BYOD Became the ‘New Normal’ in 2013

Unbridled enthusiasm over the BYOD mega trend had threatened to overrun IT departments and perhaps put many out of work — that is, until this year.

Over the last 12 months, CIOs have had to swallow their pride and embrace BYOD, mobile device management vendors convincingly pushed their compliance messaging out, business managers got serious about security, lawyers started doing their jobs, and BYOD users, well, they continued to swell their ranks and types of devices.

“A big shift in attitude for BYOD in 2013,” says Aberdeen Group’s Andrew Borg.

To understand what happened with BYOD this year, we need a starting point: An Aberdeen Group survey in January found that three out of four respondents had a BYOD program in place. Yet two-thirds of those with a BYOD program had an “anything goes” philosophy, not enforcing compliance or security policies. BYOD was also a way for business users to revolt against IT, which traditionally threw up roadblocks to new technology, especially consumer tech.

CIOs Get Their Heads in the Game

So this was BYOD at the beginning of the year, barreling ahead with reckless abandon with IT falling quickly out of the loop.

This year was critical for IT to change its ways and get back in the game, and it did. Many CIOs began aggressively changing the IT department’s culture into one that embraces consumer tech and new-fangled mobile apps.

Generally speaking, IT became more responsive and positive to business user requests. For instance, National Geographic’s IT department opened the floodgates and let employees use whatever apps they wanted. It wasn’t easy. CIOs wanting to bring about an open-door policy needed to transform technology to handle BYOD.

“At the end of that road is one where IT has an infrastructure that is much more resilient and more tolerant of devices that are not well configured,” says Forrester Research’s David Johnson. “We’re seeing companies look at things like zero trust models in which every device is assumed compromised, [where] there is no concept of a trust network anymore. This is what we’re seeing in some of the leading edge, extreme cases.”

[ Related: CIOs Must Learn the Politics of No ]

CIOs can thank mobile device management vendors for pushing their messages of compliance to business users and, as a result, helping bring IT into the discussion as a BYOD enabler. The vendors’ message that the cost of compliance is a fraction of the cost of non-compliance was bolstered by the chilling effect of the Snowden affair. More than a few business managers realized the consequences of poor BYOD security and the dollars at stake, and so they began reaching out to IT for help.

“The education cycle by the vendors and analysts began to sink in,” Borg says. “Line of business managers don’t want this liability on their hands.”

BYOD Doomsday Delayed

Not everyone, though, jumped on board. A lot of companies are still struggling with BYOD policy and security, Johnson says. Part of the problem is that there wasn’t a high-profile BYOD breach in 2013. CIOs warning of a doomsday that didn’t happen. Despite all the hand-wringing, BYOD data risk was a non-starter this year and thus perceived by some as another sneaky attempt by IT to regain control in the name of security.

On the bright side, BYOD policies are in the process of getting a legal makeover and becoming more balanced. In the first half of 2013, companies were pressuring employees to sign draconian BYOD user policies heavily weighted toward a company’s right to monitor, access, review and disclose company or other data on BYOD mobile phones and tablets, and gave short shrift to an employee’s expectation of privacy.

But the second half of 2013 saw the General Counsel of the National Labor Relations Board (NLRB), a group tasked with the investigation and prosecution of unfair labor practice cases, taking aim at BYOD policies that violate Section 7 of the National Labor Relations Act. In other words, those policies “chill an employee’s ability to communicate with others about wages, hours and working conditions or to engage in otherwise protected activity,” according to the NLRB.

The General Counsel’s focus on confidentiality policies is causing companies to re-think their BYOD policies “out of fear of prosecution,” Heather Egan Sussman, a lawyer at McDermott Will & Emery, told CIO.com in November.

[ Related: The Consumerization of IT and BYOD Guide ]

Tablets and Laptops Enter the BYOD Picture

BYOD developments in the latter half of this year weren’t confined to maturing policies. A Forrester survey of 35,000 IT decision-makers, business-decision makers, business technology end users and channel partners conducted in the latter part of this year uncovered a number of interesting developments.

For starters, BYOD had always been mostly a smartphone play, but the Forrester survey showed BYOD tablets and laptops gaining traction. Apple iPads still rule BYOD tablets in the enterprise, although Android tablets are quickly closing the gap, perhaps even catching up to Apple next year. Surprisingly, Microsoft Windows 8-based tablets, which were practically non-existent in the enterprise this year, may be in store for a leap in 2014.

“We started to see more PCs and tablets falling under the BYOD policy,” Johnson says.

Perhaps even more interesting are the things that didn’t happen this year.

Concerns over hidden costs, hard-to-measure worker productivity gains, and employee privacy didn’t derail the BYOD movement. The simple convenience of having a single mobile device that blends business and personal lives far outweighs privacy issues for the majority of people. It also doesn’t matter what companies think about BYOD’s shaky return on investment; employees are in the driver’s seat now, and they want BYOD.

Reading work email on the golf course and checking Facebook in the cubicle, says Borg, “has become an expectation, a requirement of the modern era.” This year went a long way toward making BYOD the new normal.

Tom Kaneshige covers Apple, BYOD and Consumerization of IT for CIO.com. Follow Tom on Twitter @kaneshige. Follow everything from CIO.com on Twitter @CIOonline, Facebook, Google + and LinkedIn. Email Tom at tkaneshige@cio.com