Bring your own device (BYOD) is not a new concept. The popularity and proliferation of smartphone and tablet devices in our personal lives has seen employees rushing to use these very same devices in a professional capacity.
But, while BYOD isn’t the latest trend or buzzword, many businesses are not convinced of its potential, and do not have formalised policies in place allowing employees to use the apps and devices they would like to in their daily roles.
Vendors claim BYOD can have a positive impact on business by empowering employees and boosting productivity, but it can also raise security concerns.
>See also: BYOD: Phenomenon or full circle?
How many employees access enterprise applications and confidential business information on their personal devices without raising serious compliance, security and privacy risks? How can IT control license management issues or conduct support? What happens when employees use unmanaged third-party apps?
Implementing a BYOD policy doesn’t have to be as difficult or troublesome as it may appear to some IT departments or CIOs. Here is a best-practice guide.
1. Eligibility
The first step in a BYOD policy should be around the question of eligibility. Who should have the ability to use their own devices for work? To determine eligibility, businesses should apply certain criteria, such as worker type (for example the receptionist is less likely to benefit from a BYOD policy than the global business development manager who needs to travel on a monthly basis), performance needs and the job role that individual needs to perform. Requirements can be as broad or as specific as you like, but ensure managers have the final say over approval.
2. Android, Apple or other?
Having worked out eligibility criteria, CIOs should then think about which devices to cater to within the formal BYOD policy. The IT department will need to determine the minimum requirements for operating systems if it wants to install applications directly on endpoints, and will also need to think about things like application support.
3. Select a menu of services
Allow employees to do anything on their devices, or restrict the level of access and types of task they can carry out? CIOs should about the types of services – email, phone calls, accessing the server, editing documents – they want to make available on personally owned devices and to whom. This will likely differ according to the user, device type and network. Choose the scenario that’s best for the business.
4. Communicate the plan to your staff
There’s no point having a BYOD strategy in place if the intended audience doesn’t know about it. The success of any BYOD policy comes down to communication.
Staff should receive clear guidance on what applies to them and the devices best for their needs. There also needs to be communication around the rights and responsibilities that come with using a personally owned device for business purposes.
Work data should always be segregated from personal data as specific apps used in the personal domain will not be appropriate for the work domain. The clearer the communication with staff on what’s acceptable, the easier it will be to manage.
5. Who’s footing the bill?
The answer is both the organisation and the individual worker. Having workers pay for some or all of the costs for work devices can improve the business bottom line, and the IT department doesn’t constantly need to procure and maintain certain hardware – but budget will have to be allocated to a mobility solution.
6. Being secure, remaining compliant
One of the main barriers to the adoption of BYOD strategies is the perception that it can lead security risks. Installing apps directly onto personally owned devices can raise security and compliance concerns for a CIO that wants to keep corporate information secure and an IT department that wants to retain control of IT usage.
This is where the enterprise mobility management solution comes in, accessed by the people that need to access it, and not stored on an endpoint device that could get misplaced on the tube or stolen from a handbag.
7. Support and maintenance – whose responsibility is it?
As devices are owned by users, BYOD policies reduce the total maintenance required for each device. But BYOD policies should also clearly define how various support and maintenance tasks should be handled and who will pay for them.
>See also: As wearables enter the workplace, IT revisits BYOD lessons
These seven steps are just a guideline of the key considerations that businesses should address before embarking on a BYOD policy.
BYOD should never be one-size-fits-all. All businesses have different requirements based on the sector in which they work, the size of the business in question, and the tasks workers are asked to perform, amongst many other factors.
The key to ensuring its success, however, will ultimately come down to communication with staff – educating them on what is and isn’t acceptable under your policy – and providing employees with a choice.
Sourced from Jason Tooley, Country Manager UK, Citrix
