Contact Us

|

Careers

|

Change Locale
close

Why Your BYOD Strategy Must Begin with a Usage Policy

From the experts | Posted on May 29, 2013 by Candice Garner

In a recent an article on CIO.com, Tom Kaneshige ponders the inevitability of class-action lawsuits by users whose companies cross the divide between the personal and the corporate in a BYOD environment. The blending of personal and company data and applications on user-owned devices becomes a potential minefield. What if company applications are collecting location data on employees after hours? What if IT accidentally does a remote wipe of users’ devices and erases their personal contacts, apps and data?

On the other hand, users expose the company system to potential compromise, too. Rogue apps, insecure Wi-Fi networks and generally poor security practices all pose an element of risk to the company network.

That’s why it’s critical to have a comprehensive BYOD policy up front — and equally critical that employees understand its implications. And defining a BYOD policy guides the technology decisions you’ll make further down the road.

So what goes into a good BYOD policy? Softchoice has had a BYOD policy in place now for about 12 months, and we’ve identified five things (the hard way) that need to be included in your BYOD usage policy from day one.

1. Who pays (and how). With employer-issued devices, the company shoulders a predictable cost. This is not the case for BYOD, since users can purchase from a wide selection of mobile devices. Put together a cost-neutral arrangement for device and data expense coverage and take into account a reasonable refresh rate.

2. Which devices and operating systems. Broadly speaking, there are two types of devices – laptops and mobile devices (including tablets). Policies may differ to reflect the device being used – for example, a 4G mobile connection has embedded security features that laptops connecting over WiFi don’t. Companies concerned about security and support costs might consider a “white list” of devices and operating systems that qualify for the BYOD program.

3. Who has access to what (aka Role-based access). Not everyone needs mobile access to every element of the company system, nor every company application. One common approach to this is role-based access is to assign each user a predefined profile that matches the needs of their corporate role. This also defines responsibility for management of the devices i.e. who’s responsible for installing or uninstalling corporate applications, pushing out updates, etc.

4. Clearly define company versus personal assets. What apps, data and features does the company have access to and control over? As an example, if corporate and personal contact information are stored in one place and a salesperson moves to a competitor, how does the company delete those sales prospects without wiping Mom’s phone number? Can the company use a device’s GPS capabilities to track employees? Here’s where a mobile device management (MDM) platform like Meraki can make a huge difference. But it’s still critical that the parameters between exactly what personal vs. business data is wiped need to be clearly defined and understood by the employee upfront.

5. Security requirements. For many employees, the definition of “workspace” is fluid — office, home, hotel, airport, coffee shop. It’s one of the attractions of mobility. But open environments can be insecure. That Wi-Fi hotspot in the cafe might not be secure, or worse, might actually be a rogue laptop collecting data. A BYOD policy has to define standards for public wireless use, like encryption types and virtual private network (VPN) access, when employees are connecting to the company network.

A BYOD policy also has to cover devices and data at rest. If the user’s device has sensitive data, particularly customers’ personal information, a BYOD policy should spell out encryption requirements and data loss prevention (DLP) protocols. Consider the number of headlines about personal data lost on USB sticks! Data leakage is a very real problem, and a potentially expensive one.

While a solid BYOD policy is complex, it’s critical to start from a policy and let that direct technology decisions, not the other way around. Retrofitting your solution to account for unforeseen issues is expensive and inefficient.

A good place to start is to evaluate where you stand now. Softchoice’s Mobile TechCheck service helps catalogue and identify mobile devices within the business and evaluate their impact.

What would you add (or remove) from this list? Let us know in the comments below and we’ll update the post.

Related Posts

The Death of the Desktop PC? What Does the Future Hold for This Technology? Much has been written on the long-term survival of the desktop PC. The proliferation of smartphones, tablets, and cloud computing within the enterprise is changing the way...
Securing Passwords in Business: What You Really Need To Know Another week, another breach! It seems like every week we're hearing about another major website's secure passwords being compromised. Personal information is either being l...
Behind the Scenes: Softchoice moves from BYOD towards BYOC This is the third entry in a series about how Softchoice implemented BYOC. We hope you find the series interesting and look forward to your comments and thoughts on your e...

Related Articles

In 2019, Softchoice’s Innovation Executive Forum (IEF) toured North American cities once again and learned first-hand how IT leaders are driving transformation and delivering outcomes in their organizations. In this new Digital Transformation Trends report, we bring you the Top 10 highlights from our roundtable discussions in Atlanta, Denver, and Toronto. These insights were shared by groups […]

Culture | January 20, 2020 by Karen Scott

Our Commitment   At Softchoice, we are committed to providing an engaging and inclusive environment where every employee can bring their whole self to work. Softchoice believes in creating an environment where all employees – regardless of gender, age, sexual orientation, race, religion or cultural background – feel accepted and supported to succeed. And I recognize that this […]

If the last 12 months have taught us anything about digital transformation leaders, it’s this: cybersecurity is a central concern. And it’s going to get harder before it gets easier. As we toured North America with the Innovation Executive Forum, cybersecurity came up in multiple contexts, across multiple industries, across a whole gamut of departments, […]