Bring Your Own Device (BYOD): Trusted Employees, Untrustworthy Devices

Unsecured Android’s, iPhones, iPad’s and tablets on their way in, secured Blackberry’s on the way out, clearly Gartner has it right when saying the mobile/wireless market has “Confusion, Complexity and Opportunity Through 2015”.

We’re in the Bring Your Own Device (BYOD) revolution. Consumerization, or Shadow IT, is here and legions of disparate mobile devices are coming into the workplace, most likely unsecured, and most likely containing some sensitive corporate data, with or without apps that may bypass internal IT security policies to create even more leaks.

The BYOD trend may be getting more press with the growing popularity of smart phones but it’s been around for many years, and been wreaking havoc not because of security, but because of the IRS, which has antiquated laws about mobile phones and tracking business versus personal calls. Havoc case in point #1, the UC schools.

In 2007 several UC schools were slapped with back taxes after the IRS completed a payroll audit and found the schools had not tracked personal and business calls.

UCLA was hit with a $239,196 bill this year after IRS auditors found that employees with cellphones were not keeping logs. UC San Diego had to shell out $186,471 for the same reason

The schools then changed their policy to a stipend policy:

“Employees with such equipment will receive a monthly cash allowance reimbursing them for the payroll tax that is withheld.”

The new policy is in response to Internal Revenue Service (IRS) payroll audits at UCLA and UCSD. In settling the audits, the University agreed to come into compliance with IRS regulations for employer-provided cell phones and similar mobile communications devices by mid-2009.

The IRS considers cell phone use a taxable fringe benefit to the employee if business and personal use of the phone cannot be substantiated in detail — down to the stated purpose of each business call. In the absence of a call log, the IRS can treat all undocumented calls as personal and the value of those calls as taxable wages, even if the calls were mostly for business.

Then changed back to a direct billed plan after the IRS gave them a reprieve on the personal use policy, since legislation was being brought before Congress to do away with the antiquated law. Yikes, what an administrative nightmare.

The Internal Revenue Service (IRS) has granted a fourth extension, allowing the University of California to continue suspending implementation of its current policy, which treats cell phones and similar mobile communications devices as a taxable fringe benefit. This latest extension runs through November 30, 2010.

The extensions were granted because IRS Commissioner Doug Shulman and Treasury Secretary Timothy Geithner, among others, want to eliminate the tax on personal use of employer-provided cell phones. However, Congress has not yet passed legislation to make this change happen.

Tax issues aside, the main driver today is IT departments catching up to the consumerization of devices. Setting policies is one thing, but tracking, managing, securing and most importantly controlling costs are more challenging when you don’t own the device. Many vendors have identified the need to create solutions to help solve the BYOD challenge in the enterprise, and so it seems everyone wants in on the havoc, Mobile Device Management seems to be the buzz word of Q4 2011.

Just this week there have been several articles focused on BYOD in the Enterprise. One article, BYOD: Why it’s time for CIOs to get their strategy straight, provided a summary of Ovum’s report: The BYOD Gap: Trends, Strategy, and the State of Mobile Device Management.

The other was about a press release from Zenprise announcing their new BYOD Tool Kit and the Rogue Device Assessment (certainly the coolest named service for techies like me).

And another from ITBusiness Edge: Get to Know Mobile Device Management

Since there are pro’s and con’s to both BYOD and Corporate Paid and Controlled Devices, as well as hybrids of both approaches, it takes a bit of work to align the goals of finance, the goals of IT, and turn those trusted employees with untrustworthy devices into employees with trusted devices. The policy must makes sense, be enforcable, and control dollars and cents.

Hopefully with some time and energy, a bit of research, and then some pilot projects to evaluate Mobile Device Management, Wireless Expense Management, and Mobile Application Management software, enteprise decision makers will be able to figure out the best solution, and hopefully before Gartner’s prediction of 2015.

About Vocio: An industry leading Telecom Consulting Firm with a ten year track record of providing Telecom Expense Management, Mobile Device Management, & Telecom Auditing. Our clients range from small enteprises to the Fortune 500. We can be reached at 888-200-8647.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.