Israel Lifshitz, the Founder & CEO of Nubo Software, has contributed his insight on the importance of BYOD strategy. Lifshitz especially touches on engaging your staff by forming a BYOD committee, and outlining staff goals, identifying what needs to get done on these devices and how you get there.
Taking Control of your BYOD Destiny
By Israel Lifshitz, Founder & CEO, Nubo Software
While more large enterprises are acknowledging the need for a strategic BYOD plan, many have been guilty of not fully realizing the scope of what BYOD means to an organization and adapting to this new reality quickly enough. From an IT perspective, BYOD is like time: If you don’t manage it, it will manage you. Moving to a scalable framework that delivers both strategic mobility and security benefits requires devoting the right resources to plan and roll out an effective BYOD policy and security solution that support one another. To achieve this, you need organizational leadership to be engaged in the process from the start and to champion BYOD all the way down to front-line staff. BYOD is essentially a critical change management initiative and should be approached that way. The end goal?
- A BYOD plan that is tailored to the mobile objectives of your company.
- A BYOD solution that ensures mobile productivity and flexibility for your staff and secures all of your corporate data.
With the right research and staff engagement you can gather all of the ingredients to achieve both of these objectives. Here’s how:
BYOD Planning: Assessing your organization’s needs
First, engage your staff and research your company’s mobility needs. This should be the first building-block for your BYOD policy planning. Your policy plan should allow you to accurately define your:
- BYOD Committee: The quality of your BYOD plan and policy first requires quality research. Identify the people in your organization that are best placed to be feedback channels on all of the aspects regarding your organization’s enterprise mobility needs, and more importantly define these needs from the perspective of you mobile employees. No one person will be able to convey all enterprise mobility needs, so it’s important to select representatives from the various departments and functions that will be accessing mobile work data. Your Communications department should facilitate this process and provide the engagement tools to make sure you can crystallize the components of this plan.
- Organizational BYOD objectives: Turn the spotlight on upper management. What are the main strategic benefits they expect to see from BYOD? These include saving costs on hardware/software, freeing IT time and resources, and increasing employee productivity and flexibility.
- BYOD users: Identify which departments and functions require mobile data access. For example, customer service reps may only need email access, whereas sales reps require access to more sensitive client and enterprise information.
- Staff BYOD goals: Simply put, what do your employees need to get done when working remotely and what apps are required? It’s important you itemize these tasks and marry them to your employees’ needs.
- Mobile apps: Survey BYOD employees in various departments to identify the apps most in-demand. List these apps by department and function.
- BYOD security risks: Now that you’ve defined your mobile users, required tasks, apps and data what risks should be expected by your information security team? Include all internal (i.e. lost/stolen devices) and external threats (mobile malware, device and app vulnerabilities).
- Device and OS network: Collect employee feedback to get a clear picture of the Android and iOS supported devices that will need BYOD access. This will also help inform you on UX/UI requirements.
The Approach: BYOD Security that matches Data Sensitivity
Once you’ve synthesized all of this feedback, your company will have a clear and accurate assessment of its BYOD needs, which apps and data are required, and what their security implications are. These findings will help you understand the sensitivity level of the apps and data you want to take mobile. That data needs a commensurate security approach.
You may well find out that a multi-pronged approach is required for different segments of your user base. Some of your employees may only be basic BYODers, checking and responding to emails. Others may be downloading low-sensitivity attachments or documents from your file server, while others must access high-sensitivity files and can’t be productive without apps containing confidential client and proprietary information.
For many enterprises, conducting business in the BYOD world isn’t truly possible without accessing high-sensitivity data. This is where any digital footprint becomes a target for malware and hackers who make breaching your data their business. The costs of data breaches both reputationally and financially demand that your most sensitive data be kept completely separate from personal devices. That’s why approaches such as Virtual Mobile Infrastructure (VMI) are emerging in enterprise mobility. If you’re already invested in MDM architecture, you can apply VMI as that extra layer of security for data too sensitive to leave on devices. VMI runs mobile apps from your data center and virtualizes them onto devices as a flat display. Regardless of how many consumerized or enterprise apps you need to deploy, you can do so without leaving any data on devices. IT teams can re-allocate much of their time away from device management, while employees can collaborate, produce and act in your company’s best interests in a timely manner.