How to cite this
article: Ofoleta,
K., C. (2014). Research proposal example: the effects of personal cloud devices
and data ownership rights in organizational byod strategies, particularly byos.
ResearchiGate. DOI: 10.13140/RG.2.1.1447.5682
09/06/2014
About The
Author:
Research
Proposal Example: The Effects of Personal Cloud Devices and Data Ownership
Rights in Organizational BYOD Strategies, Particularly BYOS
By
Kelechi C Ofoleta
(Kogonuso@gmal.com)
1. TITLE
The Effect of Personal
Cloud Devices and Data Ownership Rights in Organizational BYOD Strategies,
Particularly BYOS
2.
SUMMARY
RESEARCH
OBJECTIVES
The objectives of the research are to:
·
Explore
corporate’ privacy concerns and benefits regarding BYOD, particularly BYOS
·
Determine if the coming of online storage
engineering and advent of BYOS brings more peril to corporate’s information
security
·
Determine
the existing strategies set up in organizations in regard to BYOS
This research takes only organizational
privacy concerns into consideration. This is because the employees and their
device providers are the major suspects under investigation in this study.
Hence, a limitation of the study is that employees’ privacy concerns will not
be considered, though it could be a reasonable topic of another study.
3. INTRODUCTION
In some
organizations’ business strategies, there is a recent trend known as ‘bring
your own device’ (BYOD) whereby employees are allowed and encouraged to make
use of their personal devices such as iPad, iPhone etc. in carrying out their
duties for the organizations. This results to devices and associated software
being purchased and cared for by the employees, thus cutting the costs that
would normally be passed on acquiring or replacing the devices by the organization.
Likewise, it is believed that giving employees the chance to pick out their own
devices boosts their moral and brings about increased productivity (see
literature review). However, adopting BYOD program involves many costly
security challenges; particularly a variant of BYOD known as bring your own
software (BOYS) which sometimes requires copying, storing and synching of the
data out of the organization’s direct control and into the cloud, under the
control of the employee and the cloud service provider.
These security challenges
of the data, particularly how it is held and used outside of the organization
may affect the organisation in many ways, particularly with regards to the
organization's privacy rights on what is sent to the employees' online devices.
It is these effects and the
need to determine if the coming of online storage engineering brings more peril
to corporate’s information security and the strategies set up in organizations
in regard to BYOS phenomenon in this case that this research aims to examine. It
will do so in the context of organisations that currently has BYOD in place.
4. Methodology
The methodology used will
comprise two sources of information: A literature review, and structured
interview involving many representatives of several organisations around the
world. The favourite method of the interview will be a Skype call and/or phone
interview, but if required, a face to face interview will also be conducted. The
interview will involve between 5-12 organizations in New Zealand, Australia and
Biafra that have some form of BYOD policy in place and will target employees
directly involved with setting up and managing the BYOD policy in the
organizations. Once these people are identified;
they will be contacted either via phone or e-mail or even be approached in
person to be informed of the intention to conduct interviews on the field of
BYOD using their scheme. If the request is granted date/time and modalities to
be followed will be discussed up front. Even the help of friends that have
knowledge of such organization may be solicited and they may even be requested
to help introduce the researcher to the organization’s representative to facilitate
the initial meeting.
RESEARCH QUESTION
The question that
this research intends to address is: “Do personal cloud devices like Dropbox,
Google drive, etc. increase risks or add benefits in BYOD and who is the right
owner of the data stored in the cloud?”
5. LITERATURE REVIEW
KEY BENEFITS
ASSOCIATED WITH BYOD
The majority of
studies points out benefits of BYOD to include employee satisfaction (Singh,
2012; Capgemini Consulting, 2013; Wood, 2013). According to Kingston Smith
Consulting, (2012), studies of late shows that being adaptable in permitting
employees to utilize the gadgets of their choice promotes worker fulfilment.
Xigo’s 2012 study, ‘Mobility Temperature Check’ reported by Bell Techlogix
(n.d) found the primary purpose organizations go through BYOD is to keep their
employees happy aimed at attracting better talents. This is significant because
it makes IT departments to cooperate with end users, rather than otherwise as
employees want to utilize the most appropriate device to bring off their job
which benefits the organization (Wood, 2013).
Wood (2012)
asserts from a corporate’s point of view, that BYOD helps in reducing costs
that would usually be passed on acquiring or replacing the devices. Furthermore,
the employees’ sense of having the devices means they ensure extra care to
protect both the hardware and software than otherwise relinquishing the
organization of this responsibility (Wood, 2012; Singh, 2012). As end-users are
keener in upgrading to the latest technology, this will mean that the
organization benefits from these technologies through the effort and expense of
the employee, that may otherwise be impossible based on the organization’s
policies (Singh, 2012).
Aside from cost
reduction and employee satisfaction, BYOD is said to be commodious for the
employees and have potentials to increase productivity (Miller, Voas &
Hurlburt, 2012; Lomer, 2013). According to Kabachinski (2013) some doctors in
the United States reported more timely patient treatments via the utilization
of their BYOD device when in transit, such as queuing for services, to attain
some work like reviewing nurses’ notes, laboratory results, or patient
histories. He likewise added that there are health maintenance-related apps to
perform various kinds of projects and calculations that help to thin down the
time required by the physician in performing these time critical duties. For
instance, drug reference apps.
KEY RISKS/SECURITY
ISSUES ASSOCIATED WITH BYOD
While
organizations attributed cost savings on hardware to BOYD, a survey led by
Aberdeen Group as identified by Aberdeen Group’s analyst, Hyoun Park, says
there are hidden costs to BYOD; that cost reduction claimed by some literatures
in implementing BYOD can be inconsequential.
He mentioned costs such as recouping BYOD employees, security and
compliance costs, the monetary value of ensuring governance, risk management,
cost involved when devices must be tracked one at a time. Further costs
enumerated were help desk support costs and multi-platform mobile device
management costs, that when added up makes a mobile BYOD 33 percent more expensive than in
organizations where ‘use what you are told’ (UWYAT) remains a preferred policy
(Kaneshige, 2012). Another study
conducted by Xigo and CCMI Research (North America), July 2012 found that “only
9% of organizations have been able to cut expenditure by deploying some kind of
BYOD program while 67% saw no difference with expenditure”( Capgemini
Consulting, 2013).
In emphasizing on
the security risks associated with BYOD, Eschelbec, & Schwartzberg, (2012) tell
how IBM on May 2012, prohibited its 400,000 employees from using Dropbox and
Siri applications over concerns around lack of knowledge of what happens to the
original data transmitted afterwards. Siri is a voice controlled application
that listens to spoken words, developed by Apple. They further assert that
organization’s security operations and policies should determine how it adopt
BYOD and the ability to apply protection policies on a device level and protect
its trade secrets in case of lost or
stolen devices is very crucial.
A single common
major risks attributed to BYOD is the potentials of employees to deviate out of
keeping with the organization’s policy while interacting or using their BYOD
device which will end up landing the organization into a litigation such as
texting while driving, sending of sexually explicit messages or images by
cellular telephone and so on (Lomer, 2013). While the period of UWYAT seems to
be near to be over, the problem with who owns the data and access rights
remains (Gruman, 2012). Despite the benefits of BYOD, it is full of problems!
All types of organizations, governmental, private and NGOs, particularly health
maintenance and defence face the legal question of who actually needs to
possess the device (Gruman, 2012; Kabachinski, 2013).
6. CONCEPTUAL FRAMEWORK
As stated above the actual data collection method in
this research will be via interview. The conceptual framework, therefore, is
indicative as it will probably be open to adjustments during the analysis of
the actual data. The data analysis will involve constructing a model through
content analysis of the data collected and analysing the model in comparison
with a detailed literature review. However, following the initial Literature
Review in this proposal a preliminary conceptual frame is constructed as below:
Key area of concern
|
Components
|
Data ownership rights
|
-
Employer/Employees/cloud providers
-
Data privacy
-
|
Benefits
|
-
Productivity
-
Employee Satisfaction
-
Cost Reduction
-
|
Risks
|
-
Hidden Costs
-
Help desk support cost
-
Data security(hoarding/withholding)
-
Etc.
|
7. Importance and scientific
value
The planned research seeks to
contribute to knowledge on how organisations should go close to adopting the
BYOD technology into their organization and what to foresee from the policy or
even why organizations should avoid adopting it given a clearer understanding
of the business model involved.
The inspection of available
literature on BYOD revealed there were a few articles that mentioned the BYOS
aspect of the BYOD program talk of exploring it deeper. Hence this work will
serve to be one of the articles that will explore this topic aimed at shedding
more light on what may be known or not to this essence. Not only will it benefit
organizations wishing to apply this business idea, but also it will be useful
to students wishing to study this subject further.
8. RESEARCHED EVIDENCE
This
research will involve between 5-12 organizations in New Zealand, Australia and
Biafra, especially those with some form of BYOD policy in place. Employees
directly involved with setting up and managing the BYOD policy in the
organizations or any of their delegates will be involved during the study. This
is imperative so that the actual information on the current knowledge of the
organizations regarding the discipline will be captured to enrich the quality
of the work. It will as well consist of
a document review of BYOD and by extension BYOS documents relating to the
effects of the areas of interest in this subject.
Here
are the indicative questions that the structured interview may ask regarding BYOD
programs:
- What
is the nature of BYOD program present in your organisation?
- How
long since start of this program in your organisation?
- Who
is involved in the development and on-going management of the program?
- What
are the benefits that your organizations have accomplished that can be
ascribed to the entry of the BYOD program?
- How
has the BYOD program increased productivity in your organisation?
- Are
there noticeable effects of the program on the attitudes of the employees
that use it to work in your organization?
- What
are the financial gains evident in your organization as a result of the
program?
- Are there privacy concerns particular to
your governing body regarding the acceptance of the plan?
- Describe
your policy on the program?
- How
do you enforce that policy?
- Have
you recorded breaches of the policy and if yes, how was it dealt with and
the outcome?
- What
is your policy on data right, especially data transferred from your
organization to the employee’s device online like Google drive etc.?
9. ANALYSIS AND INTERPRETATION
The
structured interview responses captured and the notes taken will be
corroborated with the recordings as appropriate because complete transcription
of the recordings will be unneeded. After
this, content analysis of the data will be done. The data will be classified word-by-word, pattern-by-pattern
into categories that will form the ground to create a conceptual framework that
will be compared to the literature review.
This is likely to alter the preliminary
conceptual framework above, if the structured interview identifies new concepts.
More analysis of the data will be carried out using Failure Mode and Effects
Analysis (FMEA) approach using (Guerrero & Bradley, 2013; Shahin, 2004) or failure
mode, effects and criticality analysis (FMECA), described by Liu, Liu, & Liu, (2013) to determine the failure modes that have
detrimental effects on the BYOD systems.
This dissection will take a Risk Management
based methodology, reproducing the potential seriousness of the recognized
concerns and the probability of result to make a clearer scientific
classification of issues and hindrances, as showed in the research question. Of
course, these could lead to some recommendations that organizations could
adopt.
10. CONCLUSIONS / IMPLICATIONS
The
knowledge gained from this study is expected to provide useful information on how organisations should adopt or even
should avoid adopting the BYOD technology into their technology and what to
anticipate from the policy up front in either case, armed with a clearer
understanding of the business model involved.
Equally, there is
very scanty literature on the BYOS variant of BYOD technology, and it is
anticipated this research should contribute to subsequent research and/or Case
Studies in this field.
Overall, the theme
of this research is important given that it affects global enterprise and many
organizations are currently sitting on the fence with regards to the BYOD
technology talk of BYOS. This study hope that by establishing facts about the
true worth or the value of the technology based on the experience of
organizations that have tried these technologies the true risks and true
benefits and/or misconceptions held in article not based on research regarding
this technology will be cleared. Thus, the outcome of the research will
determine how useful it will be to the organizations that are yet to join the
BYOD trend.
11. INDICATIVE
BIBLIOGRAPGY
Bell Techlogix. (n.d.). The real benefits of byod.
Retrieved from
http://www.belltechlogix.com/generated/uploads/BellTechlogix_RealBenefits
OfBYOD(1).pdf
Capgemini
Consulting. (2013) .Bring your own device. Retrieved from
http://www.capgemini-consulting.com/bring-your-own-device
Eschelbeck, G., &
Schwartzberg, D. (2012). BYOD risks and rewards. A Sophos Whitepaper.
Gruman,
G. (2012). Lost in BYOD's uncharted legal waters. Retrieved from
http://www.infoworld.com/article/2618692/byod/lost-in-byod-s-uncharted-legal-
waters.html
Guerrero,
H. H., & Bradley, J. R. (2013). Failure modes and effects analysis: An
evaluation of
group versus individual
performance. Production and Operations
Management, 22(6),
1524-1539.
doi:10.1111/j.1937-5956.2012.01363.x
Kaneshige, T.(2012). BYOD: If You think you're
saving money, think again. Retrieved from
http://www.cio.com/article/2397529/consumer-technology/byod--if-you-think-you-re-
saving-money--think-again.html
Kingston Smith Consulting. (2012). Bring your own
device or show and tell. Retrieved from
http://www.kingstonsmith.co.uk/resource/bring-your-own-device-or-show-and-tell
Liu, H., Liu, L., & Liu, N. (2013). Risk evaluation approaches in failure
mode and effects
analysis: A literature review. Expert Systems with Applications, 40(2),
828-838.
Lomer, D.
(2012). Manage byod risks with an effective mobile device policy. Retrieved
from
http://i-sight.com/employee-relations/manage-byod-risks-with-an-effective-mobile-
device-policy/
Miller, K. W., Voas, J., & Hurlburt, G. F. (2012). BYOD: Security and
privacy
considerations. IT Professional, 14(5), 53-55.
doi:10.1109/MITP.2012.93
Shahin, A. (2004). Integration of FMEA and the kano model: An exploratory
examination.
The
International Journal of Quality & Reliability Management, 21(6/7),
731-746.
doi:10.1108/02656710410549082
Singh, N.
(2012). BYOD Genie Is Out Of the Bottle–“Devil Or Angel”. Journal of
Business
Management & Social Sciences
Research, 1(3), 1-12.
Wood, A.
(2012). BYOD: The pros and cons for end users and the business. Credit
Control,
33(7/8), 68-70.
Wood, A.
(2013). BYOD in the financial sector: the pros and cons for end users and the
business. Credit Control, 34(2), 72.
Comments
Post a Comment