at any location at any time and are more likely to work after hours. For the

employers themselves it could lead to cost savings on devices and data plans, less need to give

employees support and more attractiveness to potential employees. Although a BYOD policy

can make employees happy, there are also risks that could be very dangerous for an

organization. Employers will have to heavily invest into security because they are more

vulnerable to malicious attacks as employees connect their devices to the corporate network,

unknowing if they have malicious software on their devices. Corporate data will also be more at

risk, as employees are able to bring home their devices with data on them which could lead to

disastrous data breaches or confidential data getting compromised. Lastly, personal devices

may also be very disruptive to employees. There are also risks for employees themselves. With

the introduction of BYOD they may be expected to do work home, which they may not be

willing to. Despite that, BYOD can be considered a policy that will make employees happier.

The benefits and risks of Choose Your Own Device

The benefit of CYOD is to keep control over employee devices while also increasing employee

satisfaction, flexibility and mobility. Although it has less benefits in terms of employer

friendliness, it does have other benefits that a BYOD policy would bring as well, such as

workforce mobility, connectivity and less of a need for corporate IT support. CYOD does

however also come with two big risks, the possible unhappiness of employees with the policy

and the inability to recruit new talent. If employers are unhappy with the CYOD policy they will

bring their own devices and disregard policy, unmonitored and unsecured. Not only would

employers then lose control, it would put them more at risk than if they had a BYOD policy.

60

There may also be an inability to recruit new talent. Especially young workers prefer to use

their own devices for work. To them it is vital that they are allowed to use their devices,

otherwise they will find a different organization to work for.

The benefits and risks of Bring Your Own Software

There are a couple benefits that come with BYOS, but none that could really be considered

unique to BYOS. Although employers will save money on software licences and software

training for employees, they will also need to spend more money on security programs and

making programs compatible. It is said however that BYOS increases job satisfaction, efficiency

and makes employees more autonomous, as employees can hold their own with their software.

Furthermore, employees are more likely to find software that can help them do their job better

and more effective. Risks that are tied with BYOS are mainly security based. Because employees

are able to use cloud software they will likely place corporate data on public clouds. Not only is

that a security risk, third parties may also claim ownership of this data through the terms that

employees gave consent to. Lastly employees are also dependent upon the availability of third

parties. Employees may be unable to work if a third party service is unavailable. All things

considered BYOS will make employees happier, but at a greater cost than BYOD would.

The benefits and risks of Bring Your Own Device & Bring Your Own Software

Although employees are able to do more with both BYOD and BYOS, it also provides greater

risks than just a BYOD policy would. A lot of benefits that BYOD & BYOS bring also come with

just BYOD, whereas some of the risks can be avoided with just BYOD. The benefits that come

with BYOD & BYOS are an increase of employee satisfaction, flexibility, autonomy, intuitiveness

and efficiency, benefits that also come with BYOD. It can however be argued that employees

are more flexible, efficient, autonomous and find more satisfaction in their work. This however

comes at the cost of an increased risk of data leaks and a complete loss of control for

employers. Employers have no way of knowing where their data is, whether it is secure at all

and whether data integrity and confidentiality may be compromised. Furthermore, employees

are more vulnerable to malware attacks, as employees are allowed to bring in just any device

and any software with potential disastrous consequences. Simply put, the benefits that come

with BYOD & BYOS are not enough to outweigh the risks that it brings. If an employer would

want to introduce a BYOS policy with BYOD, they would have to make careful security

considerations such as disallowing data to be stored on public cloud services. They would also

have to make investments in security training and security technology.

61

The benefits and risks of Choose Your Own Software & Bring Your Own Software

The weaknesses and threats of CYOD & BYOS far outweigh the strengths and opportunities that

come with it. Comparing CYOD & BYOS with just CYOD, adding BYOS to a CYOD policy does not

provide many additional strengths whereas it does add considerable weaknesses and threats.

While employers gain an increase of efficiency and employee satisfaction, they also lose control

over applications. Furthermore, there will be an increased risk of data leaks and vulnerability of

attacks meaning employers will have to spend more on security. Considering how CYOD is

meant to keep employers in control while also providing an increase of employee satisfaction

and flexibility, adding a BYOS policy to further enhance these strengths and opportunities

simply is not worth it, as the employer loses most control and security.

5.3 Recommendations

The first recommendation for employers is that they should not ignore BYOD. It is nearly

impossible to prevent employees from bringing in their personal devices, and ignoring it can

create security holes, as employees use their devices unsecured and unmonitored. Banning

BYOD is also not a solution, as most employees will simply ignore it and use their devices

regardless. The only way to do something about it is addressing it.

Employers that wish to implement BYOD should be considerate of all the risks that it

brings. Careful investments in security needs to be made. The carelessness of employees with

personal devices will carry on during corporate use and puts the employer more at risk.

Furthermore, employers should keep in mind that corporate data will be stored on personal

devices, and that employees may be very careless. The risk of employees losing their device or

having it stolen is very real, and these devices are often unsecured. Data leaks are said to have

increased within organizations that implemented BYOD policies, and employers should be

prepared for that. Security training for example may help a lot in preventing this from

happening.

If employers do not consider BYOD safe enough then CYOD can serve as a decent

solution. Allowing employees to choose their own devices will improve their satisfaction,

flexibility and mobility while also allowing the employer to keep some control. However it

should be noted that consumer technology changes quickly, and so does the taste of

employees. Once employees start to become unhappy with the devices that are available, they

will start ignoring policy and start bringing in their own devices, thus creating a security

problem. A possible solution to this would be revising the list often, however this could turn out

to be very costly. For the time being however, CYOD can be considered a decent solution for a

safer BYOD.

As of right now BYOS cannot be considered safe enough for most organizations. The

benefits that it brings are outweighed by the risks such as the loss of data, the potential data

breaches and the malicious software that may come with it. The benefits that are promised

62

such an increase of employee satisfaction, flexibility and autonomy also come with BYOD, and

most employees would prefer BYOD over BYOS. Furthermore, allowing employees to bring in

their own software would make employers lose complete control. Perhaps a better solution

would be Choose Your Own Device, where employers are able to pick software that they

consider safe while also providing alternatives for employees.

As for CYOD & BYOS, employers with a CYOD policy should not consider it. The entire

goal of CYOD is for employers to remain in control while also able to increase employee

satisfaction and flexibility, and adding BYOS to that will completely take away all control.

Likewise, a Choose Your Own Software policy may be a better solution, as it will keep

employers in control.

Lastly, employers that wish to implement any kind of policy should be very considerate

of the benefits and risks that are tied to them. Shortsighted decisions such as banning the use

of employee devices may end up costing more money in the long haul. The wishes of

employees should also be kept in mind. While it may be impossible to keep every employer

happy, a happy employer will often grant more benefits.

5.4 Discussion

The main purpose of this thesis was to provide insight into the benefits and risks of BYOD,

CYOD, BYOS, BYOD & BYOS and CYOD & BYOS. At the start of this thesis CYOD & BYOS was

included as a policy because it seemed like a logical mixture between CYOD and BYOS. However

during the literature study it was found that CYOD & BYOS had no founding whatsoever and

that it was never mentioned in any literature. During the analysis it also became clear why. The

literature study did provide insight into most of the other policies and their benefits and risks,

however these benefits and risks were mostly focused around BYOD. Most literature was very

biased towards BYOD, while hardly mentioning BYOS. This made it hard to find good benefits

and risks for the latter. Likewise CYOD almost had no literature, making it hard to gain insight.

Perhaps in the future this will change, as BYOD and CYOD still remain trending topics around

organizations.

Although the initial idea for analysis was to use a benefit and risk analysis it turned out

such a method does not currently exist and the alternative was to use both a cost benefit

analysis and a security risk management analysis. Thus the decision was made to make use of

SWOT analyses and a comparative SWOT analysis. Although the outcome was mostly

satisfactory, it was not the preferred method.

Initially this thesis was also going to include Bring Your Own Data and Bring Your Own

Knowledge. However, these two policies were found to be heading more towards business

management, whereas the other policies were found to be heading more towards information

technology management. Due to consistency and a lack of business management knowledge,

63

the choice was made to cut those two. However they remain interesting topics can be

interesting for future works.

Other policies that were discovered during the literature are “Here is your own device”,

“Choose Your Own Software” and “On Your Own Device”. “Here Is Your Own Device” is the

employer giving their employees a device. The employee has no choice and the employer has

total control. “On Your Own Device” is the total opposite where employees can bring in any

device, there are no policies and no support will be provided. As BYOD remains a popular topic

even today, these policies may also be interesting to look into for both academics and

organizations.

64

6 References

Absalom, R. (2013). 2014 Trends to Watch: Enterprise Mobility.

Aerospace Industries Association. (2011). Best practices for

exploiting the consumerization of information technologies. Arlington, Virginia.

Al-Khouri, A. M. (2013). Technological and Mobility Trends in E-Government. Business and

Management Research, 2(3), p90.

Andriole, S. J. (2012). Managing technology in a 2.0 world. IT Professional, (1), 50-57.

Armando, A., Costa, G., Verderame, L., & Merlo, A. (2014). Securing the" Bring Your Own

Device" Paradigm. Computer, 47(6), 48-56.

Avanade. (2012). Global Survey: Dispelling Six Myths of Consumerization of IT.

Ballagas, R., Rohs, M., Sheridan, J. G., & Borchers, J. (2004, September). Byod: Bring your own

device. In Proceedings of the Workshop on Ubiquitous Display Environments, Ubicomp

(Vol. 2004).

Barkhuus, L. (2005, November). Bring your own laptop unless you want to follow the lecture:

Alternative communication in the classroom. In Proceedings of the 2005 international

ACM SIGGROUP conference on Supporting Group Work (pp. 140-143). ACM.

Bell, M. (2013). Considerations When Implementing a BYOD Strategy. IS Practices for SME

Success Series, 19-22.

Bisong, A., & Rahman, M. (2011). An overview of the security concerns in enterprise cloud

computing. arXiv preprint arXiv:1101.5613.

Burns-Sardone, N. (2014). Making the Case for BYOD Instruction in Teacher Education. Issues in

Informing Science and Information Technology, 11, 191-201.

Burt, J. (2011). BYOD trend pressures corporate networks. eweek, 28(14), 30-31.

Castro-Leon, E. (2014). Consumerization in the IT Service Ecosystem. IT Professional, 16(5),

20-27.

Clayson, D. E., & Haley, D. A. (2013). An Introduction to Multitasking and Texting Prevalence

and Impact on Grades and GPA in Marketing Classes. Journal of Marketing Education,

35(1), 26-40.

Davenport, T. H. (2011). Rethinking knowledge work: A strategic approach. McKinsey Quarterly,

1(11), 88-99.

Dell, and Intel. (2011a). The Evolving Workforce: The Workflow Perspective. Round Rock, Texas,

USA.

Dell, and Intel. (2011b). The Evolving Workforce: Expert Insights. Round Rock, Texas, USA.

Dimensional Research. (2012). The impact of mobile devices on information security - a survey

of IT professionals. Sunnyvale, California, USA: Checkpoint.

Disterer, G., & Kleiner, C. (2013). BYOD Bring Your Own Device. Procedia Technology, 9, 43-53.

Drury, A., & Absalom, R. (2012). BYOD: an emerging market trend in more ways than one.

Employee attitudes to work/life balance drive BYOD behavior, Logicalis white paper,

65

ovum.

D’Arcy, P., & Marketing, L. E. (2011). CIO strategies for consumerization: the future of

enterprise mobile computing.

Earley, S., Harmon, R., Lee, M. R., & Mithas, S. (2014). From BYOD to BYOA, Phishing, and

Botnets. IT Professional, 16(5), 16-18.

Eschelbeck, G., & Schwartzberg, D. (2012). BYOD risks and rewards. How to keep employee

smartphones, laptops and tablets secure.

French, A. M., Guo, C., & Shim, J. P. (2014). Current Status, Issues, and Future of Bring Your Own

Device (BYOD). Communications of the Association for Information Systems, 35(1), 10.

Gens, F., Levitas, D., & Segal, R. (2011). 2011 Consumerization of IT Study: Closing the

“Consumerization Gap”. Framingham: International Data Corporation (IDC).

Ghosh, A., Gajar, P. K., & Rai, S. (2013). Bring your own device (BYOD): Security risks and

mitigating strategies. Journal of Global Research in Computer Science, 4(4), 62-70.

Hanify, J. (2014). Bring Your Own Device. IS Practices for SME Success Series, 39.

Harkins, M. (2013). Mobile: Learn from Intel's CISO on securing employee-owned devices.

Information Security Media Group.

Harris, J. G., Ives, B., & Junglas, I. (2011). The genie is out of the bottle: managing the infiltration

of consumer IT into the workforce. Accenture Institute for High Performance.

Harris, J. G., Junglas, I., & Long, B. (2011). The Wide World of Consumer IT: A Crash Course for

Executives. Accenture Institute for High Performance.

Harris, M., Patten, K., Regan, E., & Fjermestad, J. (2012). Mobile and Connected Device Security

Considerations: A Dilemma for Small and Medium Enterprise Business Mobility?.

Imazeki, J. (2014). Bring-Your-Own-Device: Turning Cell Phones into Forces for Good. The

Journal of Economic Education, 45(3), 240-250.

Kernaghan, K. (2012). Anywhere, Anytime, Any Device: Innovations in Public Sector Self-Service

Delivery. Toronto: Institute for Citizen-Centred Service. Available at:

http://www.iccs-isac. org/research/publications-research.

Kobus, M. B., Rietveld, P., & Van Ommeren, J. N. (2013). Ownership versus on-campus use of

mobile IT devices by university students. Computers & Education, 68, 29-41.

Koh, E. B., Oh, J., & Im, C. (2014). A Study on Security Threats and Dynamic Access Control

Technology for BYOD, Smart-work Environment. In Proceedings of the International

MultiConference of Engineers and Computer Scientists 2014 (pp. 12-14).

Kruidhof, O. (2014). Evolution of National and Corporate CERTs-Trust, the Key Factor. Best

Practices in Computer Network Defense, 81-96.

Laarhuis, S. (2012). Does the IT manager have to switch roles?: the influence of the

consumerization of IT on a B2B IT vendor.

Lauricella, S., & Kay, R. (2010). Assessing laptop use in higher education classrooms: The laptop

effectiveness scale (LES). Australasian Journal of Educational Technology, 26(2).

66

Loose, M., Weeger, A., & Gewald, H. (2013). BYOD–The Next Big Thing in Recruiting? Examining

the Determinants of BYOD Service Adoption Behavior from the Perspective of Future

Employees.

Meulensteen, M. (2014). Danger stalks the LAN. Computer Fraud & Security, 2014(8), 14-15.

Miller, K. W., Voas, J., & Hurlburt, G. F. (2012). BYOD: Security and privacy considerations. It

Professional, (5), 53-55.

Moschella, D., Neal, D., Opperman, P., & Taylor, J. (2004, June). The ‘consumerization’ of

information technology. In Leading Edge Forum.

Muñoz, R., & Adami, F. (2012). Bring Your Own Device.

Murdoch, R., Harris, J. G., & Devore, G. (2010). Can Enterprise IT Survive the Meteor of

Consumer Technology?. Accenture Institute for High Performance, 1-8.

Niehaves, B., Köffer, S., Ortbach, K., & Katschewitz, S. (2012). Towards an IT consumerization

theory–a theory and practice review. Working chapters. European Research Center for

Information Systems, (13).

Oliver, R. (2012). Why the BYOD boom is changing how we think about business it. Engineering

& Technology, 7(10), 28-28.

Page, L. (2014). The Trade Offs for Bring Your Own Devices. IS Practices for SME Success Series,

91.

Pell, L. C. (2014). BYOD: Implementing the Right Policy. IS Practices for SME Success Series, 95.

Peek, B. (2012). The Impact and Design of ‘Bring Your Own Device’: A Multiple Case Study.

Amsterdam, University of Amsterdam.

Peraković, D., Husnjak, S., & Remenar, V. (2012, October). Research of security threats in the

use of modern terminal devices. In 23rd International DAAAM Symposium Intelligent

Manufacturing & Automation: Focus on Sustainability.

Prete, C. D., Levitas, D., Grieser, T., Turner, M. J., Pucciarelli, J., & Hudson, S. (2011). IT

Consumers Transform the Enterprise: Are You Ready?. Framingham, Massachusetts,

USA: IDC.

Romer, H. (2014). Best practices for BYOD security. Computer Fraud & Security, 2014(1), 13-15.

Sangani, K. (2013). BYOD to the classroom [bring your own device].Engineering & Technology,

8(3), 42-45.

Scarfo, A. (2012, November). New security perspectives around BYOD. In Proceedings of the

2012 Seventh International Conference on Broadband, Wireless Computing,

Communication and Applications (pp. 446-451). IEEE Computer Society.

Schadler, T., & McCarthy, J. C. (2012). Mobile is the new face of engagement. Forrester

Research, February, 13.

Singh, N. (2012). BYOD Genie Is Out Of the Bottle–“Devil Or Angel”. Journal Of Business

Management & Social Sciences Research, 1(3), 1-12.

Smith, R. (2009). Computing in the cloud. Research Technology Management, 52(5), 65.

67

Smith, K. J., & Forman, S. (2014). Bring Your Own Device—Challenges and Solutions for the

Mobile Workplace. Employment Relations Today, 40(4), 67-73.

Thomson, G. (2012). BYOD: enabling the chaos. Network Security, 2012(2), 5-8.

Tindell, D. R., & Bohlander, R. W. (2012). The use and abuse of cell phones and text messaging

in the classroom: A survey of college students. College Teaching, 60(1), 1-9.

Van Leeuwen, D. (2014). Bring your own software. Network Security, 2014(3), 12-13.

Vaquero, L. M., Rodero-Merino, L., Caceres, J., & Lindner, M. (2008). A break in the clouds:

towards a cloud definition. ACM SIGCOMM Computer Communication Review, 39(1),

50-55.

Walker-Osborn, C., Mann, S., & Mann, V. (2013). to Byod or… not to Byod. ITNow, 55(1), 38-39.