BYOD (bring your own device) is the increasing trend toward employee-owned devices within a business. Smartphones are the most common example but employees also take their own tablets, laptops and USB drives into the workplace.
BYOD is part of the larger trend of IT consumerization, in which consumer software and hardware are being brought into the enterprise. BYOT (bring your own technology) refers to the use of consumer devices and applications in the workplace. More specific variations on the term include bring your own computer (BYOC), bring your own laptop (BYOL), bring your own apps (BYOA) and bring your own PC (BYOPC).
Employee-owned devices are sometimes sanctioned by the company and supported alongside devices that are owned by the business. In other cases, employee-owned devices are part of the parallel system known as shadow IT: hardware or software within an enterprise that is not supported by the organization’s central IT department.
Whether employee-owned hardware and software are supported or not, they pose security risks to the organization if they connect to the corporate network or access corporate data. To minimize the risk and accommodate consumer technologies, many businesses are implementing BYOD policies.
A BYOD policy, or bring-your-own-device policy, is a set of rules governing a corporate IT department’s level of support for employee-owned PCs, smartphones and tablets.
A BYOD policy can take many different forms. Some organizations cut back on corporate-issued PCs and laptops, instead giving employees a stipend to purchase and maintain technology equipment of their choosing. More commonly, however, organizations will agree to support personal mobile devices — at least to some degree — in addition to corporate-issued equipment. The rules in a BYOD policy often vary depending on a user’s role in the organization, his or her specific device, application requirements and other factors.
The consumerization of IT has highlighted the need for bring-your-own-device policy development. Employees use their own PCs and mobile devices for business tasks whether their IT departments support them or not, and a BYOD policy can help control this usage and mitigate its security risks.