Bring Your Own Device: What is it? And How to Successfully Implement it?

By CIOReview | Tuesday, June 21, 2016

Enterprise demands on IT have swelled exponentially as business transactions and engagements steadily moved online, resulting in the need for more systems to offer real-time communication with each other, anytime-anywhere connectivity for employees, as well asaiding consumers placing orders online. Data, today needs to offer mobility than ever before, and businesses are constantly solving for this in an ever-evolving business dynamic.

As IT departments struggle to keep up with the burgeoning technological upheavals and new implementation headaches, enterprise employees increasingly demonstrate stronger desires to use their own device to access corporate data. With a steep rise in the usage of employee productivity devices like the personal computer and the smartphone, businesses began an implementation practice that rapidly accelerated a series of inflection points for consumer and enterprise technology aided by the rise of the internet, the rise of social media and combined with the need for mobility. BYOD (Bring Your Own Device) is a part of the growing trend of Consumerization of IT, through which consumer software and hardware is brought into the workspace and used by employees for official work. 

The BYOD trend is fueled by a youthful, and more agile workforce, who have grown up with the Internet as a way of life who repudiate when implored to draw a line between corporate and personal technology. The primary reason behind industry leadersembracing the new BYOD trend is that they understand the dynamics of a new IT self-sufficiency among employees. Hoping to sate millennials who already own and use personal laptops, tablets and smartphones, CIOs and CTOs everywhere feel the need to push BYOD policies.

Herein, devices owned privately by the employee are sometimes authorized by the enterprise and supported besides the devices that are originally owned by the business. In many other cases, these employee-owned devices are added to be part of a parallel system that covers hardware or software within an organization that is not provided support by the enterprise’s core IT department. Smartphones are the most widely used example of the same but employees also use their own tablets, laptops as well as USB drives to access corporate data.

Contemporary enterprises have begun embracing the Consumerization of IT having gauged that it saves money and enhances business agility whilst also improving employee productivity. The problem for IT department though, when employees start using their own devices at the workplace is obviously that they can easily and often, unintentionally introduce a corporate network security risk or breach. Effective management of BYOD (Bring Your Own Device) programs in an enterprise can only begin by fully contemplating the advantages of employees using mainstream consumer technologies at work, while assessing the security risks involved while implementation.The advent of BYOD is compelling IT managers to develop and put into practice new policies that govern the management of unsupported personal devices.

Before launching BYOD programs however, enterprises should look to establish well thought out BYOD policies. These policies should detail what kind of devices employees may use for work and what level of support the organization will provide for the same. Also, in cases where the company may have helped pay or purchase the device or application services and bear its relevant costs, who the ownership of the devices or services belong to, need to be addressed beforehand. This will help eradicate the confusion at a time when an employee chooses to leave the current organization.

Developing and implementing a successful BYOD program consists of:

 • Defining and Assessing the Risk Quotients

This requires understanding the job profile of each individual employee based on the kind of data or information they have access to and concurrently creating a "risk profile" based on their roles. They can be further augmented as “low-risk”, “medium-risk” or “high-risk” based on the level of sensitive data they have access to on their devices.
Also, clearly stipulated clauses should state what needs to happen when such devices with authorized access are stolen, damaged or otherwise deemed unusable.

 • Endpoint Security and Mobile Device Management (MDM) Choices

Mobile device management (MDM) refers to a type of security software used by IT departments of organizations in order to monitor, manage and secure employees' mobile devices that are deployed at the workplace. MDM software is often merged with supplementary security services and tools such as Mobile Application Management that builds a complete mobile device and security Enterprise Mobility Management solution.

Whilst selecting MDM software, it is important to keep in mind a product with a managed container that can separate personal information and applications from corporate data and apps. It is ideal to provide employee-owned devices with their own dedicated workspaces.

 • EstablishingSupport Levels

Organizations stand to be in a much better position if they decide which applications and functions they wish to support beforehand. Following the list of supported apps from your MDM vendor can be a way to go towards formulating an ‘approved-device’ list. Platform popularities need to be kept in mind too, while making up the list. Having a service desk for back-up and training those employees on BYOD policies will also help keep your organization in the know how.

 • Dealing withLegal and HR Issues

The organization’s legal team can be consulted to conjugate what happens when the company or an employee becomes involved in a lawsuit, either as a plaintiff or a defendant, which might require turning over data on BYO gadgets. Also, clearly stipulated clauses should dictate what to do in case the device has to be submitted to a court of law or to law enforcers and who bears the responsibility for the device.

The HR team can help lay out points on whether or not to pay reimbursements for the employees’ voice and data plans on their BYO devices. A mobility usage agreement for employees acknowledging that they've read and agreed to abide by the usage policies can be a sensible way to keep such policies in check.

 • Launching a Pilot Program

Beta testing your policies on particular groups of employees, before launching them full scale can help you make subtle tweaks to further enhance its reach.

 • Follow Up on Feedback

With proper employee participation you can gauge the levels of success and satisfaction the BYOD program is achieving. Comparing numbers of support issues reported or incident rates as well as understanding employee perceptions about their privacy, will help decide ultimately whether or not the program implemented will be successful or not.