The BYOD trend has been adopted by organizations increasingly in the last decade. Its increasingly popularity can be attributed primarily to technological advances and increasing dominance of digital devices like smart phones, tablets, and laptops, in both our personal and professional lives. Although companies and employees are both reaping the benefits offered by the trend – convenience of using a single device at both home and work for employees and cost savings for employers – it nonetheless poses some challenges for both.
Before we dive into the potential problems, here’s a brief look at what BYOD means, for the uninitiated.
What Does BYOD stand for?
BYOD is an acronym for Bring Your Own Device – it refers to companies encouraging the use of personal devices at work, especially on the go. It helps companies eliminate investment in technological devices, resulting in monumental cost savings.
BYOD means alot of things to alot of people. If you don’t do your homework before you implement BYOD, you are assuring that the D will stand for disaster. From an article in NetworkWorld magazine, here are a few steps you can take to avoid a blunder and save your job.
Blunder Number 1: Just jump in – the water’s fine!
In fact, the water is murky. Companies that just open their networks to BYOD without a plan might hit riptides, stingrays, sharks even. Do you have a lifeguard? Do you even know who should be on the beach?
“Step back and think about your company and what the mobile worker population of the company might look like,” says Stacy Crook, an analyst at International Data Corp. It’d be best to seek professional help from IT consulting or managed IT services so they can devise a road map to make the transition to BYOD easier and safer, mitigating the risks to network security and company data.
Blunder Number 2: Take on all comers
It’s a great concept for a UFC special, but why do you want your network exposed to every device known to humankind?
“Companies shouldn’t recommend what type of phone employees may get, but some Android phones are better than others,” says Dan Shey, an analyst at ABI Research Inc.
Blunder Number 3: Give employees access to everything
Do all your employees really need access to all applications? Really? It’s one thing to open up access to email, another to give access to ERP, says Shey, an analyst at ABI Research. Email “tends to be a closed system–you can connect to it and not connect to corporate systems and databases,” he says. As Crook notes, once consumer devices enter the enterprise, consumer applications and corporate applications can commingle. What if employees want to dump things into Dropbox – a consumer app or BYOD application? In fact an offshoot of the BYOD trend is the BYOA (Bring Your Own Application) movement where employees use third-party cloud application services at work.
Using geo-sensing policies, where devices only have access to applications and data when in a certain zip code or GPS coordinates, can be helpful in some circumstances. With the help of managed IT services or IT consulting, companies can deploy the latest access control and management mechanisms so employees have access to only relevant company applications instead of the entire network.
Blunder Number 4: Fail to train employees
“That’s a big no-no,” says Crook. Employees need to have some guidance on what they should and shouldn’t do with their devices on the corporate network. That’s obviously true for companies that have compliance requirements, like healthcare and financial firms. But any company can have employees overstep their bounds. Give them education and training, and then ask them to sign a document about complying with your company’s policies. Without those things, “you’re setting yourself up for lawsuits.” Especially if you commit sin number five&.
Blunder Number 5: Assume people won’t lose a device when it’s their own.
They do, and they will. What kind of attachments might be on email? What if there’s a password file on the device? Or authentication for the network?
Blunder Number 6: Expect you can just wipe your hands off things.
There are lots of tools that let you wipe systems remotely, ranging from features in Microsoft Exchange to mobile device management software.
Remote wiping is a powerful tool, but when you zap all their personal data, even employees who leave on good terms could end up suing you.
Mobile device management software is useful, but should you really just wipe the box? Or can you revoke access to specific applications? It’s best to seek counsel from IT consultants or managed IT services so they can devise a tool for remote wiping to ensure that access to only specific applications or data is revoked.
Blunder Number 7: Assume the worst and just ban BYOD.
BYOD is manageable. CISOs can mitigate risks. They just need to have a plan and a process that meets the needs of their company. If your firm lacks the technological expertise or doesn’t have the financial bandwidth to hire an IT team, consider outsourcing BYOD management to IT consulting or managed IT services.
Finally, learn from those who’ve gone before you. One of the first companies to allow BYOD is IBM. It started back in 2000 with the Blackberry, and after trials made BYOD a corporate initiative in 2004. It has more than 130,000 employees using their own devices, primarily smart phones and tablets