Autonomous Strategic Behaviours and Institutional Pressures: the case of BYOD
Keywords:Bring-Your-Own-Device, case study, institutional approach, autonomous strategic behaviour
The Bring Your Own Device phenomenon (BYOD) represents a major trend on the job market. Many employees demand to use the devices and software of their choice: mobile phones, tablets, online data storage and data sharing sites (Dropbox, iCloud), videoconferencing systems (Facetime, Skype) among others. This flexibility can be key when choosing an employer or for the purpose of talent retention. Even when these practices are not allowed, many employees, anxious to do their job better, easily find a way around. Conversely, some employers expect their employees to use their own smartphone for some tasks, thus saving on costs. Most of the research published to date on this topic focusses on security (of organizational systems and data), risks, privacy, and in specific contexts (medical settings). Our research focusses on contexts where employees want to use their own device; it tries to answer the following question: what factors and mechanisms enable the implementation of BYOD in professional spheres? We analyse this phenomenon through the lens of institutional theory (more specifically institutional pressures) and by identifying autonomous strategic behaviours of key actors; we suggest that the interplay of institutional pressures and autonomous behaviours leads to BYOD, an emergent phenomenon, that was not planned by management, and then, in turn, possibly to emerging strategies. Our methodology is a case study.
Ahuja, M. K. et Thatcher, J.B. (2005), “Moving Beyond Intentions and Toward the Theory of Trying: Effects of Work Environment and Gender on Post-Adoption Information Technology Use”, MIS Quarterly, Vol. 29 no3, pp. 427-459.
Anderson, N. (2012), “Cisco Bring Your Own Device - Device Freedom Without Compromising the IT Network”. Consulté le 20 mai 2013.
Armando, A., Costa, G., Verderame, L., et Merlo, A. (2014), “Securing the "Bring Your Own Device" Paradigm”, Computer, no 6, p. 48-56.
Baillette, P., Barlette, Y., et Leclercq-Vandelannoitte, A. (2018). Bring your own device in organizations: Extending the reversed IT adoption logic to security paradoxes for CEOs and end users. International Journal of Information Management, 43, 76–84.
Barbier, J., Bradley, J., Macaulay, J., Medcalf, R. et Reberger, C. (2012), “BYOD and Virtualization - Top 10 Insights From Cisco IBSG Horizons Study”, consulté le 20 mai 2013.
Barratt, M., Choi, T. Y., et Li, M. (2011), “Qualitative Case Studies in Operations Management: Trends, Research Outcomes, and Future Research Implications”, Journal of Operations Management, vol. 29, p. 329–342.
Beckett, P. (2014), “BYOD– Popular and Problematic”, Network Security, Vol. 9, p. 7-9.
Bello Garba, A., Armarego, J., et Murray, D. (2015), “Bring Your Own Device Organizational Information Security and Privacy”, ARPN Journal of Engineering and Applied Sciences, Vol. 10, no 3, p. 1279-1287.
Benbasat, I., Goldstein, D. K., et Mead, M. (1987), “The Case Research Strategy in Studies of Information Systems”, MIS Quarterly, Vol. 11, no 3, p. 369-385.
Bjorck, F. (2004), “Institutional Theory: a New Perspective for Research into IS/IT Security in Organizations”, Proceeding of the 37th Hawaii International Conference on Systems Sciences (HICSS-37), Big Island, HI, USA.
Bower (1970), Managing the Resource Allocation Process, Harvard University: Boston, MA.
Bower, J.L. et Gilbert (2005), From Resource Allocation to Strategy, Oxford University Press: New York.
Burgelman, R.A. (1983), “A Model of the Interaction of Strategic Behavior, Corporate Context, and the Concept of Strategy”, The Academy of Management Review, Vol. 8, No. 1, pp. 61-70.
Careless, J. (2012), “Establishing a Realistic BYOD Governance Policy. Consulté le 20 mai 2013.
Carter, M. et Grover, V. (2015), “Me, MySelf, and I(T): Conceptualizing Information Technology Identity and Its Implications”, MIS Quarterly, Vol. 39, no 4, p.931-957.
Chang, J. M., Ho, P. C., et Chang, T. C. (2014), “Securing BYOD”, IT Professional, Vol. 5, p. 9-11
Chaudhry, P. (2012), “Needed: A Corporate Mobile Device Policy”, Financial Executive, Vol. 28, no 5, p. 69-70.
Conley, D. (2008), Elsewhere, U.S.A. Pantheon Books, New York.
Cousins, K. et Robey, D. (2015), “Managing Work-Life Boundaries with Mobile Technologies: An Interpretive Study of Mobile Work Practices", Information Technology & People, Vol. 28 no 1, pp. 34 - 71
Covaleski, M. et Dirsmith, M.W. (1988), “An Institutional Perspective on the Rise, Social Transformation, and Fall of a University Budget Category”, Administrative Science Quarterly, Vol. 33, No. 4, pp. 562-587
Crabtree, B. F. et Miller, W. L. (2000), “Using Codes and Code Manuals”,. B.F. Crabtree and W. L. Miller (eds.), Doing Qualitative Research (2eme ed.), Sage Publications, Thousand Oaks, CA.
Creswell, J.W. et Poth, C.N. (2018), Ch.4. Five Qualitative Approaches to Inquiry, dans Qualitative Inquiry & Research Design, 4e edition, Sage publications, Thousand Oaks California, pp.111-126.
Crossler, R., Long, J., Loraas, T.M., Trinkle, B.S. (2017), “The Impact of Moral Intensity and Ethical Tone Consistency on Policy Compliance”, Journal of Information Systems, Vol. 31 no 2, pp. 49-64.
Dubé, L., et Paré, G. (2003), “Rigor in Information Systems Positivist Case Research: Current Practices, Trends, and Recommendations”, MIS Quarterly, Vol. 27, no 4, p. 597-636.
Eisenhardt, K. M. (1989), “Building Theories from Case Study Research”, Academy of Management Review, Vol. 14, no 4, p. 532-550.
Fiol, C. M., et O'Connor, E. J. (2003), “Waking up! Mindfulness in the Face of Bandwagons”, Academy of Management Review, Vol. 28, no 1, p. 54-70.
French, A.M., Guo, C., Shim, J.P. (2014), “Current Status, Issues and Future of Bring Your Own Device (BYOD)”, Communications of the Association for Information Systems, Vol. 35, no 10, p. 191-197.
Gaff, B. M. (2015), “BYOD? OMG!”, Computer, Vol. 48, no 2, p. 10-11.
Gatewood, B. (2012), “The Nuts and Bolts Of Making BYOD Work”, Information Management Journal, Vol. 46, no 6, p. 26-30.
Gosain, S. (2004), “Enterprise Information Systems as Objects and Carriers of Institutional Forces: the New Iron Cage?”, Journal of the Association for Information Systems, Vol. 5, no 4, p. 6.
Gregg, M. (2011), Work’s intimacy. Polity Press, Malden, MA.
Gregory, R. W., Kaganer, E., Henfridsson, O. et Ruch, T. J. (2018), "IT Consumerization and the Transformation of IT Governance", MIS Quarterly, Vol. 42, no 4, pp. 1225-1253
Harris, J., Ives, B. et Junglas, I (2012), “IT Consumerization: When Gadgets Turn into Enterprise IT Tools”, MIS Quarterly Executive, Vol. 11, no 3, p. 99-112.
Hayes, J. (2012), “The Device Divide”, Engineering & technology, Vol. 7, no 9, p. 76-78.
Hayes, J., et Kotwica, K. (2013), “Bring your Own Device (BYOD) to Work”, Elsevier, Philadelphia.
Heary J., et Woland, A. (2014), “State of Play Report BYOD, CYOD, BYOT, BYOA and MORE”, IT NOW, Vol. 56, p. 56-57.
Henning, M., Hutter, I. et Bailey, A. (2015), Qualitative Research Methods, Sage Publications, Thousands Oaks California, 304 pages.
Horton, R. (2015), “Not Safe for Work”, Computer Fraud & Security, Vol. 3, p.18-20.
Hu, Q., Hart, P., et Cooke, D. (2006), “The Role of External Influences on Organizational Information Security Practices: An Institutional Perspective”, HICSS'06. Proceedings of the 39th Annual Hawaii International Conference on Systems Science, Vol. 6, p. 127.
Leclercq-Vandelannoitte, A. (2015a) "Managing BYOD: How do Organizations Incorporate User-Driven IT innovations?", Information Technology & People, Vol. 28 Issue: 1, pp.2-33.
Leclercq-Vandelannoitte, A. (2015b) "Leaving Employees to their Own Devices: New Practices in the Workplace", Journal of Business Strategy, Vol. 36 Issue: 5, pp.18-24
Lee Jr, J., Warkentin, M., Crossler, R.E., et Otondo, R.F. (2017), “Implications of Monitoring Mechanisms on Bring Your Own Device Adoption”, Journal of Computer Information Systems, Vol. 57 no 4, pp. 309-318.
Liang, H., Saraf, N., Hu, Q., et Xue, Y. (2007), “Assimilation Of Enterprise Systems: the Effect of Institutional Pressures and the Mediating Role of Top Management”, MIS Quarterly, pp. 59-87.
Mansfield-Devine, S. (2012), “BYOD and the Enterprise Network”, Computer Fraud et Security, Vol. 4, p. 14-17.
Marshall, C. et Rossman, G.B. (2016), “Ch. 8 Managing, Analyzing, and Interpreting Data”, dans Designing Qualitative Research, 6e edition, Sage, Thousand Oak California, pp.207-235.
Markus, M. L. (1989), “Case Selection in a Disconfirmatory Case Study” dans J.I. Cash and P. R. Lawrence (eds.), The Information Systems Research Challenge: Qualitative Research Methods (Volume 1), Harvard Business School Press, Boston, p. 20-26.
Mignerat, M., et Rivard, S. (2009), “Positioning the Institutional Perspective in Information Systems Research”, Journal of Information Technology, Vol. 24, no 4, p. 369-391.
Mignerat, M. et Rivard, S (2010), « Entre acquiescence et manipulation : réponses des gestionnaires de projet de SI aux pratiques institutionnalisées », Systèmes d’Information et Management, Vol. 15 no2.
Miles, M. B., et Huberman, M. (2005), « Analyse des données qualitatives », De Boeck et Larcier, Bruxelles.
Miller, K. W., Voas, J., et Hurlburt, G. F. (2012), “BYOD: Security and privacy considerations. IT Professional”, Vol. 5, p. 53-55.
Miner, A. S. (1991), “The Social Ecology of Jobs”, American Sociological Review, Vol. 56, p. 772-85.
Mintzberg, H. (1978), “Patterns in Strategy Formulation”. Management Science, Vol. 24, pp. 934-948.
Mintzberg, H. et Waters, J. A. (1985), “Of Strategies, Deliberate and Emergent”, Strategic Management Journal, Vol. 6, pp. 257-272.
Mirabeau, L. and Maguire, S. (2013), “From Autonomous Strategic Behavior to Emergent Strategy”, Strategic Management Journal, Vol. 35, pp.1202-1229.
Oliver, C. (1991), Strategic Responses to Institutional Processes, Academy of Management Review, Vol. 16 no1, pp. 145–180.
Parker-Toulson, S. (2012), “iPhone, iPad & Bring-Your-Own-Technology Practice in the Workplace”, Ministry of Citizens’ Services, British Columbia.
Pennings, J. M., et Harianto, F. (1992), “Technological Networking and Innovation Implementation”, Organization Science, Vol. 3, no 3, pp. 356-382.
Ragin, C. C. (1999), “The Distinctiveness of Case-Oriented Research”, Health Services Research, Vol. 34, no 5, p.1137-1151.
Romer, H. (2014), “Best Practices for BYOD Security”, Computer Fraud & Security, Vol. 2014-1, p. 13-15.
Scott, W. R. (1994), “Institutional Environments and Organizations: Structural Complexity and Individualism”, Sage, Thousand Oaks, CA.
Scott, W. R. (2001), “Institutions and Organizations”, Sage, Thousand Oaks, CA.
Sebescen, N., & Vitak, J. (2017), “Securing the Human: Employee security vulnerability risks in organizational settings”, Journal of the Association for Information Science and Technology, Vol. 68, pp. 2237–2247
Semer, L. (2013), “Auditing the BYOD Program”, The Internal Auditor, Vol. 70, no 1, p. 23.
Smith, K. J., et Forman, S. (2014), “Bring Your Own Device—Challenges and Solutions for the Mobile Workplace”, Employment Relations Today, Vol. 40, no 4, p. 67-73.
Steiner, P. (2014), “Going Beyond Mobile Device Management”, Computer Fraud et Security, Vol. 4, p. 19-20.
Steelman, Z.R., Lacity, M. et Sabherwal, R. (2016), “Charting Your Organization’s Bring-You-Own-Device Voyage”, MIS Quarterly Executive, Vol. 15, no 2, p.85-104.
Sun, H. (2014), "A Longitudinal Study of Herd Behavior in the Adoption and Continued Use of Technology", MIS Quarterly, Vol. 37 no4, pp.1013-1041.
Swanson, E. B., et Ramiller, N. C. (2004), “Innovating Mindfully with Information Technology”, MIS quarterly, Vol. 28, no 4, p. 553-583.
Thomson, G. (2012), “BYOD: Enabling the Chaos”, Network Security, Vol. 2, p. 5-8.
Venkatesh, V., Thong, J.Y. et Xu, X. (2016), “Unified Theory of Acceptance and Use of Technology: A Synthesis and the Road Ahead”, Journal of the Association for Information Systems, Vol. 17, no 5, p. 328-376.
Vignesh, U., et Asha, S. (2015), “Modifying Security Policies Towards BYOD”, Procedia Computer Science, Vol. 50, p. 511-516.
Walters, R. (2013), “Bringing IT Out of the Shadows”, Network Security, 2013, Vol. 4, p. 5-11.
Weeger, A., Wang, X., et Gewald, H. (2015), “II Consumerization: BYOD-Program Acceptance and its Impact on Employer Attractiveness”, Journal of Computer Information Systems, Vol. 56, no 1, p.1-10.
Weldon, D. (2013), “BYOD NOW – Focus on Secure Data Governance” Slashdotmedia.
Willis, D. A. (2013), “Bring Your Own Device: The Facts and the Future”, Gartner.
Winter, S. F. (1964), “Economic “Natural Selection” and the Theory of the Firm”, Yale Economic Essays, Vol. 4, p. 225-72.
Yin, R. K. (2009), “Case Study Research: Design and Methods”, 4th. Edition, Thousand Oaks.
Zielinski, D. (2012), “Bring Your Own Device”, HRmagazine, Vol. 57, no 2, p. 71-74.
The author bears the responsibility for checking whether material submitted is subject to copyright or ownership rights (e.g. figures, tables, photographs, illustrations, trade literature and data). The author will need to obtain permission to reproduce any such items, and include these permissions with their final submission.
It is our policy to ask all contributors to transfer for free the copyright in their contribution to the journal owner. There are two broad reasons for this:
- ownership of copyright by the journal owner facilitates international protection against infringement of copyright, libel or plagiarism;
- it also ensures that requests by third parties to reprint or reproduce a contribution, or part of it, in either print or electronic form, are handled efficiently in accordance with our general policy which encourages dissemination of knowledge within the framework of copyright.
In conformity with the French law, the author keeps the 'moral rights' related to the article:
- The 'authorship right': It is the author's right to have his name associated with each publication and exploitation of the article.
- The 'integrity right': It can be claimed by the author if he finds that during an exploitation, his work has been distorted (cutting, reassembly...).