IBM and the EEOC Experiment with BYOD

Many companies are moving to a BYOD system. And the move is understandable given anticipated employee efficiency and productivity increases as well as cost savings for employers. On the other hand, companies also need to be aware of the problems that can arise when moving to a BYOD environment, including employee push back and increased security concerns.

BYOD Can Garner Cost Savings - A BYOD Case Study

In 2012, the U.S. Equal Employment Opportunity Commission (EEOC) undertook a BYOD pilot, during which the EEOC was able to significantly reduce the information technology budget for BlackBerry mobile devices. The EEOC explained,
Last year [2011], the EEOC was paying $800,000 for its Government issued BlackBerry devices. Subsequently, the EEOC’s FY2012 IT budget was cut from $17.6 million to $15 million, nearly a 15% reduction. The EEOC’s Chief Information Officer, Kimberly Hancher, significantly reduced contractor services, eliminated some software maintenance, and slashed the agency’s budget for mobile devices -- leaving only $400,000 allocated for Fiscal Year 2012. . . . [As a result of several cost saving measures discussed below,] FY 2012 costs were reduced by roughly $240,000[.]
Importantly, before implementing changes, the EEOC evaluated use of existing devices. Specifically, the EEOC found that,
75% of our users never made phone calls from their BlackBerrys … Email is the killer app. They either used the phone on their desk or they used their personal cell phone to make calls because it’s just easier. We also found there were a number of zero-use devices. People have them parked in their desk drawer, and the only time they use it is when they travel.
After evaluating the existing environment, the EEOC was able to form a plan to implement several cost saving measures, including pressing their "wireless carrier, a GSA Networx contract provider, to help cut costs or risk losing the EEOC’s BlackBerry business." The EEOC also eliminated zero-use devices and moved the remaining BlackBerry devices to a bundled rate plan with shared minutes.

But, moving to a BYOD environment can also be problematic. While employees desire to use their own devices, they may also push back on a company's efforts to monitor and track the devices. Moreover, as IBM learned in its implementation, employees must be trained on best practices to protect their devices and avoid security pitfalls.

IBM Experiments with BYOD

IBM is a sophisticated technology company whose storied history of innovation dates back to 1880. IBM holds more patents than any other U.S. based IT company and has lead the list of top patent recipients for 19 consecutive years. Yet, when IBM adopted a BYOD policy in 2010, similar to other companies, it too encountered technology challenges

In an interview with the MIT Technology Review in 2012, Jeanette Horan, IBM's Chief Technology Officer, reported that her IT department was bogged down with security issues brought about by employees using certain apps (e.g., Dropbox), forwarding internal e-mail to public e-mail services, and creating open Wi-Fi hotspots with their mobile devices.

According to the MIT Technology Review, Horan's team "surveyed several hundred employees using mobile devices, [and found that] many were 'blissfully unaware' of what popular apps could be security risks." In general, her team "found a tremendous lack of awareness as to what constitutes a risk."

Given the lack of awareness among IBM employees of security risks associated with mobile apps and time spent addressing these concerns, "[t]he trend toward employee-owned devices isn’t saving IBM any money . . . Instead, [Horan] says, it has created new challenges for her department of 5,000 people, because employees’ devices are full of software that IBM doesn’t control."

BYOD Is Not For Everyone

It is important for companies to recognize that a bring your own device approach is not appropriate for every company. True, IBM, the EEOC, and many other organizations have managed to make BYOD work for them. But, that does not mean that this approach is the best approach for every organization. As is clear from IBM's experience, companies may not see an immediate cost savings from moving to a BYOD environment. On the other hand, companies could realize immediate cost savings by eliminating zero-use devices as did the EEOC.


Resources and Supporting Materials
  • White House Digital Government - Bring Your Own Device - A Toolkit to Support Federal Agencies Implementing Bring Your Own Device (BYOD) Programs (August 23, 2012)
    • Includes three BYOD Case Studies:
      • Alcohol and Tobacco Tax and Trade Bureau (TTB) Virtual Desktop Implementation
      • U.S. Equal Employment Opportunity Commission (EEOC) BYOD Pilot
      • State of Delaware BYOD Program
    • Includes Sample Policies
      • Sample #1: Policy and Guidelines for Government-Provided Mobile Device Usage
      • Sample #2: Bring Your Own Device – Policy and Rules of Behavior
      • Sample #3: Mobile Information Technology Device Policy
      • Sample #4: Wireless Communication Reimbursement Program
      • Sample #5: Portable Wireless Network Access Device Policy
      • **Disclaimer - inclusion does not constitute endorsement or approval.
  • Brian Bergstein, IBM Faces the Perils of "Bring Your Own Device": After letting its employees use their own phones and tablets for work, the company confronted a flood of insecure apps from the open Web, MIT Technology Review (May 21, 2012).

March 2024
SuMoTuWeThFrSa
12
3456789
10111213141516
17181920212223
24252627282930
31

Blog Home  

Newest Blog Entries
7/23/15 Hospital Settles with OCR for $ 218,400 Over Cloud-Based File Sharing

6/8/15 Two California Privacy Bills to Watch in 2015

3/28/15 When Looking at Security, Consider Every Device

3/9/15 Alabama Board of Optometry Makes Final a Rule on Telemedicine

1/25/15 Indiana Court of Appeals Upholds $1.44 Million Jury Verdict Against Walgreen Co. in a Privacy Breach Case; Denies Rehearing

12/9/14 Malware Leads to a $150,000 OCR Settlement with a Behavioral Health Provider

11/30/14 Can a Board of Medicine Use the State’s Prescription Drug Database in Investigating Physician Actions?

11/29/14 Under the Florida Telemedicine Rule, Can a Physical be Conducted by Telemedicine?

11/19/14 Wearables and the Challenge for Consumer Device Makers

10/28/14 A Few Telemedicine Resources

10/27/14 FCC: The Newest Regulator to Throw its Hat into the Data Privacy and Security Ring

Blog Archives
February 2014 (4)
November 2014 (3)
January 2014 (4)
March 2015 (2)
June 2014 (3)
May 2014 (6)
July 2015 (1)
January 2015 (1)
September 2014 (1)
October 2013 (9)
March 2014 (3)
November 2013 (3)
June 2015 (1)
October 2014 (2)
July 2014 (1)
December 2013 (5)
December 2014 (1)
April 2014 (6)
August 2014 (4)

Blog Labels
Dental (1)
Security (1)
Mobile Apps FDA (2)
Privacy (4)
Healthcare Fraud (1)
FCC (1)
Financial Services (1)
Healthcare Competition (1)
HIPAA (3)
Big Data (3)
Medical Marijuana (1)
Meaningful Use (4)
BYOD (2)
Marketing (1)
Telemedicine (7)
Employment (1)
Social Media (2)
Identity Theft (1)
Mobile Apps (2)
FAQ (6)
Data Breach (10)
Privacy Litigation (3)
EHR (2)