Like any other IT project, policy must precede technology — yes, even in the cloud. To effectively leverage mobile device management (MDM) technology for employee-owned devices, you still need to decide on policies. These policies affect more than just IT; they have implications for HR, legal, and security — any part of the business that uses mobile devices in the name of productivity.
Since all lines of business are affected by BYOD policy, it can’t be created in an IT vacuum. With the diverse needs of users, IT must ensure they are all part of policy creation.
There’s no one right BYOD policy, but here are some questions to consider:
Devices: What mobile devices will be supported? Only certain devices or whatever the employee wants? According to Forrester, 70 percent of smartphones belong to users, 12 percent are chosen from an approved list, and 16 percent are corporate-issued. Some 65 percent of tablets belong to users, 15 percent are chosen from a list, and 16 percent are corporate issued. In other words, users in most cases bring their own devices.
Data Plans: Will the organization pay for the data plan at all? Will you issue a stipend, or will the employee submit expense reports? Who pays for these devices? For smartphones, 70 percent paid the full price, 12 percent got a discount, 3 percent paid a partial amount, and in 15 percent of cases, the company covered the full price. With tablets, 58 percent bought their own, 17 percent got a corporate discount, 7 percent shared the cost, and 18 percent were issued and paid for by their companies. (Source: Forrester, 2011)
Compliance: What regulations govern the data your organization needs to protect? For instance, the Health Insurance Portability and Accountability Act (HIPAA) requires native encryption on any device that holds data subject to the act.
Security: What security measures are needed (passcode protection, jailbroken/rooted devices, anti-malware apps, encryption, device restrictions, iCloud backup)?
Applications: What apps are forbidden? IP scanning, data sharing, Dropbox?
Agreements: Is there an acceptable usage agreement (AUA) for employee devices with corporate data?
Services: What kinds of resources can employees access — email? Certain wireless networks or VPNs? CRM?
Privacy: What data is collected from employees’ devices? What personal data is never collected?
No questions are off limits when it comes to BYOD. There must be frank and honest dialog about how devices will be used and how IT can realistically meet those needs.
The rapid proliferation of mobile devices entering the workplace feels like divine intervention to many IT leaders. It’s as if a voice boomed down from the mountain ordering all of the employees you support to procure as many devices as possible and connect them to corporate services en masse. Bring Your Own Device (BYOD) was born and employees followed with fervor.
There’s no sense pretending it isn’t happening or saying, “We don’t let our employees do that.” The truth is, they’re doing it already and will continue to burrow noncompliant devices into your network with or without your permission. Forrester’s study of U.S. information workers revealed that 37 percent are doing something with technology before formal permissions or policies are instituted. Further, a Gartner CIO survey determined that 80 percent of employees will be eligible to use their own equipment with employee data on board by 2016.
This raises the inevitable question: How will you support work force desire to use personal apps and devices while allowing them to be productive in a secure environment that protects corporate data? The Ten Commandments of BYOD, developed by MaaS360, show you how to create a peaceful, secure and productive mobile environment.