This article was written by Simon Meager, Managing Director of Footprint Media.
Bring your own device (BYOD) programmes spark many a conversation in and outside the IT department. It’s a growing trend that clearly identifies the consumerisation of IT, in which consumer preference – rather than corporate direction – drives the decision on what technology is used in the workplace.
Interestingly, many of these technologies were not built with enterprise requirements in mind, so IT teams often feel uncomfortable about security and supportability. However, one thing that does appear certain, is that BYOD is most definitely here to stay. So, whether CIOs like it or not, there is a real need to address the BYOD ‘problem’.
In a recent survey of small and medium sized businesses a number of discrepancies between employers and employees were identified. The survey, conducted by BT Business, found that 77 percent of employers permit the use of personal devices at work, while 47 percent of employees utilise their personal laptops. As part of the findings, it was also revealed that 73 percent of employers are confident that if a member of staff lost a device containing confidential data they would report it to the company. However, only 29 percent of employees would actually do this straight away.
As such, a forward-thinking BYOD strategy is one that should be carefully balanced to meet the demands of the employees, as well as the overall business objectives – the most important of these being network and data security.
With that said, it’s not all bad news. It’s also been proven that when employees are allowed to use their own devices in the workplace, they enjoy a greater level of mobility, better job satisfaction and improvement in efficiency and productivity. This benefit also transfers to the organisations. An iPass survey of 1,100 mobile workers showed that employees who use mobile devices for both work and personal issues, put in 240 more hours per year than those who do not.
So, what do organisations need to do when implementing a BYOD policy to reap the benefits, but also avoid those nasty surprises? Well, it’s all actually quite straightforward. Here are two key areas that are useful to consider when implementing a policy around BYOD:
- Analyse employee device preferences and develop an understanding of the devices they have already bought. A BYOD programme that doesn’t support current and intended purchases will have limited appeal.
- Define an ‘acceptance baseline’ of what security and supportability features a BYOD device should support. The goal here is to include all employees’ desired mobile platforms in the programme, without creating any security gaps or support headaches. The acceptance baseline generally includes: asset management, encryption, password policy, remote lock/wipe and email, wi-fi and VPN configuration.
If these fundamentals are included, the mobile platform is generally accepted as viable for the corporate enterprise.
There are also some more advanced things that can be added to this programme which focus on app-related functionality and advanced security, such as certificate-based authentication. In general, device platforms that match the advanced list get access to a higher level of enterprise functionality in the BYOD programme. For a more thorough BYOD strategy, you will also need to consider the following:
- Understand the operating system, hardware, and regional variances around the baseline – this is very important when implementing an international BYOD strategy. With specific reference to Android, similar devices may support very different capabilities based on the manufacturer and the geographic region. The brand name of the same device may also vary by phone operator, adding more confusion.
- Develop an easy certification plan for evaluation of future devices. Most organisations invest in upfront certification when launching their BYOD programme. However, new devices are introduced into the market every few months and so the certification process needs to be ongoing and must continually evolve. If the process is too heavy, it will become expensive and eventually fall behind, so speed and efficiency of certification is essential.
- Establish clear communication to users about which devices are allowed, and why. Employing BYOD without this clarity results in users purchasing unsupported devices or becoming frustrated that the service levels they expected from IT are not available to them.
In summary, a BYOD policy is about striking a balance between what employees want in terms of freedom and what the CIO wants in terms of control. The IT department has to provide a solution that will meet both masters’ needs, giving employees a positive user experience on their devices, while keeping an organisation’s data secure.