BYOD is one of the more dramatic results of the consumerization of IT, in which consumer preference, not corporate initiative, drives the adoption of technologies in the enterprise. However, many of these technologies were not built with enterprise requirements in mind, so IT teams often feel uncomfortable about security and supportability. User experience can be compromised and the program can ultimately fail when users find ways around the policy and bring in more personal devices.
BYOD is more than just shifting ownership of the device to the employee. It has many complex and hidden implications for which a strategy needs to be defined in advance of implementation. Prior to selecting supporting technology and implementing the infrastructure, organizations need to consider the following:
To be sustainable, BYOD policies must meet the needs of both IT and employees; they must secure corporate data, minimize costs to implement and enforce, preserve user experience, and stay up to date with new devices.
Device Choice: It is impossible to predict what next hot device users are going to move toward, but there are things an organization can do to enable user choice. These include defining an acceptance baseline of what security and supportability features a device should support, understanding the operating systems and regional variances, and developing a certification plan that spans 3-6 months, so the certification process will be ongoing.
The trust level of a mobile device is dynamic and depends on its security posture at a given point in time. BYOD adds another layer to the trust model, privacy policies will vary, and user expectations will differ. Building a BYOD trust model requires setting a tiered policy and assessing associated risks; defining remediation options; establishing the identity of users and devices; and, of course, evaluating the sustainability of the security policy being instituted.
BYOD introduces a new liability wrinkle: the device on which these actions may take place is not the property of the company. Some considerations around BYOD liability include defining the elements of baseline protection of data on devices, assessing liability for personal Web and app usage on-site vs. off-site and within work hours vs. outside work hours; and quantifying the monitoring, enforcement, and audit costs.
User Experience and Privacy
App Design and Governance
Apps involve enterprise data, and if the trust level of a BYOD device is different from that of a traditional device, it will affect app design and distribution. Companies must clearly communicate to employees what apps are supported on what devices, and why. If not, users will be confused, and help desk calls will increase. Key considerations include how to design mobile apps, how to define an app catalog, what resources will be committed, how to keep use policies updated, and how to define enforcement levels for app violations.
BYOD strategies have not been in place long enough for most organizations to be able to assess their economic impacts. Key considerations include hardware, overage charges, service plans, help desk, and compliance and audit. In addition, the nature of BYOD reimbursement (partial stipend vs. full payment of service costs) affects liability.
BYOD presents a unique opportunity for IT to improve internal perceptions. Thinking through the internal marketing strategy up front will influence communications and decisions in a way that can improve IT’s standing with its internal customers.
BYOD seems simple, but it’s not. Developing a comprehensive strategy is just the first step. Then come selecting the needed technologies, implementing the infrastructure, and regularly updating apps policies and users. CompuCom’s BYOD Workshop helps you build a comprehensive solution that includes all of the core components your organization needs to build a sustainable BYOD program that meets the needs of your IT team and your end users.