Smartphones have changed, disrupted, and spawned many businesses. Without our ubiquitous handheld devices, Uber and Postmates probably don’t exist. In fact, it’s safe to say that the On-Demand Economy is a fraction of its current size (estimated at $60 billion and growing.)

As someone who remembers life before mobile devices, it’s been interesting to see how mature organizations have reacted to this new world. Specifically, many have struggled to wrap their arms around the bring your own device (BYOD) trend.

It’s been seven years since BYOD arrived in earnest, but where are we now? How have IT departments responded to this sea change? Have the benefits lived up to the hype? And what risks remain?

Where are we now?

Put bluntly, BYOD has arrived in full force. Consider the following statistics:

• Eight-five percent of organizations allow employees to bring their own devices to work. (I don’t see how the other 15 percent can really stop this from happening, but that’s a separate conversation.)
• More than 50 percent of organizations rely on their users to protect their own devices. (Source: SANS Institute)
• Perhaps most shockingly, Gartner reports that nearly two in five (38 percent) of companies expect to stop providing any devices to workers by the end of this year.

Make no mistake: The BYOD genie isn’t going back in the bottle anytime soon.

The Benefits and Increasing Risks of BYOD

The advent of BYOD caught many budget-challenged IT departments off guard and spawned new services from established software vendors. Sure, BYOD meant that they did not need to provision mobile devices to their employees and offer training. Even today, these benefits can be considerable.

A mere half of organizations implement password protection on employee-owned devices.

Still, as I am fond of saying, technology is neither good nor bad; nor is it neutral. In the case of BYOD, organizations continue to face a slew of evolving and downright thorny legal, financial, and even workers-compensation risks. And then there’s the elephant in the room: security. As Kelley Katsanos writes, many if not most organizations are generally doing a poor job securing corporate data on employee-owned devices. She cites a recent Bitglass’ survey around BYOD security (or lack thereof):

• Data leakage is the primary security concern across many sectors. This includes education (79 percent of organizations cited this concern), financial services (81 percent), and health care (90 percent).
• Basic security is often neglected. In spite of these alarming statistics, all three sectors often neglect to implement basic mobile security measures. For example, only 36 percent of educational institutions support device encryption. Shockingly, a mere half of organizations implement password protection on employee-owned devices. Many choose not to include policies such as encryption and remote wipe.

Simon Says

As I’ve seen firsthand, some larger and more mature organizations are bucking the BYOD trend by providing their employees with smartphones and tablets. (People packing two smartphones typically fall into this bucket.) In theory, these company-issued devices are more secure than their consumer equivalents. To be sure, this is inconvenient for employees, but added privacy from Big Brother often justifies the annoyance.