Our Thoughts on BYOD Best Practices
Posted on April 9, 2012 by Rachael Noble
Recently, I attended Enterprise Connect – Communications Transforming Business in Orlando, FL where I enjoyed meeting folks in the IT industry and seeing the latest in technology from Avaya, Cisco, Airwatch, the major wireless carriers, and more.
Bring Your Own Device (BYOD) was once again the biggest topic on everyone’s agenda, thus prompting me to once again touch on this ever-growing trend. The following information is courtesy of the event’s expert panel, excerpts from some of the conversations I had with individuals on the ground floor, and our experience helping customers evaluate a BYOD transition here at MOBI.
More than 12 thoughts on BYOD best practices:
- Limit device choice – for instance, perhaps only allow iPhones to be brought in as BYOD. Choosing a more secured offering could ease some security concerns and reduced end-user complaints about not getting to bring their own devices (sometimes one option is better than no option).
- One of the only ways to actually reduce cost if going to BYOD is to either not provide a stipend or to allow a stipend that is less than what a bulk negotiated carrier contract would provide.
- Policy should be decided upon and enforced in the specific scenario of an employee with a BYOD device who goes overseas using a domestic data plan, performs work for the company on that device, and then racks up high usage and fees. Does the company pay for that expensive use or does the individual?
- Companies should define protocols for what to do if the company offers a stipend for the device (hardware), end users use their devices for company use, and they lose or break their device. Does the company pay for a new device? Provide a stipend for replacement? Offer a cheaper device as a replacement if the original device was say, an iPhone?
- Zero support policy doesn’t work. In other words, if a company wants to go BYOD, don’t expect IT to be off the hook for providing support.
- Before going BYOD, the decision maker should bring in all departments to help make the decision and finalize the details – finance, IT, HR, supply chain, security, etc.
- Obviously, one thing we hear frequently is that the decision should be made as to who owns the phone number. A recommended policy is for end users to sign a policy stating if their Individual Liable (IL) phone is connected to company network and data that if that employee leaves the company, they turn their phone number over to the company.
- Choose who should have a device, then which applications.
- One of the most under-emphasized BYOD best practices is establishing policy, making it clear and following through. This must be done in order to ensure BYOD best practices.
- If a company uses a Mobile Device Managment (MDM) security product, a policy should be created stating that the company reserves the right to wipe the device of any and all content at any time (and yes, this can include baby pictures).
- A security risk to take into consideration when migrating to BYOD is any iCloud type of service where, at this time (at least until this technology is made more secure), even if a company wipes the device the employee can still get the information from the cloud.
- Something to consider about not offering help desk to BYOD users: if no support is offered by IT, end-users will often go to online forums for help. A lot of times they’re getting wrong information about how to fix the device or to modify settings that they shouldn’t change. In addition, there are some pretty intelligent people on these forums who offer advice on how to bypass MDM security applications, how to jailbreak, etc.
- A spokesperson from the Enterprise Mobility Forum says that a good practice for companies is to use the Corporate Owned, Personally Enabled (COPE) method for BYOD. According to this article, this method would look like the following: “The device (and the corporate data that resides on it) is fully managed and controlled, but also allows for employees to install the apps they like for their personal use.”
- An interesting factoid: In France, Germany, South Korea, and Italy, if a company or individual wipes a device that they don’t own (such as a company wiping an IL device), they can go to jail because it’s illegal.
What BYOD best practices and questions do you have? Please leave them in the comments below and we’ll be happy to address them, no matter the complexity.