Contact Us

|

Careers

|

Change Locale
close

Why Your BYOD Strategy Must Begin with a Usage Policy

From the experts | Posted on May 29, 2013 by Candice Garner

In a recent an article on CIO.com, Tom Kaneshige ponders the inevitability of class-action lawsuits by users whose companies cross the divide between the personal and the corporate in a BYOD environment. The blending of personal and company data and applications on user-owned devices becomes a potential minefield. What if company applications are collecting location data on employees after hours? What if IT accidentally does a remote wipe of users’ devices and erases their personal contacts, apps and data?

On the other hand, users expose the company system to potential compromise, too. Rogue apps, insecure Wi-Fi networks and generally poor security practices all pose an element of risk to the company network.

That’s why it’s critical to have a comprehensive BYOD policy up front — and equally critical that employees understand its implications. And defining a BYOD policy guides the technology decisions you’ll make further down the road.

So what goes into a good BYOD policy? Softchoice has had a BYOD policy in place now for about 12 months, and we’ve identified five things (the hard way) that need to be included in your BYOD usage policy from day one.

1. Who pays (and how). With employer-issued devices, the company shoulders a predictable cost. This is not the case for BYOD, since users can purchase from a wide selection of mobile devices. Put together a cost-neutral arrangement for device and data expense coverage and take into account a reasonable refresh rate.

2. Which devices and operating systems. Broadly speaking, there are two types of devices – laptops and mobile devices (including tablets). Policies may differ to reflect the device being used – for example, a 4G mobile connection has embedded security features that laptops connecting over WiFi don’t. Companies concerned about security and support costs might consider a “white list” of devices and operating systems that qualify for the BYOD program.

3. Who has access to what (aka Role-based access). Not everyone needs mobile access to every element of the company system, nor every company application. One common approach to this is role-based access is to assign each user a predefined profile that matches the needs of their corporate role. This also defines responsibility for management of the devices i.e. who’s responsible for installing or uninstalling corporate applications, pushing out updates, etc.

4. Clearly define company versus personal assets. What apps, data and features does the company have access to and control over? As an example, if corporate and personal contact information are stored in one place and a salesperson moves to a competitor, how does the company delete those sales prospects without wiping Mom’s phone number? Can the company use a device’s GPS capabilities to track employees? Here’s where a mobile device management (MDM) platform like Meraki can make a huge difference. But it’s still critical that the parameters between exactly what personal vs. business data is wiped need to be clearly defined and understood by the employee upfront.

5. Security requirements. For many employees, the definition of “workspace” is fluid — office, home, hotel, airport, coffee shop. It’s one of the attractions of mobility. But open environments can be insecure. That Wi-Fi hotspot in the cafe might not be secure, or worse, might actually be a rogue laptop collecting data. A BYOD policy has to define standards for public wireless use, like encryption types and virtual private network (VPN) access, when employees are connecting to the company network.

A BYOD policy also has to cover devices and data at rest. If the user’s device has sensitive data, particularly customers’ personal information, a BYOD policy should spell out encryption requirements and data loss prevention (DLP) protocols. Consider the number of headlines about personal data lost on USB sticks! Data leakage is a very real problem, and a potentially expensive one.

While a solid BYOD policy is complex, it’s critical to start from a policy and let that direct technology decisions, not the other way around. Retrofitting your solution to account for unforeseen issues is expensive and inefficient.

A good place to start is to evaluate where you stand now. Softchoice’s Mobile TechCheck service helps catalogue and identify mobile devices within the business and evaluate their impact.

What would you add (or remove) from this list? Let us know in the comments below and we’ll update the post.

Related Posts

7 Technologies That Make BYOD a Reality Let’s start with the obvious. There is no silver bullet, one-size-fits-all checklist for creating the perfect Bring Your Own Device strategy. Every organization is comp...
Behind the Scenes: Building a great BYOC Team This is the second in a series about how Softchoice implemented BYOC. We hope you find the series interesting and look forward to your comments and thoughts on your experi...
Services Spotlight: Manufacturing Industry Podcast Over the years, we've worked closely with a variety of market segments,to help them adapt, grow and thrive in spite of economic change and technology evolutions.With all tha...

Related Articles

Culture | October 10, 2019 by Alex Macks

Softchoice’s co-op students are hired for their fresh ideas and wealth of knowledge they bring to our Softchoice teams. Ranjit Singh wrapped up his third consecutive co-op term with Softchoice in Summer 2019. He now works part-time as a .NET Developer while completing his last semester at Sheridan College in the Software Development and Network […]

Innovation Executive Forum | September 13, 2019 by Karen Bader

Enterprises today understand the requirement to combat slow and low end-user adoption, especially when the solutions are intended to transform the way people work, as with new communications and collaboration tools. For years, Softchoice has been offering end-to-end, turnkey adoption services, helping businesses across North America unlock more value, quickly, from their key collaboration investments. […]

Uncategorized | August 28, 2019 by Susana Byun

Here are your top 10 must-read Microsoft announcements from August 2019 curated by Softchoice: