Ask the Expert: Do the Benefits of a BYOD Workforce Mobility Strategy Outweigh the Risks?
It could be a win-win to let employees use personal devices on the clock. However, more businesses are starting to backtrack on BYOD. Why? Hear both sides of the story.
For many years, organizations have leveraged different deployment models to ensure their workers had mobile devices capable of connecting to critical business systems, including different variations of bring your own device (BYOD), corporate-owned, personally enabled (COPE), and corporate owned, business-only (COBO) models. Your company may have tried all of them at some point as you attempted to balance your financial and IT resource bandwidth with increasing business demand for digitalized workflows – without losing productivity gains or control of data. You may still have active policies in support of all three models today. If that’s the case, you may feel mobile technology is making some people’s jobs harder, rather than easier, especially those in IT charged with managing device permissions and performance.
So, today we thought we could objectively explore the pros and cons of the various workforce mobility models, identify nuances associated with each model and provide some high-level quantification of the costs associated with the most common models. We connected with Bruce Willins, a Technology Solutions Engineering Fellow at Zebra (and our go-to mobility solutions expert), to get his unbiased opinion on BYOD vs. COPE vs. COBO.
We started the interview with Bruce by going through the potential benefits and value of BYOD. About half-way through, it seemed like BYOD was a no-brainer – that it’s going to lead you down the path of least resistance from employees, IT and your boss. It wasn’t until the second half of the interview when things got ugly, and we realized BYOD isn’t as beneficial to most businesses as the internet may have you believe. It’s yet another case of the “devil’s in the details.” One by one, we started seeing the benefits slip away as he described the reality of “managing” a BYOD fleet in most business applications. Cost savings diminished, security risks became alarming, and we realized how fast worker and customer satisfaction would go from net positive to net negative.
As Bruce explained, “BYOD has its place in select use cases, but only if given a proper set of expectations. It’s all about education and expectations.” Education in the nuances and intricacies of BYOD and tempered expectations on what it will or will not deliver.
As we concluded the interview, it became clear that the capital expenditures (capex) cost savings expected from BYOD are frequently more than the offset by increased operational expenditures (opex) – that the BYOD total cost of ownership (TCO) can easily be twice that of a COBO deployment!
If you’re interested in hearing (or, should we say, reading) more, here’s an excerpt of that conversation:
Your Edge Blog Team: So, Bruce, let’s start from the beginning. What workforce mobility models are most frequently discussed among Zebra customers, partners and industry leaders you meet at events?
Bruce: It’s typically COBO, COPE, and BYOD. Both COBO and COPE are based on corporate liable devices (CLDs), which are devices purchased by an organization and issued to employees. BYOD is based on individual liable devices (ILDs), where devices are purchased by the individual employee. In both COPE and BYOD scenarios, the devices are used by employees for both personal and work purposes, as much as organizational policy allows at least.
As the name implies, COBO devices are purchased by the organization used by employees exclusively for business purposes. A COBO device can be individually assigned, a situation common with managers, office employees or those who are in the field a lot, such as utility workers, first responders and building inspectors. However, it is more commonly a device shared among multiple employees who work in shifts, such as retail associates, nurses, factory workers, warehouse workers and even hotel employees.
COBO is the most common model used among Zebra customers, as one might expect. However, we are seeing increased interest in Zebra devices being used for COPE scenarios as employees increasingly need to be able to access business information systems outside set work locations and hours.
Your Edge Blog Team: Is there a specific model you would like to focus on today?
Bruce: Yes, BYOD. It’s important for anyone recommending or deciding on a workforce mobility model to identify, understand, and – to the greatest extent possible – quantify the nuances of BYOD, particularly as it compares to COBO. BYOD frequently represents the quest to lower capex by having employees use their personal devices. If history tells us anything, the reduction in capex is frequently more than offset by the increase in opex, ultimately yielding a higher TCO and reducing customer satisfaction as a byproduct.
Your Edge Blog Team: Do you have any quantitative data in the opex difference between COBO and BYOD?
Bruce: A large part of the difference deals with supporting a mixed BYOD environment. A Gartner study  analyzed the support costs for a “single” Android device portfolio (in which all employees use the same device model from the same manufacturer) versus a mixed Android device portfolio. On an annual basis, the mixed portfolio required eight hours/device of additional IT support. At a burdened support rate of $40/hour, that’s an additional $320/device/year or $1280/device over a four-year period. Note that this is for an all-Android scenario. We suspect that if we added iOS into the mixed device portfolio that the numbers would go up significantly (possible 2x). This also does not include any incremental app development or testing that would be associated with a second operating system (OS) such as iOS. So, it’s not hard to see how BYOD can quickly become a very expensive proposition.
Your Edge Blog Team: What has experience taught you about BYOD cost savings?
Bruce: There are a significant number of past BYOD studies. Most come to similar conclusions:
Google: “The promised reduction in device purchases is overshadowed by the cost of supporting a complex, heterogeneous device fleet.”
Samsung: “BYOD cost savings are not as great as expected in the long term.”
Gartner : “Many executives incorrectly believe BYOD will cut costs.”
As the old saying goes, “follow the money.” Hardware acquisition costs generally represent 10% or less of the total mobile solution cost. As stated in a Wired Magazine article a while back, device acquisition costs represent only 10-13% of total smartphone TCO over just a two-year period. This percentage is reduced as the service life goes up (as might be the case for a COBO device). Numerous VDC Research TCO studies over the years have come to similar conclusions, including the one that hardware acquisition costs are NOT the leading driver of TCO. VDC studies also report that the two primary drivers of TCO are IT administrative overhead and lost worker productivity due to device downtime, both of which are significantly increased in a BYOD model.
Thus, the BYOD model of cutting 10% of the cost while growing dramatically the other 90% of the cost, is not generally an effective strategy.
Your Edge Blog Team: What do business decision-makers and IT leaders perceive as the advantages to BYOD?
Bruce: In our studies, we identified 10 areas of customer-perceived BYOD benefits. Note, however, that in some instances BYOD features produce a counterpart disadvantage. For example, BYOD may offload maintenance from IT to an employee to reduce corporate IT costs, but that may in turn negatively impact productivity and employee satisfaction. In general, we find organizations seek BYOD benefits to both the corporation and to the employee.
From a corporate perspective they seek…
Reduced onboarding costs.
To recover the typical costs of repatriating devices (since there is no need to retrieve issued devices).
Increased worker collaboration (as an indirect benefit of pervasive, individually assigned devices).
To facilitate remote work (since the device is always accessible for work).
Reduced device maintenance/IT costs (by offloading maintenance and IT to the employee).
From an employee satisfaction perspective, they seek to offer workers…
Personal choice and personalization (since they get to use their personally selected/configured device at work).
Greater on-the-job satisfaction and productivity support (again, since they get to use their own, personal device that has been tailored to their user experience preferences).
A single device to carry for work and personal use (rather than two).
Employee device control (so the employee has overriding control of the device rather than IT).
Your Edge Blog Team: Are there other factors driving increased interest in BYOD once again? It seems it was popular several years ago, then sort of fizzled out before this current resurgence we’re seeing.
Bruce: Yes, there are societal, business, and technological factors all driving renewed interest in BYOD. More specifically, we have identified 13 such factors:
Smartphone proliferation. (In the U.S., over 85% of adults have a smartphone, and 2023 estimates are that 86.4% of the worldwide population has a smartphone).
The expanding gig economy. This is dictating the support organizations must provide to the temporary on-demand workforce – i.e., “taskers” – who can readily be commissioned/decommissioned.
Increased consumer device durability.
Improved camera-based barcode scanning for light scanning applications.
Advances in cross-platform app development/support.
Device and OS maturity. (This has led to more stable consumer devices and OS releases combined with more experienced consumers.)
Dual persona support (i.e., separate work and personal profiles).
Cross-platform enterprise mobility management (EMM), which has improved manageability of diverse solution environments.
“Improved” consumer device security patch support.
Increased demand for employee collaboration, especially among front-line workers.
Advancements in BYOD enrollment (i.e., Android Zero Touch / Google Managed Play Accounts, Apple iOS “User Enrollment” with Managed Apple ID.
Increase in remote work/work from home (in part driven by COVID-19).
Your Edge Blog Team: So far BYOD sounds great, what’s the catch?
Bruce: Now for a healthy dose of reality. The challenges with BYOD fall into four general categories:
Increased opex costs (IT/admin)
Increased security risk
Stakeholder (customer and employee) dissatisfaction
Increased development resource expenses
Your Edge Blog Team: Let’s talk about the increase in opex (IT/admin) costs first.
Bruce: We’ve identified at least 12 factors that drive up opex:
Device diversity support - Think multiple vendors, product models, screens (size, aspect ratios, resolutions).
SRA (stipend, reimbursement, allowance) program administration – Regulations often mandate SRA, so you should consider both corporate governance costs and tax consequences to the organization and/or the employee.
Multiple OS platform support – You may have to provide support for both iOS and Android devices.
Multiple release/update support – In most instances, a single device will require support for two releases of iOS & 5+ releases of Android, all potentially running different patch updates.
BYOD policy agreement – This includes creation, communication, governance (i.e., periodic audits) of the BYOD policy agreement, which is an agreement between an organization and its employees governing device usage.
BYOD policy exception handling – Generally, an organization cannot force an employee into BYOD participation, so you may need to establish alternative options for such employees. (Consult your legal advisor to confirm.)
Privacy/legal exposure and reviews – There are costs to ensure/maintain compliance to regional/labor privacy/work-use of personal devices.
Software licensing management – Governance of on-device apps is required to ensure compliance with commercial vs. personal use.
Privacy rights administration – Privacy rights are continually changing, and enterprise customers are well advised to be continually vigilant on emerging changes. (Note: In some regions, employers may be criminally liable for employee privacy breaches.)
Increased IT support – IT must deal with a diverse environment of devices and platforms that host both personal and work applications. Complicating support is the fact that under BYOD, IT may have limited device access/EMM controls.
Pace of new platform support – You (or your team) will need to keep up with latest devices / OS releases as employees procure/update their personal devices.
BYOD software protection – You may need to acquire additional security software protection specifically for BYOD, or it may be part of EMM or supplemental (i.e., Scalefusion) software.
Your Edge Blog Team: That’s probably a good transition to the next concern you noted, which is the increased security risks associated with BYOD. Can you elaborate on that?
Bruce: I’ll start by quoting two passages from a 266-page National Institute of Standards & Technology (NIST) report on “Mobile Device Security: Bring Your Own Device (BYOD)”:
“Enabling BYOD capabilities in the enterprise introduces new cybersecurity risks to organizations.”
“An ineffectively secured personal mobile device could expose an organization or employee to data loss or a privacy compromise.”
Anyone buying mobile devices for business use needs to recognize that iOS and Android are first and foremost consumed-focused operating systems. In 2021, a total of 1140 vulnerabilities were identified for IOS and Android. Now, put this in the perspective of BYOD where a significant percentage of Android and iOS devices will not be running the latest OS release and the majority of devices will have outdated security patches. In this case, I like to refer to the U.S. Department of Homeland Security best practice recommendation for enterprises: “The most important defense against mobile device security threats is to ensure devices are patched against the publicly known security vulnerabilities.” That’s hard to do when you don’t own or control the devices and, with BYOD, IT has limited ability to lock down employees’ personal devices. And, even if the data on the device is not overly sensitive, realize that BOT attacks can turn a device into a malicious gateway, enabling attackers to go after back-end corporate resources.
In that same vein, the IT team’s inability to whitelist the devices to only known, trusted applications means potential exposure to employee-loaded potentially harmful apps (PHAs), and there’s a lot of bloat exposure overall, which increases the security susceptibility of consumer devices to attacks. Consumer devices often have preloaded applications (aka “bloatware”) that cannot be removed and may have escalated (i.e., platform signed) privileged rights. These often-unnecessary apps increase the attack surface of the device. Efforts are underway to quantify the security and privacy risks of such apps more precisely.
Your Edge Blog Team: So, we know BYOD could make employees happy. They get to use their own device at work. But you said that BYOD could lead to dissatisfied customers and employees. How is that?
Bruce: Employee dissatisfaction typically stems from forced device refresh/software updates (based on policy compliance), a lack of IT support, and the stress of always being on call and accessible on their personal device. There are also privacy concerns, including private data exposure (real or perceived). Employee’s private data may be exposed as part of disclosure if the company is engaged in a lawsuit or criminal charges.
There are also potential productivity impacts that could lead to customer and employee dissatisfaction:
Device downtime due to increased wear and tear from the combined personal and work use, to include battery wear resulting from the increased number of charge cycles, which reduces battery life.
Device downtime due to consumer device performance. Operational device integrity is critical to both employee and customer satisfaction. Numerous studies show higher failure rates associated with consumer devices, which are the devices used in BYOD models. A 2021 VDC Research TCO study indicated that by the end of year two of service, a consumer device has a 25.5% likelihood of failing compared to 9.5% for an enterprise rugged device. As a result of performance issues, you may also have to deal with…
- Overloaded IT support due to the diversity of platforms to support.
- Cross-platform app compromises, which are typically higher when compared to targeted, native experiences. Cross platform apps often compromise the user interface/user experience (UI/UX), have slower performance, and may not take advantage of vendor features. They generally operate at the lowest common denominator of features or must incorporate multiple run-time conditional statements.
- The lack of “enterprise” customizations (i.e., robust barcodes scanning, custom keyboards, etc.) There is evidence that applications requiring barcode scanning may not perform well using consumer device cameras, and that performance may vary significantly across different camera implementations.
Your Edge Blog Team: You said the fourth set of challenges for BYOD is also cost related?
Bruce: Yes, but in this instance, costs are specifically associated with app development, testing, and support:
Increased application development – Development of either cross-platform apps or multiple native apps targeting each platform variant will be necessary, and apps must be written to support multiple OS releases/API levels. Leveraging new features must be either be conditional or the app must be written to the oldest API with the assumption of forward compatibility.
Increased application testing/validation/maintenance – Testing and maintaining applications executing in a very diverse, continually changing environment will take a toll on resources.
App compatibility issues – Applications may exhibit incompatibilities given a diverse set of devices undergoing constant updates.
Building apps to the least common API functionality – Avoidance, or run-time conditional, use of vendor0specific enterprise feature extensions is necessary.
Your Edge Blog Team: As you said, lots to consider. Any final words of advice for those who have to make the call on which workforce mobility model is best for their organization?
Bruce: My goal is not to criticize BYOD. There are plenty of BYOD programs that are working just fine. On the other hand, there is significant past precedent that shows that BYOD as not living up to expectations, particularly around cost savings. Understand potential security risks, which are always difficult to quantify. Do your due diligence, go in well-educated and with a proper set of expectations.
As always, we had to greatly abstract our findings for this blog post. Bruce (and your local Zebra representative) would be more than happy to discuss any of these items in greater detail. Please feel free to contact them directly. If you don’t yet have a Zebra contact, reach out to us here and we’ll put you in touch with the right person.
Want Our Bi-Weekly Blog Roundup?
Subscribe to Zebra's Blog
Prefer Real-Time Notifications?
Get the RSS feeds
Search the Blog
Are You a Zebra Developer?
Find more technical discussions on our Developer Portal blog.
Reflexis is Now Part of Zebra Technologies
Visit the Reflexis blog for more retail, hospitality and banking-related insights.
Fetch Robotics is Now Part of Zebra Technologies
Visit the Fetch blog for robotics-related insights.
Looking for more expert insights?
Visit the Zebra Story Hub for more interviews, news, and industry trend analysis.