Main content

BYOD or CYOD - an international divide across the Pond?

Stuart Lauchlan Profile picture for user slauchlan January 2, 2014

Henning Dransfeld, Forrester Research
Forrester's Dransfeld

Bring Your Own Device (BYOD) inevitably made it onto all the ‘crystal balls at the ready’ 2014 predictions list from assorted analyst firms, research houses and headline hungry vendors.

One BYOD piece that did catch my eye came from identity management firm SailPoint’s 2013 Market Pulse survey, a study based on interviews with 400 IT decision makers at companies across the US and the UK with at least 5,000 employees and budgets of $606 million and £665 million respectively.

This year’s survey confirms mainstream enthusiasm for BYOD policies - 82% of respondents allowing employees to use their personal devices to access company data or applications at work - but lack of attention to the accompanying requirement for revised security thinking.

It’s a conclusion that inevitably plays to the SailPoint agenda - as you’d entirely reasonably expect from a vendor-sponsored survey - but nonetheless the top line findings are impressively depressing:

  • More than 50% of the respondents reckon to have experienced situations where terminated workers tried to access company data or applications after they left the organization.
  • 57% had experienced the loss of company-owned devices containing sensitive information.
  • 46% are not confident in their ability to grant or revoke employee access to applications across their full IT infrastructure.
  • 51% believe that its 'just a matter of time' before another security breach occurs.
  • 45% believe that employees within their organization would be prepared to sell company data if offered the right price.

So that’s BYOD for you!


Those rather downbeat findings sit nicely alongside a new piece of commentary from Forrester Research which looks at BYOD strategies in European end user organisations.

The conclusion that Forrester comes to is that BYOD is still happening ‘off the book’ in European organisations with few formal programmes in place and as such little control over what happens.

Left to their own devices (as it were) and with no corporate alternatives on offer, employees default to their own iPhones. Forrester found that 63% of European users surveyed wanted to bring their own smartphone for work, and 58% wanted to bring their own tablet.

But they don’t want to have to pay for them! Forrester found:

Employees expect to be supported by their employers when buying their own devices for work. In fact, only 6% of European employees are willing to pay for a mobile/smartphone used for work in full, while 18% are willing to make a contribution. The willingness to pay is lower with tablets: Only 4% of respondents happily pay for it in full, and 15% willingly contribute to it.

Forrester also makes the point that the European business climate is frankly not conducive to BYOD in the first place, thanks to complex regulatory environments, unfavorable tax regimes and the high cost of mobile data usage.

It identifies 6 major ‘euro barriers’ to successful BYOD adoption:

  • Cross-border data roaming leads to cost explosions that inhibit bring-your-own contracts.
  • Employment regulation - such as national health and safety rules - hampers BYOD adoption in Europe.
  • Employee data protection laws inhibit security enforcement as European private devices are considered private property of the employee.
  • European tax and labor laws inhibit allowances for mobile contracts and applications whereas in the US such allowances are common practice.
  • Users end up taking on too much responsibility for security themselves, leaving business execs to understand and manage risks associated with a specific Windows, Samsung, or iOS upgrade.
  • Limited support of private devices endangers business continuity as private devices are not centrally configured by IT and cannot be supported by corporate help desks.

Screen Shot 2014-01-03 at 12.34.23



Source: Forrester Research

Henning Dransfeld, author of Demystifying BYOD in Europe, argues:

Whereas BYOD policies in North America have become more mature, the subject of BYOD continues to cause many headaches for European companies. For European sourcing professionals, there is good news and bad news about BYOD.

The bad news is that, contrary to popular opinion, BYOD programs raise challenges and probably will not save you money.

The good news is that there are viable alternative options for those willing to invest and to proactively drive them forward.

The options include choose your own device (CYOD), where the company supports a list of popular devices, and “horses for courses,” which is the concept of choosing the right set of applications and devices for specific roles.



Forrester’s recommendation to addressing these issues is to think less about BYOD now and more about CYOD - Choose Your Own Device. It argues:

When you implement CYOD, you provide users with a choice from a shortlist of popular smartphones and tablets, without enabling them to bring their own. In contrast to BYOD, the devices are funded, supplied, and fully managed by the organization. Allowing some private usage within corporate boundaries will go a long way to satisfy end users.

But there are conditions attached. Successful CYOD means:

  • Actively communicating the mobile engagement policy, with the IT organization explaining end user responsibility and the requirements for corporate compliance and device usage.
  • Allowing private usage to increase employee satisfaction and making it easier to manage in terms of compliance and control than in BYOD models where employees use their own devices to access work.
  • Giving clear messages on blacklisted applications, and suggesting viable alternatives.



Pragmatic recommendations in light of the particular European challenges of BYOD.

For global companies, will there be a need for multiple policies? BYOD for staff in the US, CYOD (or the Wild West of 'turning a blind eye') in Europe?


A grey colored placeholder image