Building a “Bring Your Own Device" (BYOD) Strategy

August 28, 2015 | Post by Steven Pike | 0 Comments

BYOD: Bring Your Own Device

BYOD is one of the more dramatic results of the consumerization of IT, in which consumer preference, not corporate initiative, drives the adoption of technologies in the enterprise. However, many of these technologies were not built with enterprise requirements in mind, so IT teams often feel uncomfortable about security and supportability. User experience can be compromised and the program can ultimately fail when users find ways around the policy and bring in more personal devices.

BYOD is more than just shifting ownership of the device to the employee. It has many complex and hidden implications for which a strategy needs to be defined in advance of implementation. Prior to selecting supporting technology and implementing the infrastructure, organizations need to consider the following:

Sustainability
To be sustainable, BYOD policies must meet the needs of both IT and employees; they must secure corporate data, minimize costs to implement and enforce, preserve user experience, and stay up to date with new devices.

Device Choice: It is impossible to predict what next hot device users are going to move toward, but there are things an organization can do to enable user choice. These include defining an acceptance baseline of what security and supportability features a device should support, understanding the operating systems and regional variances, and developing a certification plan that spans 3-6 months, so the certification process will be ongoing.

Trust Model
The trust level of a mobile device is dynamic and depends on its security posture at a given point in time. BYOD adds another layer to the trust model, privacy policies will vary, and user expectations will differ. Building a BYOD trust model requires setting a tiered policy and assessing associated risks; defining remediation options; establishing the identity of users and devices; and, of course, evaluating the sustainability of the security policy being instituted.

Liability
BYOD introduces a new liability wrinkle: the device on which these actions may take place is not the property of the company. Some considerations around BYOD liability include defining the elements of baseline protection of data on devices, assessing liability for personal Web and app usage on-site vs. off-site and within work hours vs. outside work hours; and quantifying the monitoring, enforcement, and audit costs.

User Experience and Privacy
BYOD is all about end-user satisfaction. But security and user experience have to be balanced. A social contract must be established between the company and the employee that clarifies the actions IT will take and under what circumstances, defines the BYOD privacy policy, explains what core services will be supported (email, mission-critical apps), and communicates compliance issues clearly to the employee.

App Design and Governance
Apps involve enterprise data, and if the trust level of a BYOD device is different from that of a traditional device, it will affect app design and distribution. Companies must clearly communicate to employees what apps are supported on what devices, and why. If not, users will be confused, and help desk calls will increase. Key considerations include how to design mobile apps, how to define an app catalog, what resources will be committed, how to keep use policies updated, and how to define enforcement levels for app violations.

Economics
BYOD strategies have not been in place long enough for most organizations to be able to assess their economic impacts. Key considerations include hardware, overage charges, service plans, help desk, and compliance and audit. In addition, the nature of BYOD reimbursement (partial stipend vs. full payment of service costs) affects liability.

Internal Marketing
BYOD presents a unique opportunity for IT to improve internal perceptions. Thinking through the internal marketing strategy up front will influence communications and decisions in a way that can improve IT’s standing with its internal customers.

BYOD seems simple, but it’s not. Developing a comprehensive strategy is just the first step. Then come selecting the needed technologies, implementing the infrastructure, and regularly updating apps policies and users. CompuCom’s BYOD Workshop helps you build a comprehensive solution that includes all of the core components your organization needs to build a sustainable BYOD program that meets the needs of your IT team and your end users. 

The content and opinions posted on this blog and any corresponding comments are the personal opinions of the original authors, not those of CompuCom.

  • Steven Pike's picture

    Steven Pike

    Steve Pike is a CompuCom Director of device and mobility services and owns the design and implementation of the company's mobility portfolio of services.

Add new comment

By submitting this form, you accept the Mollom privacy policy.

Categories

[x] Close

Sign Up for Email