In the last three years, we have seen the rise of a new movement: BYOD, or bring your own device. This movement is gaining strength mainly as a result of the rise in personal smartphone and tablet ownership. BYOD will affect adoption of mobile learning (mLearning), and mLearning managers need to stay abreast of developments, both in the movement and in their own organizations.
In this article, we outline the broad concerns that you, the developer or manager of mLearning, should take into account in your planning. This is only an introduction; you will certainly see more articles on the subject in Learning Solutions Magazine in coming months.
About BYOD and BYOT
BYOD is the trend of employees bringing their personally owned smartphones and tablets to work with them, not only for personal use but also to access company e-mail, servers, and databases.
Employees have been bringing their own mobile devices to work for the last decade or longer. At first, these devices, mainly personal digital assistants (PDAs) and feature phones, were largely unable to access corporate information and networks. This changed with the introduction of “smart” devices—chiefly the iPhone, the iPad, Blackberry, and Android—several years ago, but many organizations are only beginning to react to the potential security problems.
There is a related trend, known as BYOT (bring your own technology): employees bringing in and using their own Web browsers, productivity software, e-mail clients, media players, and other software in order to do their work. BYOT also includes the use of personal online accounts—Dropbox being the most frequently cited in this connection, although not by any means the only service of concern—to store documents and other files for off-site and after-work access.
BYOT and BYOD are the result of many factors, not the least of which is the continuing breakdown of the separation between private life and “the job.” Organizations benefit from reduced costs, since the employee usually pays for the devices and associated data plans, and may also pay for part or all of their maintenance and repair, the software, the online accounts, and so on. The organization may find that it needs to pay for fewer PC hardware upgrades and it may benefit from apparently increased productivity, as employees can work anywhere, any time. Employees may benefit from flexibility in working hours and location, the convenience of working on a device they already own and with apps they already know, or from rewards and recognition for the additional amount of work they perform.
Is a lot of BYOD going on?
How big is this trend? How big could it get? Look at the data reported in the eLearning Guild Research Report, Mobile Learning: The Time is Now.
In the survey for this report, 98 percent of Guild members reported owning at least one personal mobile device, and over 70 percent reported using their personal devices to accomplish some of their work. Not only that, two-thirds of the respondents say they own two or more mobile devices. The research report also identifies the trends in adoption of each of the major mobile platforms and device types by mLearning developers. As you might expect, interest in and sales of smartphones and tablets, and the relative numbers of those using iOS, Android, Blackberry, and Windows shows up in the data.
It is true that Guild members may not be representative of all employees in all organizations, but the numbers reported in other surveys are also significant. Mobile device ownership and use at work is clearly crossing that famous “chasm” between the early adopters and the mainstream.
At the same time, the Guild’s report cautions, “While the evidence is that they have the devices, some do not, or more importantly will not, use their personal devices for work. This has implications for policies about whether to provide devices or to use the devices employees already have.” With almost 30 percent of respondents indicating that they do not use their personal devices for work, this is an important consideration.
The BYOD movement is already big enough to create problems for at least one device manufacturer.
Cisco announced May 24 that it will stop making the Cius tablet, which they positioned for enterprise purchase rather than by individuals. In the announcement, OJ Winge, senior vice president of TelePresence Technology Group, noted that a workplace “is no longer a physical place, but a blend of virtual and physical environments; where employees are bringing their preferences to work and BYOD (‘bring your own device’ to work) is the new norm; where collaboration has to happen beyond a walled garden; and any-to-any connectivity is a requirement, not a ‘nice to have.’” Instead, Cisco will focus on collaboration software that works across multiple operating systems. Analysts felt that Cisco had underestimated BYOD.
Other analysts feel that BYOD is also at least part of the reason for the failure of the Blackberry Playbook and the HP TouchPad.
Is BYOD all good news?
Although there are benefits from BYOD, there are also some significant issues, and these need consideration in planning to introduce mLearning and to continue existing mLearning initiatives—because employees will want to use their own devices for mLearning and for performance support as well.
For organizations, there are three main sets of information and communication technology (ICT) issues associated with mobile computing: security, costs, and support requirements. None of these, in and of themselves, has to do with learning, but they are related to the data, information, technology, and devices used to deliver mobile learning and performance support.
At first, you might wonder why mLearning would be a security concern. It isn’t so much mLearning as it is that, first, security is always at the top of the list of ICT issues. Second, when mLearning addresses enterprise-specific matters—such as how an organization does things, how a company markets its products and services, specific technology employed—security is very much a concern.
Security of the physical devices is an important element. If a device is lost, stolen, or finds its way into the wrong hands, we must consider that any proprietary data on the device is compromised.
Security of data during its transmission between the mobile device and the organization’s data center is another important element. In addition, the security of remote access to the organization’s information must be ensured.
There may be other security concerns, such as protecting client, customer, or patient data, that could come into play when an organization implements mobile performance support alongside or as part of its mLearning initiative.
Mobile communication, unfortunately, is not free for organizations or for the employees who want to use their own mobile devices to do their work. If there are data plans involved for the devices, someone has to pay for the data plan—including additional charges incurred when there are large volumes of data transfer, such as video and audio. Who pays, and how much? If the company data is located behind a firewall, the secure system for accessing it from mobile devices will be paid for by the organization. If the organization offers Wi-Fi inside its facilities to support mobile devices, it will be necessary to add equipment that can handle all the employee devices (possibly large numbers of them) that will be in use.
The support component—the Help desk, for example—is another expense and another resource requirement. 70% of a typical information technology (IT) group’s budget goes to support existing infrastructure. There’s not much left over for dealing with employee-owned devices and software. Troubleshooting gets complicated when the help desk staff is not familiar with the employee’s device. It would be possible to leave employees on their own when they need support (except for e-mail), but this risks lower employee satisfaction and lessened productivity when they can’t figure out how to connect their personal device to the company network.
Dealing with the issues
So far, only a small number of organizations have put BYOD policies in place to help manage the ICT issues, the intellectual property concerns, and other security issues associated with mobile devices and apps.
As an example of how these policies play out, IBM drew some attention with theirs on May 25 this year. Following a review of its BYOD policy, it banned employee use of Siri at work—and disabled Siri on iPhones owned by employees who had access to corporate information via their devices. In addition, the company “discouraged” the use of Dropbox and Apple’s iCloud at work, in favor of its own services.
While BYOD policies will vary according to the nature of organizations and their business, there are some typical elements that you can anticipate. Not all of these will be acceptable to all employees, and this could affect usage of mLearning, especially if your initiative planning anticipates substantial use of personal devices. Here are four of these that may be particularly sensitive:
- The employee must provide access to personally owned devices if they become part of a workplace investigation, or they become subject to a legal hold in a civil litigation case.
- The employee may not conduct corporate business using personal accounts, including prohibition of sending e-mails from a corporate address to the employee’s private e-mail account.
- Any device assigned to an employee will be locked down, including remote wipe.
- Non-compliance will result in blocked access to ActiveSync from the device.
Key elements in most BYOD strategies include the use of device management and security controls to enforce the policy. This means installing device management clients on smartphones and tablets. It also means installing VPN clients. Employee devices can be configured by the organization over-the-air (OTA), and they can be erased remotely if they are lost or stolen. All devices will be monitored for compliance in real time, to detect out-of-date device operating systems and unapproved apps, and to provide jailbroken and rooted detection.
There will be approved apps, and apps that are discouraged or forbidden. It may be that full wireless network access will be limited to company-owned smartphones, while others may be restricted to a quarantined network—a separate network that has limited access.
Expect that there will be clearly spelled out terms and conditions and acceptable use policy (AUP). There will need for explicit agreement with the user regarding OTA enrollment, acceptance of AUPs and liability, and provisioning. Not all mobile platforms and models will be supported. The terms and conditions will also need to spell out who pays for repairs, replacement, and data plan charges.
To keep BYOD from becoming BYOT, there will likely be certain other requirements in the policy in addition to those outlined above; be sure that your mLearning design stays within these guidelines:
- Never store confidential corporate data on an unencrypted device.
- Never share or store files via third-party cloud-based solutions.
- Provide secure communication to the device.
As mentioned earlier in this article, future articles in Learning Solutions Magazine will address additional details and developments in BYOD policy and in the movement itself.
Because many employees are unaware of the security dangers presented by mobile apps and devices, you can expect to see more organizations implementing BYOD policies in the coming months. If your organization has a BYOD policy now, you will want to work with your IT group to ensure that what you want to implement in mLearning is compatible with that policy. If there’s not a policy yet, you will want to make sure that IT understands the need for the learning organization to be a stakeholder in its development.