Many organizations are considering personally-owned mobile devices for business apps. Their goal is to drive employee satisfaction and productivity through the use of new technologies, while simultaneously reducing mobile expenses.
This bring-your-own-device (BYOD) trend is one of the more dramatic results of the consumerization of IT, in which consumer preference, not corporate initiative, drives the adoption of technologies in the enterprise. However, many of these technologies were not built with enterprise requirements in mind, so IT teams often feel uncomfortable about security and supportability.
BYOD is more than just shifting ownership of the device to the employee. It has many complex and hidden implications for which a strategy needs to be defined in advance of implementation.
Based on the experience of our customers, MobileIron has identified eight major components for successful BYOD strategies:
|
Device Choice
|
User Experience and Privacy
|
- Analyzing employee preference and understanding which devices they have already bought
- Defining an acceptance baseline of what security and supportability features a bring-your-own-device program should support
- Understanding the operating system, hardware, and regional variances around that baseline
- Developing a light-touch certification plan for evaluation of future devices
- Establishing clear communication to users about which devices are allowed or not, and why
- Ensuring the IT team has the bandwidth to stay up-to-date
|
- Identifying the activities and data IT will monitor
- Clarifying the actions IT will take and under which circumstances
- Defining the BYOD privacy policy
- Critically assessing security policies and restrictions for sustainability
- Deploying core services (email, critical apps, WLAN access) to the employee
- Preserving the native experience
- Communicating compliance issues clearly to the employee
|
|
Trust Model
|
App Design and Governance
|
- Identifying and assessing risk for common security posture issues on personal devices
- Defining remediation options (notification, access control, quarantine, selective wipe)
- Setting tiered policy
- Establishing the identity of user and device
- Lending a critical eye to the sustainability of the security policy being instituted
|
- Designing mobile apps to match the trust level of personal devices
- Modifying app catalog availability based on device ownership
- Committing to the resource investment of building apps with personal devices in mind
- Updating app acceptable-use policies
- Defining enforcement levels for app violations (notification, access control, quarantine, or selective wipe
|
|
Liability
|
Economics
|
- Defining the elements of baseline protection for enterprise data on BYOD devices
- Assessing liability for personal web and app usage
- Assessing liability for usage onsite vs. offsite, and inside work hours vs. outside work hours
- Evaluating whether the nature of BYOD reimbursement affects liability (partial stipend vs. full payment of service costs)
- Quantifying the monitoring, enforcement and audit costs of the BYOD compliance policy
- Assessing the risk and resulting liability of accessing and damaging personal data (for example, doing a full instead of selective wipe by mistake)
|
- Shifting the cost of device hardware to the user and moving to a stipend model
- Controlling excess service charges through more responsible usage
- Establishing appropriate service plans, realizing some negotiating leverage might be lost
- Assessing the productivity impact of users being able to use their desired platforms
- Changing the help desk model (with BYOD, employees use the help desk as a last resort instead of a first resort)
- Reducing compliance and audit costs, if legal assessment shows lower liability with personal devices)
- Assessing tax Implications
|
|
Sustainability
|
Internal Marketing
|
- Securing corporate data
- Minimizing cost of implementation and enforcement
- Preserving the native user experience
- Staying up-to-date with user preferences and technology innovations
|
- Communicating why the company is moving to BYOD
- Understanding BYOD is an HR initiative as much as an IT initiative
- Defining IT's "brand"
- Supporting the brand message with appropriate action
|
BYOD holds tremendous promise across multiple dimensions. While many organizations look at BYOD as a possible way to reduce costs, the real value of a well-designed BYOD program is increasing employee satisfaction and productivity, while speeding up the rate of technology adoption in the enterprise.