Gartner Blog Network


The Dark Side of Bringing Your Own Device

by Andrea Di Maio  |  May 29, 2012  |  11 Comments

Last week I met clients in the Bay area and had two very intesting conversations about BYOD (Bring Your Own Device) policies.

In one case, the CIO had been struggling for so long with frequent requests from users to support their devices of choice that he went for a much broader choice of enterprise-provided user devices. The reasoning that the cost of supporting an increasing variety of user-owned devices and the risks posed by how employees may mismanage the boundary between enterprise and personal use were greater than the cost of providing enterprise devices. He claimed that this helped make employees more conscious of and cautious about the distinction between business and personal use.

In the other case, the CIO told me that there s a proliferation of devices, despite the lack f a formal BYOD policy. When we touched upon one of the typical risk, which is the use of personal clouds (such as DropBox, iCloud, Google Drive), he told me that one of the personal cloud providers contacted him, providing a list of hundreds of employees in his organization who had registered for their service (presumably with their business email address). The purpose was clearly to sell the enterprise version, but this raises a vary interesting question: to what extent are consumer software providers respecting their users’ privacy and how is our personal data being used in ways that we would not anticipate.

If I were one of the employees using that tool, I would be pissed at the vendor. I may be using the personal cloud for purely personal purposes or to store public data, hence in full compliance with my code of conduct, and yet my employer would have reasons to believe that am doing something wrong.

This is not new. Every time we visit a web site from our corporate network or give our business email address when registering for a service we leave a digital trace. We rarely think about what the provider might do with it besides piling on our spam load. However this example shows that the vendor can simply tell our employer.

BYOD looks like an unstoppable trend, as more and more people look for the convenience of usin their own device. However there are potentially serious implications, ranging from the enterprise erasing a personal device in case it is lost (including all personal data, which is irremediably lost in case we find the device but have missed the last backup), to a vendor airing our possible non-compliance to our employer, to our employer accessing and analyzing our personal data.

The irony is that while everybody is worried about the risks of BYOD to the enterprise, the worst risks could be for us.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research

Category: cloud  web-20-in-government  

Tags: byod  consumerization  

Andrea Di Maio
Managing VP
19 years at Gartner
33 years IT industry

Andrea Di Maio is a managing vice president for public sector in Gartner Research, covering government and education. His personal research focus is on digital government strategies, open government, the business value of IT, smart cities, and the impact of technology on the future of government Read Full Bio


Thoughts on The Dark Side of Bringing Your Own Device


  1. There is an implicit question that needs to be tackled in your post, and it is the non-differentiated usage of professional e-mail addresses for personal purposes. Or not even having a second/personal e-mail address for one’s own purposes.

    I think it is a matter of “Digital Literacy 101” that e-mail addresses send tacit messages about our digital identity. Thus, I would not be surprised to see my cloud provider talk to my CIO because I and a hundred workmates are using their solution… if I had provided my pro address. I would be but angry – and the data leakage definitely suable at least under Spanish law – had I provided my personal address.

    This is, of course, very related with personal/pro uses of devices that I can bring to my own work.

  2. […] of legacy IT to tablets will be woefully insufficient and will drive users to 3rd party apps. Read two great cautionary stories about this from Gartner’s Andrea Di […]

  3. Dave says:

    Our organization was recently contacted by a personal cloud provider, quite similar to what you have mentioned in your post. And for compliance, we setup a corporate/enterprise agreement. The points you make are quite relevant. Our approach is that we will contact the users who have registered a cloud account with their corporate email, request that they provide assurance that it’s for corporate purposes, and if so, they will become part of the corporate agreement and have to justify the monthly/annual costs to their Director or above. It’s not the best process, but it works, for now at least. There has to be some level of acceptance that accounts registered with your corporate email, do indeed indicate that they are being used for corporate purposes. And if that is the case, then we should be compliant, and if not, then the user should reconsider.

  4. […] of legacy IT to tablets will be woefully insufficient and will drive users to 3rd party apps. Read two great cautionary stories about this from Gartner’s Andrea Di […]

  5. Andrew Ecclestone says:

    Hi Andrea,

    When you tweeted the link to this piece, you tagged it with #opengov. I’m curious as to how you see this as related to Open Government, or if it was just a typo.

    Also, in case you haven’t seen it, this is worth a read, on how we might define ‘open government’:
    http://integrilicio.us/2012/05/22/a-working-definition-of-open-government

  6. […] analyst Andrea Di Maio recently discovered how registering for personal cloud services with a work email address can impact employees during a […]

  7. […] analyst Andrea Di Maio recently discovered how registering for personal cloud services with a work email address can impact employees during a […]

  8. […] or use a service to store or transfer work-related files. Gartner analyst Andrea Di Maio recently discovered how registering for personal cloud services with a work email address can impact employees during a […]

  9. […] A lire sur le blog de Gartner Cliquez ici pour annuler la réponse. Nom (required) […]

  10. […] analyst Andrea Di Maio recently discovered how registering for personal cloud services with a work email address can impact employees during a […]

  11. Andrew,
    it is relevant as open data as well and social media will be tools that employees will use on their devoces of choice.



Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.