Research Proposal Example: The Effects of Personal Cloud Devices and Data Ownership Rights in Organizational BYOD Strategies, Particularly BYOS

How to cite this article: Ofoleta, K., C. (2014). Research proposal example: the effects of personal cloud devices and data ownership rights in organizational byod strategies, particularly byos. ResearchiGate. DOI: 10.13140/RG.2.1.1447.5682

 09/06/2014

About The Author:

Kelechi C. Ofoleta holds a Bachelor of Science (BSc), in Computer Science/Information Systems from Victoria University of Wellington (VUW), New Zealand. He is a Master’s scholar, completing a master of Information Management (MIM) under the same institution. Other works by the author are/will be published work at:
 www.kogonuso.com ,
 https://vuw.academia.edu/Kogonuso, https://www.researchgate.net/profile/Kelechi_Ofoleta and
http://scholar.google.co.nz/citations?user=WS8E5WsAAAAJ&hl=en

To learn more about the author please visit:  http://www.kogonuso.com/ 

Research Proposal Example: The Effects of Personal Cloud Devices and Data Ownership Rights in Organizational BYOD Strategies, Particularly BYOS

By Kelechi C Ofoleta

(Kogonuso@gmal.com)

1. TITLE

The Effect of Personal Cloud Devices and Data Ownership Rights in Organizational BYOD Strategies, Particularly BYOS

2. SUMMARY
RESEARCH OBJECTIVES

The objectives of the research are to:

·         Explore corporate’ privacy concerns and benefits regarding  BYOD, particularly BYOS

·          Determine if the coming of online storage engineering and advent of BYOS brings more peril to corporate’s information security

·         Determine the existing strategies set up in organizations in regard to BYOS

This research takes only organizational privacy concerns into consideration. This is because the employees and their device providers are the major suspects under investigation in this study. Hence, a limitation of the study is that employees’ privacy concerns will not be considered, though it could be a reasonable topic of another study.

3. INTRODUCTION

In some organizations’ business strategies, there is a recent trend known as ‘bring your own device’ (BYOD) whereby employees are allowed and encouraged to make use of their personal devices such as iPad, iPhone etc. in carrying out their duties for the organizations. This results to devices and associated software being purchased and cared for by the employees, thus cutting the costs that would normally be passed on acquiring or replacing the devices by the organization. Likewise, it is believed that giving employees the chance to pick out their own devices boosts their moral and brings about increased productivity (see literature review). However, adopting BYOD program involves many costly security challenges; particularly a variant of BYOD known as bring your own software (BOYS) which sometimes requires copying, storing and synching of the data out of the organization’s direct control and into the cloud, under the control of the employee and the cloud service provider.                                                                                              

These security challenges of the data, particularly how it is held and used outside of the organization may affect the organisation in many ways, particularly with regards to the organization's privacy rights on what is sent to the employees' online devices.

It is these effects and the need to determine if the coming of online storage engineering brings more peril to corporate’s information security and the strategies set up in organizations in regard to BYOS phenomenon in this case that this research aims to examine. It will do so in the context of organisations that currently has BYOD in place. 

4. Methodology

The methodology used will comprise two sources of information: A literature review, and structured interview involving many representatives of several organisations around the world. The favourite method of the interview will be a Skype call and/or phone interview, but if required, a face to face interview will also be conducted. The interview will involve between 5-12 organizations in New Zealand, Australia and Biafra that have some form of BYOD policy in place and will target employees directly involved with setting up and managing the BYOD policy in the organizations. Once these people are identified; they will be contacted either via phone or e-mail or even be approached in person to be informed of the intention to conduct interviews on the field of BYOD using their scheme. If the request is granted date/time and modalities to be followed will be discussed up front. Even the help of friends that have knowledge of such organization may be solicited and they may even be requested to help introduce the researcher to the organization’s representative to facilitate the initial meeting.

RESEARCH QUESTION

The question that this research intends to address is: “Do personal cloud devices like Dropbox, Google drive, etc. increase risks or add benefits in BYOD and who is the right owner of the data stored in the cloud?”

5. LITERATURE REVIEW

KEY BENEFITS ASSOCIATED WITH BYOD

The majority of studies points out benefits of BYOD to include employee satisfaction (Singh, 2012; Capgemini Consulting, 2013; Wood, 2013). According to Kingston Smith Consulting, (2012), studies of late shows that being adaptable in permitting employees to utilize the gadgets of their choice promotes worker fulfilment. Xigo’s 2012 study, ‘Mobility Temperature Check’ reported by Bell Techlogix (n.d) found the primary purpose organizations go through BYOD is to keep their employees happy aimed at attracting better talents. This is significant because it makes IT departments to cooperate with end users, rather than otherwise as employees want to utilize the most appropriate device to bring off their job which benefits the organization (Wood, 2013).

Wood (2012) asserts from a corporate’s point of view, that BYOD helps in reducing costs that would usually be passed on acquiring or replacing the devices. Furthermore, the employees’ sense of having the devices means they ensure extra care to protect both the hardware and software than otherwise relinquishing the organization of this responsibility (Wood, 2012; Singh, 2012). As end-users are keener in upgrading to the latest technology, this will mean that the organization benefits from these technologies through the effort and expense of the employee, that may otherwise be impossible based on the organization’s policies (Singh, 2012).

Aside from cost reduction and employee satisfaction, BYOD is said to be commodious for the employees and have potentials to increase productivity (Miller, Voas & Hurlburt, 2012; Lomer, 2013). According to Kabachinski (2013) some doctors in the United States reported more timely patient treatments via the utilization of their BYOD device when in transit, such as queuing for services, to attain some work like reviewing nurses’ notes, laboratory results, or patient histories. He likewise added that there are health maintenance-related apps to perform various kinds of projects and calculations that help to thin down the time required by the physician in performing these time critical duties. For instance, drug reference apps.

KEY RISKS/SECURITY ISSUES ASSOCIATED WITH BYOD

While organizations attributed cost savings on hardware to BOYD, a survey led by Aberdeen Group as identified by Aberdeen Group’s analyst, Hyoun Park, says there are hidden costs to BYOD; that cost reduction claimed by some literatures in implementing BYOD can be inconsequential.  He mentioned costs such as recouping BYOD employees, security and compliance costs, the monetary value of ensuring governance, risk management, cost involved when devices must be tracked one at a time. Further costs enumerated were help desk support costs and multi-platform mobile device management costs, that when added up makes a mobile BYOD  33 percent more expensive than in organizations where ‘use what you are told’ (UWYAT) remains a preferred policy (Kaneshige, 2012).  Another study conducted by Xigo and CCMI Research (North America), July 2012 found that “only 9% of organizations have been able to cut expenditure by deploying some kind of BYOD program while 67% saw no difference with expenditure”( Capgemini Consulting, 2013).

In emphasizing on the security risks associated with BYOD, Eschelbec, & Schwartzberg, (2012) tell how IBM on May 2012, prohibited its 400,000 employees from using Dropbox and Siri applications over concerns around lack of knowledge of what happens to the original data transmitted afterwards. Siri is a voice controlled application that listens to spoken words, developed by Apple. They further assert that organization’s security operations and policies should determine how it adopt BYOD and the ability to apply protection policies on a device level and protect its  trade secrets in case of lost or stolen devices is very crucial.

A single common major risks attributed to BYOD is the potentials of employees to deviate out of keeping with the organization’s policy while interacting or using their BYOD device which will end up landing the organization into a litigation such as texting while driving, sending of sexually explicit messages or images by cellular telephone and so on (Lomer, 2013). While the period of UWYAT seems to be near to be over, the problem with who owns the data and access rights remains (Gruman, 2012). Despite the benefits of BYOD, it is full of problems! All types of organizations, governmental, private and NGOs, particularly health maintenance and defence face the legal question of who actually needs to possess the device (Gruman, 2012; Kabachinski, 2013).

6. CONCEPTUAL FRAMEWORK

As stated above the actual data collection method in this research will be via interview. The conceptual framework, therefore, is indicative as it will probably be open to adjustments during the analysis of the actual data. The data analysis will involve constructing a model through content analysis of the data collected and analysing the model in comparison with a detailed literature review. However, following the initial Literature Review in this proposal a preliminary conceptual frame is constructed as below:

Key area of concern	Components
Data ownership rights	-          Employer/Employees/cloud providers -          Data privacy -
Benefits	-          Productivity -          Employee Satisfaction -          Cost Reduction -
Risks	-          Hidden Costs -          Help desk support cost -          Data security(hoarding/withholding) -          Etc.

7. Importance and scientific value

The planned research seeks to contribute to knowledge on how organisations should go close to adopting the BYOD technology into their organization and what to foresee from the policy or even why organizations should avoid adopting it given a clearer understanding of the business model involved.

The inspection of available literature on BYOD revealed there were a few articles that mentioned the BYOS aspect of the BYOD program talk of exploring it deeper. Hence this work will serve to be one of the articles that will explore this topic aimed at shedding more light on what may be known or not to this essence. Not only will it benefit organizations wishing to apply this business idea, but also it will be useful to students wishing to study this subject further.

8. RESEARCHED EVIDENCE

This research will involve between 5-12 organizations in New Zealand, Australia and Biafra, especially those with some form of BYOD policy in place. Employees directly involved with setting up and managing the BYOD policy in the organizations or any of their delegates will be involved during the study. This is imperative so that the actual information on the current knowledge of the organizations regarding the discipline will be captured to enrich the quality of the work.  It will as well consist of a document review of BYOD and by extension BYOS documents relating to the effects of the areas of interest in this subject.

Here are the indicative questions that the structured interview may ask regarding BYOD programs:

1. What is the nature of BYOD program present in your organisation?
2. How long since start of this program in your organisation?
3. Who is involved in the development and on-going management of the program?
4. What are the benefits that your organizations have accomplished that can be ascribed to the entry of the BYOD program?
5. How has the BYOD program increased productivity in your organisation?
6. Are there noticeable effects of the program on the attitudes of the employees that use it to work in your organization?
7. What are the financial gains evident in your organization as a result of the program?
8.  Are there privacy concerns particular to your governing body regarding the acceptance of the plan?
9. Describe your policy on the program?
10. How do you enforce that policy?
11. Have you recorded breaches of the policy and if yes, how was it dealt with and the outcome?
12. What is your policy on data right, especially data transferred from your organization to the employee’s device online like Google drive etc.?

9. ANALYSIS AND INTERPRETATION

The structured interview responses captured and the notes taken will be corroborated with the recordings as appropriate because complete transcription of the recordings will be unneeded.  After this, content analysis of the data will be done.  The data will be classified word-by-word, pattern-by-pattern into categories that will form the ground to create a conceptual framework that will be compared to the literature review.  This is likely to alter the preliminary conceptual framework above, if the structured interview identifies new concepts. More analysis of the data will be carried out using Failure Mode and Effects Analysis (FMEA) approach using (Guerrero & Bradley, 2013; Shahin, 2004) or failure mode, effects and criticality analysis (FMECA), described by Liu,  Liu, & Liu, (2013)  to determine the failure modes that have detrimental effects on the BYOD systems.

This dissection will take a Risk Management based methodology, reproducing the potential seriousness of the recognized concerns and the probability of result to make a clearer scientific classification of issues and hindrances, as showed in the research question. Of course, these could lead to some recommendations that organizations could adopt.

10. CONCLUSIONS / IMPLICATIONS

The knowledge gained from this study is expected to provide useful information on how organisations should adopt or even should avoid adopting the BYOD technology into their technology and what to anticipate from the policy up front in either case, armed with a clearer understanding of the business model involved.

Equally, there is very scanty literature on the BYOS variant of BYOD technology, and it is anticipated this research should contribute to subsequent research and/or Case Studies in this field.

Overall, the theme of this research is important given that it affects global enterprise and many organizations are currently sitting on the fence with regards to the BYOD technology talk of BYOS. This study hope that by establishing facts about the true worth or the value of the technology based on the experience of organizations that have tried these technologies the true risks and true benefits and/or misconceptions held in article not based on research regarding this technology will be cleared. Thus, the outcome of the research will determine how useful it will be to the organizations that are yet to join the BYOD trend.

11. INDICATIVE BIBLIOGRAPGY

Bell Techlogix. (n.d.). The real benefits of byod. Retrieved from
          http://www.belltechlogix.com/generated/uploads/BellTechlogix_RealBenefits
          OfBYOD(1).pdf

Capgemini Consulting. (2013) .Bring your own device. Retrieved from
          http://www.capgemini-consulting.com/bring-your-own-device

Eschelbeck, G., & Schwartzberg, D. (2012). BYOD risks and rewards. A Sophos Whitepaper.

Gruman, G. (2012). Lost in BYOD's uncharted legal waters. Retrieved from
          http://www.infoworld.com/article/2618692/byod/lost-in-byod-s-uncharted-legal-
          waters.html

Guerrero, H. H., & Bradley, J. R. (2013). Failure modes and effects analysis: An evaluation of
          group versus individual performance. Production and Operations Management, 22(6),
          1524-1539. doi:10.1111/j.1937-5956.2012.01363.x

Kaneshige, T.(2012). BYOD: If You think you're saving money, think again. Retrieved from
          http://www.cio.com/article/2397529/consumer-technology/byod--if-you-think-you-re-
          saving-money--think-again.html

Kingston Smith Consulting. (2012). Bring your own device or show and tell. Retrieved from
          http://www.kingstonsmith.co.uk/resource/bring-your-own-device-or-show-and-tell

Liu, H., Liu, L., & Liu, N. (2013). Risk evaluation approaches in failure mode and effects
          analysis: A literature review. Expert Systems with Applications, 40(2), 828-838.

Lomer, D. (2012). Manage byod risks with an effective mobile device policy. Retrieved from
          http://i-sight.com/employee-relations/manage-byod-risks-with-an-effective-mobile-
          device-policy/

Miller, K. W., Voas, J., & Hurlburt, G. F. (2012). BYOD: Security and privacy
          considerations. IT Professional, 14(5), 53-55. doi:10.1109/MITP.2012.93

Shahin, A. (2004). Integration of FMEA and the kano model: An exploratory examination.
          The International Journal of Quality & Reliability Management, 21(6/7), 731-746.
          doi:10.1108/02656710410549082

Singh, N. (2012). BYOD Genie Is Out Of the Bottle–“Devil Or Angel”. Journal of Business
          Management & Social Sciences Research, 1(3), 1-12.

Wood, A. (2012). BYOD: The pros and cons for end users and the business. Credit Control,
          33(7/8), 68-70.

Wood, A. (2013). BYOD in the financial sector: the pros and cons for end users and the
          business. Credit Control, 34(2), 72.