Bring Your Own Device (BYOD) continues to be a point of contention amongst analysts, thought leaders, enterprises and the IT departments tasked with handling this emerging trend. For analysts and thought leaders the discussion seems to lie with the true ROI that BYOD brings. Is there validity to the apparent savings that BYOD programs bring and what does it bring to the table? For the C-level decision makers leading enterprises the questions revolve around employee productivity and performance against the bottom line. For IT departments the concerns center on how to successfully support a BYOD program while insuring the security of their organization’s network and data.
These are all valid questions and concern when looking at BYOD, and to be quite honest ones that we can not provide the answers to just yet. One thing that we can tell you is that BYOD is still happening without some of these answers, and in some cases, even without enterprises being fully aware of it. So with BYOD being this unproven, unsure, yet seemingly unstoppable trend what should be your next step? You can’t just sit back and let it happen unmonitored and unsecured. Our suggestion would be to prepare and safe guard against the possible threats that BYOD can present so when the jury is finally out you will be ready to handle whatever verdict is read.
A recent article from BizTech2.com suggests that the best ways to prepare and safeguard against a potential BYOD program are to set strong and enforced policies. They quote Brandon Hampton, Director at MOBI Wireless Management, as saying “The key weapon an organization has to combat the scary situation of having corporate data residing on a device that they do not own and have limited control over is an ironclad policy that is enforced rigorously.” Two suggestions for BYOD policy development are made that really stick out in the article that we thought we would share.
The first suggestion is user profiling: “BYOD does not need to be a blanket implementation. Identify who really requires it.” If my job centers around a desktop, if I do not travel for work, if I am not out in the field on site or with clients and if my job responsibilities end with the final bell then quite frankly I do not need ability to access a corporate network or data on my personal mobile devices. If I had the ability, my mobile device and I would be more of a liability then an asset (in regards to BYOD) to my company. BYOD capability should come out of necessity not convenience, and you can’t invite everyone to that party.
The second suggestion is locking on the device and operating system: “Looking at the plethora of options in the market today, CIOs have to have clarity on what devices and version of OS will be allowed.” If IT departments had to secure every device under the sun they would go crazier then they already are, and that’s probably not healthy. In this case maybe we should think about BYOD as “Bring These Devices” (BTD). Set guidelines and standards that will cater to the majority of the people who need the capabilities that BYOD provides.
For more guidelines around BYOD policy development click here to read the entire BizTech2.com article.