Yeah, I know BYOD is all the rage. Yes, I know there is a ton of support to make BYOD a reality. And yes, I’m acutely aware that we even have a BYOD session at MSPWorld this March. Having said all that, I still am not 100% sold on the idea that BYOD is a concept that all MSPs should be undertaking in 2013. Here is my explanation for why.
First, BYOD is somewhat of a fad. And, like all fads, they tend to whip up a lot of frenzied discussion amongst people who then react and oftentimes react in risky ways. Second, BYOD has created an act first, think later mentality amongst some service providers who are predisposed to doing what customers want with little thought as to the possible consequences to the customer business or the MSPs practice. Let’s delve a little deeper and examine the issue.
I liken BYOD to what many MSPs experienced years ago and that is the notion that you never say “no” to the customer. I remember a lot of MSPs claiming they could not stop sending technicians onsite because the customer “liked to see that people were doing something ” As MSP professionals, it is important to remember that customers often are not aware of the IT and business risks they face and it is up to the MSP to advise, to the best of their ability, what they believe to be in the best interest of the customer…even if it is not what the customer may want.
One really clear example is a MSP I consulted with a long time ago had implemented a policy where the customers would hire 3rd party consultants, without the knowledge of the MSP. Many times the MSP would say the consultant would break the network only to have the customer ask the MSP to fix it. This is a great example of the MSP not clearly defining and enforcing network rules, not to mention the MSPs’ own SLA.
BYOD is very similar. I’m not saying that BYOD is not a potential revenue gold mine for MSPs. I’m not saying that customers may actually thrive in a BYOD scenario. What I am saying is that in order for BYOD to work securely and safely for both MSP and customer, the MSP has to have a defined strategy that can be enforced, if only so that the MSP does not end up paying the price for the customers’ bad decisions.
Particularly at risk for the MSP is the liability of managing disparate devices without the proper tools or processes, as well as the inability to clearly protect customer data in such an environment. Data leakage from mobile devices is a serious issue and if something goes wrong, chances are the MSP will get blamed.
The argument for BYOD, and there is are some very good ones, does have a significant upside for the MSP. First, mobile device proliferation is a reality and unless you are in a really heavily regulated and security sensitive field, blocking unauthorized devices may not be practical.
The second, and perhaps more persuasive argument, is financial. There is a lot of money to be made by bringing order and security to a disorganized environment where mobile devices are accessing data, not being authenticated, and creating massive headaches for the IT department (and the MSPs). If done correctly, the MSP can not only provide security and peace of mind for customers, as well as generate good revenue based on a well considered and thoughtfully executed BYOD strategy.
So, before you do implement that BYOD campaign in 2013, be sure and think it through. Have a plan, protect yourself, and make sure your customers understand what their obligations are before you proceed. BYOD may be coming whether we like it or not. Just don’t make your MSP practice a magnet for risk.
Sign up for MSPAlliance’s Bi-Monthly MSP & Cloud Journal. Follow us via RSS, Facebook, and Twitter. Interested in writing for MSPAlliance? Please contact us for more information.