Contact Us

|

Careers

|

Change Locale
close

Why Your BYOD Strategy Must Begin with a Usage Policy

From the experts | Posted on May 29, 2013 by Candice Garner

In a recent an article on CIO.com, Tom Kaneshige ponders the inevitability of class-action lawsuits by users whose companies cross the divide between the personal and the corporate in a BYOD environment. The blending of personal and company data and applications on user-owned devices becomes a potential minefield. What if company applications are collecting location data on employees after hours? What if IT accidentally does a remote wipe of users’ devices and erases their personal contacts, apps and data?

On the other hand, users expose the company system to potential compromise, too. Rogue apps, insecure Wi-Fi networks and generally poor security practices all pose an element of risk to the company network.

That’s why it’s critical to have a comprehensive BYOD policy up front — and equally critical that employees understand its implications. And defining a BYOD policy guides the technology decisions you’ll make further down the road.

So what goes into a good BYOD policy? Softchoice has had a BYOD policy in place now for about 12 months, and we’ve identified five things (the hard way) that need to be included in your BYOD usage policy from day one.

1. Who pays (and how). With employer-issued devices, the company shoulders a predictable cost. This is not the case for BYOD, since users can purchase from a wide selection of mobile devices. Put together a cost-neutral arrangement for device and data expense coverage and take into account a reasonable refresh rate.

2. Which devices and operating systems. Broadly speaking, there are two types of devices – laptops and mobile devices (including tablets). Policies may differ to reflect the device being used – for example, a 4G mobile connection has embedded security features that laptops connecting over WiFi don’t. Companies concerned about security and support costs might consider a “white list” of devices and operating systems that qualify for the BYOD program.

3. Who has access to what (aka Role-based access). Not everyone needs mobile access to every element of the company system, nor every company application. One common approach to this is role-based access is to assign each user a predefined profile that matches the needs of their corporate role. This also defines responsibility for management of the devices i.e. who’s responsible for installing or uninstalling corporate applications, pushing out updates, etc.

4. Clearly define company versus personal assets. What apps, data and features does the company have access to and control over? As an example, if corporate and personal contact information are stored in one place and a salesperson moves to a competitor, how does the company delete those sales prospects without wiping Mom’s phone number? Can the company use a device’s GPS capabilities to track employees? Here’s where a mobile device management (MDM) platform like Meraki can make a huge difference. But it’s still critical that the parameters between exactly what personal vs. business data is wiped need to be clearly defined and understood by the employee upfront.

5. Security requirements. For many employees, the definition of “workspace” is fluid — office, home, hotel, airport, coffee shop. It’s one of the attractions of mobility. But open environments can be insecure. That Wi-Fi hotspot in the cafe might not be secure, or worse, might actually be a rogue laptop collecting data. A BYOD policy has to define standards for public wireless use, like encryption types and virtual private network (VPN) access, when employees are connecting to the company network.

A BYOD policy also has to cover devices and data at rest. If the user’s device has sensitive data, particularly customers’ personal information, a BYOD policy should spell out encryption requirements and data loss prevention (DLP) protocols. Consider the number of headlines about personal data lost on USB sticks! Data leakage is a very real problem, and a potentially expensive one.

While a solid BYOD policy is complex, it’s critical to start from a policy and let that direct technology decisions, not the other way around. Retrofitting your solution to account for unforeseen issues is expensive and inefficient.

A good place to start is to evaluate where you stand now. Softchoice’s Mobile TechCheck service helps catalogue and identify mobile devices within the business and evaluate their impact.

What would you add (or remove) from this list? Let us know in the comments below and we’ll update the post.

Related Posts

What are your options when your existing PCs aren’t compatible with Windows... Want to save time and money on your Windows 7 deployment? Virtualize!  If you’re a stalwart IT decision maker who stuck by Windows XP for the last decade, you’re finally co...
Wireless Networks: 6 Tips To A Successful Deployment With the rapid increase in everyone’s needs for mobility, wireless technologies are becoming more and more important all the time. A well implemented wireless network impro...
Find Out If You Have Data Quality Issues With Our 4 Measures of Data Qualit... Managing proprietary and public-facing data is key to your core business, growth and reputation and means that it is necessary to manage business and data growth while als...

Related Articles

Culture | July 5, 2019 by Alex Macks

As an organization that strives towards gender balance, Softchoice took part in a recent weeklong boot camp for women in tech sales in partnership with Talent Minded and The Revenue U.

Culture | July 5, 2019 by Alex Macks

The Softchoice co-op program enables students to gain hands-on experience across a variety of fields. I recently had the opportunity to talk to one of the co-op students about her experience at Softchoice.

Microsoft | June 20, 2019 by Susana Byun

Learn how the Microsoft Cloud Solution Provider (CSP) program helps partners add value while their customers gain flexibility Editor’s note (June 2019): We updated this post to reflect the latest CSP news and Softchoice webinar which can be viewed below.  Technology acquisition continues to evolve – away from physically owned infrastructure and towards cloud subscription […]