Employee-owned Devices in the Workplace: Service Provider Impact

Redefining the boundary between enterprise and consumer

Reference Code: OT00141-007 Publication Date: March 2012 Author: Pauline Trotter

SUMMARY
In a nutshell
The pressure on enterprises to support employee-owned devices is driving a much broader change in the enterprise mobile landscape. Our understanding of what is "enterprise" and what is "consumer" is becoming less clear by the day, and this will have serious implications for enterprises, their employees, and their service providers. For service providers, the trend to bringyour-own device (BYOD) has the potential to change their relationships with their enterprise customers and the type of services and support that they must offer.

Ovum view
Many companies are in the process of reviewing their mobility policies with a view to supporting employee-owned devices, and enterprise IT managers must decide whether to embrace or reject support for BYOD. Ovum believes that this trend will also have serious implications for service providers that need to know the extent to which consumerization could threaten their traditional enterprise business revenues. There may also be new opportunities for service providers that emerge from a much looser and broader community around the enterprise and its employees. BYOD changes our understanding of what is "enterprise" and what is "consumer"; it is forcing a rethink of the boundary. In the past we have been able to draw a relatively clear distinction

Employee-owned Devices in the Workplace: Service Provider Impact (OT00141-007) Ovum (Published 03/2012) This report is a licensed product and is not to be photocopied Page 1

between the two, and service provider approaches and portfolios have been built around this distinction. In the old days, "enterprise" meant company-liable, where the company was the customer and paid the bill. Increasingly, though, service providers thinking about "enterprise" must now consider not just who has the contract and who pays the bill, but also who owns the device or SIM, which applications are used, how access to company data is secured, and who provides support.

Key issues for service providers and enterprises

Key questions for service providers

How do they quantify the trend to BYOD?

Service providers need to know how big the threat to traditional enterprise revenues is and where opportunities will arise from a much looser and broader community around the enterprise.

What does BYOD mean for operator organizations?

Service providers need to decide the best place to put their resources to target enterprises, and even their employees.

How can they best support their business customers?

Enterprises may simultaneously want a more centralized managed services approach to mobility and a decentralized approach built around employees as consumers. This has implications for the contractual relationship between service providers, their enterprise customers, and their employees.

How can they best exploit the opportunity?

Service providers need to know whether to continue to focus on the IT manager or to increasingly focus on the consumer as employee. There might also be an opportunity for a much deeper level of professional services engagement within the enterprise as companies drive through policies to support BYOD, since this will inevitably have implications throughout the organization.

What types of offers will be needed?

Companies will need tools and services to help them manage consumerization; these will include device management and additional security around corporate data and applications.

Employee-owned Devices in the Workplace: Service Provider Impact (OT00141-007) Ovum (Published 03/2012) This report is a licensed product and is not to be photocopied Page 2

Key questions for enterprises

What will be the real impact of BYOD on our costs?

Large enterprises typically secure a very good deal on devices from service providers, particularly when taking them on as part of a major managed services deal. They may find themselves spending more overall if they swap from keenly negotiated corporate tariffs to a model where employees expense their consumer-rate mobile costs.

What will be the impact on our relationships with our mobile service providers?
Many large enterprises have sought to simplify their mobility services provision by moving towards a single provider, but BYOD is a move in the opposite direction. Mobility providers will develop more offers and support, but enterprises may end up with far less favorable contractual terms than is currently the case.

What will be the IT support implications of BYOD?

Many companies believe that one of the benefits of BYOD is the devolution of responsibility for the device to employees. However, IT departments could find they end up supporting employees devices when things go wrong. This is why companies need to set up boundaries around which devices and platforms they will support, and make sure that staff know what is their responsibility and what is the company's.

Which business applications can employees use on their devices, and under what circumstances?
IT departments typically support email and personal information management (PIM) on consumer devices, but may also permit other applications to be accessed. They will need support from their suppliers to ensure that the risk to the business of consumerization is minimized and that corporate data and devices remain secure.

What does this mean for how we develop our mobility strategy?
Enterprises need to understand the implications of supporting BYOD in terms of their IT and communications strategy. Enterprises will need to manage BYOD closely, embrace a more decentralized model, and keep mobility high on the agenda.

Employee-owned Devices in the Workplace: Service Provider Impact (OT00141-007) Ovum (Published 03/2012) This report is a licensed product and is not to be photocopied Page 3

DEFINING THE BOUNDARY BETWEEN ENTERPRISE AND CONSUMER

The old world of enterprise mobility was simpler
The distinction between "enterprise" and "consumer" mobility used to be clearer. In Ovum we have always used a narrow definition of enterprise mobility for our market forecasts of connections and service provider revenues. We have traditionally included only company-liable connections, where the connection is registered to the company as the subscriber, and where the company pays the bill. In practice, of course, the situation has never been quite this clear. Plenty of small businesses have used consumer tariffs and many enterprise IT departments have informally supported employees consumer contracts through expenses claims. It is also a somewhat Eurocentric view, as in other parts of the world, including the US, Asia-Pacific, and the Middle East, other models exist. These include company-sponsored contracts, employee discount schemes, and mobility allowances. Such a tight definition of enterprise mobility is no longer sustainable; the distinction between enterprise and consumer is becoming fuzzier by the day. While much of the change is being driven by the trend to employee-liable devices, the gray area between enterprise and consumer drifts into other dimensions.

There are many dimensions defining the boundary

BYOD may be taking all the headlines, and driving most of the current change, but there are a number of dimensions that define the boundary between consumer and enterprise: Who has the contractual relationship with the service provider and what sort of tariffs and services are provided under this contract? Who owns the SIM? Who owns the device? Who has the billing relationship with the service provider? Who pays, ultimately? Which applications are used on the device? What access to company resources is allowed?

Employee-owned Devices in the Workplace: Service Provider Impact (OT00141-007) Ovum (Published 03/2012) This report is a licensed product and is not to be photocopied Page 4

Who supports, maintains and manages the device?

The gray area between enterprise and consumer

Figure 1: Consumer/enterprise spectrum: the new world

Source: Ovum

OVUM

Who has the contractual relationship? Is there a mobile contract between the company and the service provider, or is there a consumer contract? Many companies are drawn to business contracts that offer enhanced support and preferential business tariffs. Others, particularly small businesses and SoHos rely on consumer contracts. These may provide better value, particularly where use is low. However, the trend over many years, for larger companies in developed European markets at least, has been towards using company-liable contracts to support the mobility needs of staff requiring business mobility. In other markets such as the US, other contractual models have existed for some time, in many cases alongside the corporate-liable model. In Europe, and other regions too, new contractual models are becoming increasingly popular. These include company-sponsored contracts or schemes that give preferential rates or enhanced support for employees. While the service providers primary contractual relationship remains with the company, it is extending into a web of relationships with employees, and increasingly also their families and friends.

Employee-owned Devices in the Workplace: Service Provider Impact (OT00141-007) Ovum (Published 03/2012) This report is a licensed product and is not to be photocopied Page 5

Whose SIM is it? Strictly speaking, the SIM belongs to the service provider. A business contract does not necessarily imply a company-liable device, but it does imply a company-liable SIM, and this SIM may, in turn, be used in either a company-liable or employee-owned device. SIM swapping is an option that allows enterprises to extend corporate services, numbering plans, tariffs, and discounts to employees while embracing BYOD and avoiding the cost of supporting company device fleets. It may be seen as a way of maintaining control over costs since it reduces hardware (device) costs and avoids the issue of expensed mobile. However, this approach needs to be tightly managed since it can lead to increased running costs, particularly if business tariffs based on the use of devices with low data traffic (such as older BlackBerrys and standard phones) are used with devices capable of supporting applications that generate a lot of data traffic. The situation is further complicated by dual SIM devices. These are popular in a consumer context in markets where switching between providers can bring cost advantages, as well as among expat communities and travelers. Enterprise-oriented dual SIM devices are available, and can be used to hold both the corporate-liable SIM and the employee-liable SIM, with the employee switching from one to the other depending on context. Who owns the device? The ownership of the device is a relatively straightforward question, since it should only belong to (or be leased on behalf of) either the company or the employee. It could, however, contain a company-liable SIM or an employee-liable SIM, or indeed both. Device ownership becomes less well-defined if the company gives the employee an allowance towards the purchase of the device, as is becoming increasingly prevalent in companies supporting BYOD policies. This raises the issue of who owns the device if the employee leaves the company. Who has the billing relationship with the service provider? Traditionally, enterprises supporting a company-liable model with a corporate subscription receive the bill for services used. However, with the advent of more sophisticated billing systems, and to support more flexible device policies, companies are starting to explore other options where billing is more clearly linked with use. Ideally, the source of the cost can be identified, with the employee being billed for costs incurred through personal use and the enterprise billed for business use. This sounds simple, but in
Employee-owned Devices in the Workplace: Service Provider Impact (OT00141-007) Ovum (Published 03/2012) This report is a licensed product and is not to be photocopied Page 6

practice it is a minefield. Expense management tools may help identify the ownership of voice calls, but it is not easy to tell which applications are generating data traffic. Many applications generate traffic without the user being aware. Such charges are hard to avoid, and can be very high, especially when roaming. It is also worth remembering that it is not always easy to tell what is business and what is personal. For example, costs incurred calling home when travelling abroad on business would in most cases be identified as legitimate business expenses, but would be identified by the expense management system as personal costs. Nevertheless, we expect flexible billing to be an area of innovation for service providers. Some companies are asking service providers for split bills based on some fairly broad assumptions about the source of costs. For example, the company may be billed for voice and employees for data, on the assumption that most data traffic is generated from browsing. Who pays for mobility? There is a discrepancy between telco enterprise mobile revenues and the amount enterprises actually pay for mobile services. Enterprises tend to underestimate the total cost of mobility because they do not or cannot monitor the cost of expensed mobile. It is not simply a matter of who has the contractual relationship with the service provider, or even who gets the bill, but where the payment is accounted for within the organization. Enterprise in this context includes not only directly incurred mobility costs, but also mobile services costs billed back to the company through expenses and fixed allowances paid to employees to cover mobility expenses. Which applications are supported? The vast majority of corporate-liable devices are currently used only for business voice, email, and calendar functions. There is a trend to support other data applications, but their use is not yet widespread outside particular user types and industry verticals. IT departments typically decide what happens on company-liable devices, and these devices can be quite heavily policed through corporate mobility policies and mobile device management, with few consumer applications permitted. The informal use of offline games, social networking, and personal email accessed over the device browser is tolerated, although security-, productivity-, or cost-conscious enterprises may not allow these. Where use is shared, conflict can arise. Employee-liable devices are typically used for multiple consumer applications. If companies allow or actively encourage their employees to use their own devices for business purposes, employees might reasonably expect to continue using all these applications under a BYOD arrangement. However, the IT department may not agree, and could set limits where it sees a risk from particular consumer applications, or even refuse to allow the
Employee-owned Devices in the Workplace: Service Provider Impact (OT00141-007) Ovum (Published 03/2012) This report is a licensed product and is not to be photocopied Page 7

use of some business applications or connection to the corporate network on the same device. Tools are now available that partition the device to protect the corporate network from consumer applications or reduce risk by not storing business data on the device itself. A number of service providers are introducing dual persona devices that support both consumer and employee user profiles. What access to corporate resources is allowed? Security is the main concern of companies considering supporting BYOD, and many mitigate this risk by limiting access to the corporate network. In the most extreme case, where voice is the only application required, neither company- nor employee-liable devices need access to the network. This can, however, limit the extension of corporate voice to mobile devices, and reduce the potential cost and efficiency benefits of unified communications. Many companies look to incorporate mobile handsets into the company numbering plan, either via a network-based solution or an application on the device itself. The main problem that IT managers have with BYOD relates to accessing corporate data applications. There are two main risks: of company data on the device being lost, and the danger to the network of the use of consumer applications on the same device. Where BYOD is already supported, companies most commonly allow access only to email and calendars through the use of data synchronization, most typically ActiveSync. Where access to other applications is allowed it is typically though the public Internet, with additional password security. The perceived risk of such access is minimal. Secure access via a VPN client on an employee-liable device is not widespread. Who provides support? Allocating responsibility for support is also becoming more complicated. In the corporate-liable model of enterprise mobility, the employee will expect their employer to provide support through the IT department and/or through their service provider. Large enterprise contracts typically come with business-grade support, and guarantees on service quality, repair, and device replacement through agreed SLAs. With BYOD the responsibility for support is rarely quite so obvious. The company may think that it is saving costs by devolving responsibility for the device to the employee, but this is unlikely to be entirely the case. IT departments could find themselves providing more support under BYOD than they did in their corporate-liable past, particularly if they do not set limits to the range of devices and device platforms that can be used. Employees will continue to ask their IT department for help

Employee-owned Devices in the Workplace: Service Provider Impact (OT00141-007) Ovum (Published 03/2012) This report is a licensed product and is not to be photocopied Page 8

with business applications, and when devices are lost or broken it will be the company that suffers from service providers consumer-grade support, repair, and replacement cycles.

A BROADER VIEW OF THE MARKET

An extended definition of enterprise mobility
It is no longer enough to look at the tight definition of enterprise mobility when enterprises are changing the way they use mobile services and technologies. We propose to add a new category of employee-liable connections. Figure 3 shows our proposed definitions for enterprise mobile connections and revenues. There are two relevant categories of connection: Company-liable is defined as a subscription based on a contract between the company and the service provider, where the SIM is registered to the company as the subscriber. Employee-liable is defined as a subscription based on a contract between the employee and the service provider. This category includes instances where the connection is used solely for business purposes and where it is used for a combination of consumer and business purposes. It also includes companysponsored connections where they are used as the primary business connection. These are individual contracts for employees based on a broader deal negotiated by the company with the service provider.

We exclude from our definition other connections: those used solely for consumer purposes or for only occasional ad-hoc business purposes. We also exclude machine-to-machine (M2M) connections. Enterprise mobile revenues are those associated with the two categories of enterprise mobile connections defined above.

Employee-owned Devices in the Workplace: Service Provider Impact (OT00141-007) Ovum (Published 03/2012) This report is a licensed product and is not to be photocopied Page 9

Figure 2: Enterprise mobile connections and revenues

Source: Ovum

OVUM

Example use scenarios

Enterprise

Company-liable
Sabine works in the sales team in the French regional office of a multinational pharmaceutical company headquartered in the US. The company has devolved the responsibility for mobility regionally, and in Europe it supports a company-liable model. Since she works in sales, Sabine qualifies for a company smartphone, which is provided on a contract between the company and the service provider and is billed to the company. The company is fairly understanding when it comes to personal use, but it is also cost-conscious. It has implemented an expense management system, and employees are required to tag "personal" contacts and pay for personal calls, with costs recovered internally. Fortunately for Sabine, this does not yet apply to data use. This example falls within our definition of company-liable.

Employee-owned Devices in the Workplace: Service Provider Impact (OT00141-007) Ovum (Published 03/2012) This report is a licensed product and is not to be photocopied Page 10

Marcus works in investment for a large financial services company. The company needs to attract and retain the best employees, and has recently implemented a BYOD policy. It allows staff to use their own devices within limits set by the company, and provides corporate network access and IT support within a strong security framework. In the financial services sector companies must operate within a strict regulatory framework. The company has decided that, while it can support choice in employee owned devices, it can maintain better control over costs and use with corporate-liable SIMs. As a major customer, it has negotiated good discounts with its service provider, and is concerned that some of its highly-paid staff might take liberties with expenses if it supports a fully employee-liable model. It also feels it will be easier to incorporate mobile devices into the corporate numbering plan. This falls within our definition of company-liable, since the SIMs are company-liable.

Employee-liable
Miles is a self-employed bathroom fitter. He has a mobile service with a very large bundle of voice minutes, which he takes from a local MVNO. This is a consumer service; the service provider is known for its very competitive prices, and it does not have a specific business offer. Like lots of other small businesses, Miles does not see this as an issue as the low prices more than compensate for the lack of business grade support, and he does not use data services. Miles uses his device for both business and personal use. He roughly monitors his business use (virtually all of it by his reckoning) for tax purposes. This falls within our definition of employee-liable. The connection is consumer-liable but is almost exclusively used as a primary business connection. Shiv works in the marketing team of a Dubai-based import/export company. The company has a policy of providing cash allowances to staff with a need for mobility, with the amount provided dependent on job role and seniority. The company's IT department has completely devolved responsibility for mobility to its staff, allowing them to choose their own devices and services, and providing minimal support. The IT department allows ActiveSync access to company email, but no access to other applications at present, although it is considering this for the future. Shiv can employ his chosen device for personal use (his company does not interfere too much with what he does with it), but its primary role is as a business device. This falls within our definition of employee-liable. The connection is consumer-liable but is used as a primary business connection. Adrian works in business development in a mid-sized enterprise in the UK that offers a companyliable model. It has a BlackBerry fleet supported through the IT department, with company email provided over a BlackBerry Enterprise Server. However, Adrian chooses not to use a company BlackBerry device, and has persuaded his manager of the (cost) benefits of allowing him to use his own iPhone instead. The IT department does not provide support, but does allow email access

Employee-owned Devices in the Workplace: Service Provider Impact (OT00141-007) Ovum (Published 03/2012) This report is a licensed product and is not to be photocopied Page 11

through ActiveSync. Adrian pays for both the device and the service, which is on a normal consumer contract, and his company does not allow him to expense back his mobile costs. Adrian is paying for his business usage. However, the company has negotiated a 10% discount from its service provider as part of its broad corporate deal, and Adrian does benefit from this discount in his consumer contract. This falls within our definition of employee-liable. The connection is consumer-liable but is also used as a primary business connection. Consumer Leona works in local government. While her employer does support a corporate-liable model, it has very stringent rules about who qualifies for a device; it must justify all its costs to the taxpayer. Leona's role is primarily office-based and she does not qualify for a device, which is a source of inconvenience at times. Leona does very occasionally make business calls on her personal mobile device (on her own consumer contract), when away on training courses or when working in other offices, for example. There is a process for claiming back such expenses, though they have to be justified. This falls outside our definition of enterprise.

Employee-owned Devices in the Workplace: Service Provider Impact (OT00141-007) Ovum (Published 03/2012) This report is a licensed product and is not to be photocopied Page 12

APPENDIX
Further reading
The BYOD Gap: Trends, Strategy, and the State of Mobile Device Management, OI00048-002 (October 2011) "Think BYOD, think contracts and data risk", OI00134-008 (October 2011)

Author
Pauline Trotter, Principal Analyst
pauline.trotter@ovum.com

Ovum Consulting
We hope that this analysis will help you make informed and imaginative business decisions. If you have further requirements, Ovums consulting team may be able to help you. For more information about Ovums consulting capabilities, please contact us directly at consulting@ovum.com.

Disclaimer
All Rights Reserved. No part of this publication may be reproduced, stored in a retrieval system, or transmitted in any form by any means, electronic, mechanical, photocopying, recording, or otherwise, without the prior permission of the publisher, Ovum (an Informa business). The facts of this report are believed to be correct at the time of publication but cannot be guaranteed. Please note that the findings, conclusions, and recommendations that Ovum delivers will be based on information gathered in good faith from both primary and secondary sources, whose accuracy we are not always in a position to guarantee. As such Ovum can accept no liability whatever for actions taken based on any information that may subsequently prove to be incorrect.

Employee-owned Devices in the Workplace: Service Provider Impact (OT00141-007) Ovum (Published 03/2012) This report is a licensed product and is not to be photocopied Page 13