Editor’s Note: Welcome to our weekly Reader Forum section. In an attempt to broaden our interaction with our readers we have created this forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but we maintain some editorial control to keep it free of commercials or attacks. Please send along submissions for this section to our editors at: [email protected].
BYOD – an acronym that has executives jumping for joy and IT managers shaking in their boots. BYOD, or bring your own device, is top of mind for enterprises around the globe. The appeal of extremely powerful, easy-to-use handheld devices, global connectivity and an app for everything, has given rise to a stunning transformation of the IT landscape.
A recent report from Gartner predicts that 70% of professionals will conduct work on personal smart devices by 2018. With millions of unmanaged devices predicted to connect to corporate networks in the next few years, IT departments are struggling to catch up.
In the “old world” of laptop PCs it was a challenge for IT to safeguard networks, keep track of corporate information and protect data loss. As the BYOD phenomenon gains traction, employees are making their own purchasing and provisioning decisions without concern for security or support. Without protection, these devices are less secure than PCs and their small form factor makes them particularly susceptible to loss or theft.
Implementing a successful BYOD strategy is much more than a technology challenge. BYOD solutions will vary widely by organization and industries, but the five essential provisions that all enterprises must address are as follows.
Essential 1: Understand your regulatory and business environment
Successful execution of a BYOD strategy requires the organization to develop a comprehensive policy framework to cover the business, legal, technical and governance issues that arise when integrating employee-owned devices. To begin, the organization must take stock of its current environment and use the findings to develop a roadmap for future requirements. Key questions to ask include:
–What is the company’s goal for implementing a BYOD policy?
–What are the regulatory and compliance requirements for the industry/organization?
–What distinct segments of mobile users does the company have?
–What information and applications need to be accessed by each of those segments?
–What levels of security will need to be applied to this information?
–What are the data usage requirements of each user segment?
Once an understanding of the current environment and future requirements is in place, the organization can then draft its BYOD policy framework.
Essential 2: Build a business policy framework
Armed with an understanding of user and security requirements, a policy framework can be drafted to address the following:
–Supporting devices: This is one of the most important but often most overlooked aspects of a BYOD policy. It’s unrealistic to expect your IT team to support every device that could be purchased by employees. Determine which devices will be supported.
–Sourcing: This policy will determine whether employees purchase devices anywhere or from preferred vendors, based on user segment and location.
–Reimbursement: How will employees be reimbursed for devices and/or data plans? A broad range of options exist, from total coverage of devices and unlimited data, to reimbursing employees for data expenses up to a certain pre-set level.
–Bandwidth throttling: For corporate-sponsored data plans, bandwidth usage issues are a hot topic. Organizations must determine how to allocate employee demand for bandwidth across locations, roles and usage volumes.
–Business support vs. personal support: Organizations must determine the extent to which they are willing to provide technical support for an employee-owned device that accesses personal data and applications, as well as business data.
–Geo-fencing: It may be necessary to establish policies to govern device use within predefined geographical areas.
–Device loss: Device loss, or theft, is a fact of life. As such, the organization should have a thorough plan in place on how to protect (or remotely wipe) data on a device if it goes missing.
Essential 3: Build a legal policy framework
The introduction of employee-owned devices into the enterprise environment and the storing of company data on personal devices will inevitably give rise to legal issues. Policies that sidestep risk must be outlined in advance to avoid costly mistakes.
–Rights: The legal rights of employees and organizations differ from country to country and should be customized to meet applicable regulatory and privacy requirements.
–Privacy: Develop and determine the extent to which a company will protect the privacy of the employee.
–Responsibilities: Decide on employee responsibilities in protecting the device.
–Liability: Determine liability if an action results in exposure or loss of private data.
Essential 4: Build a security and technical policy framework
Technical issues are a constant challenge for BYOD implementations. Regardless of the organization’s specific needs it should consider the following security measures as part of any BYOD strategy.
–Application management and development standards: Management policies must be established to ensure the proper level of control for each app based on its sensitivity and use. To ensure that the full range of enterprise apps is consistent with the model, standards for app development must be established up front.
–Data access: Policies should be set for both company- and employee-owned devices, but employee ownership introduces an added layer of complexity and need for governance.
–User policies: Look at applying different security policies and technologies to different user segments. Note that applying multiple policies and technologies can be complicated and must be carefully coordinated by IT.
Essential 5: Build a plan for successful policy implementation
Employee ownership of devices introduces a unique set of challenges and requirements when it comes to policy implementation:
–Auto-certification: With employees connecting to the network and provisioning their own devices, the enterprise must establish the technology and process for automatically certifying devices.
–Self-provisioning: Mechanisms must be set-up to enable employee-owned phones, tablets and other devices to be provisioned by the users themselves.
–User profiles: A solution must be in place to link individual employees with their user profiles.
–Teleworking: An organization’s virtual desktop and unified communication strategy should extend to mobile devices.
Looking ahead
Harnessing the power of employee-owned devices can deliver tremendous advantages to the organizations that do it successfully. The BYOD opportunity is here and the right planning will help you seize it.
