Is it time for BYOD?
Should you allow employees to bring their own device (BYOD) to the company? It is a question that many others raise. Are company data at risk? Can the company save thousands of dollars a year by not buying devices? Are employees finally getting the latest gadget they want?
The idea that employees use their own equipment at work is not new. The use of private vehicles for sales representatives, couriers and truck drivers has a long history in the industry. Likewise, enterprise mobility is not new. Companies such as Intermec and Motorola have developed suitable mobile devices since the 1970s. What has changed and continues to grow rapidly is the sophistication of consumer mobile devices. These are now more powerful and richer than ever before. With the explosion of mobile device technology, early adopters immediately brought the latest devices to the workplace. Before the iPad was released in Australia, it was used in Aussie’s workplaces to show videos, take notes, and access email. Therefore, the big question for companies is not “should we allow BYOD”, but “how do we allow BYOD”?
Success factors for the BYOD strategy
As we further explore the analogy of workplace vehicles, you will see some factors that ensure that they are used successfully. First, there are situations (dare I say applications) where it may not be appropriate to use a private vehicle. For specialist areas such as mining, police and health or where there is a need for branding, a company car can fit better. Second, there is a mature policy outlining how to use a private vehicle. For example, bicycle couriers can receive compensation per delivery, while taxi drivers must prepare and maintain their vehicle according to strict guidelines. Another challenge to consider is that employees expect to be able to use their private vehicle for their own purposes in their own time. So what should the Enterprise do to prepare for the BYOD that is already happening? A useful technique is to develop a BYOD strategy that includes requirements, risks, policies and technology.
Current use of mobile technology
The first factor to consider is how your business is currently using mobile technology. The most common answers are phone calls, emails and associated attachments, calendar, internet and map services. These features may be low for most, but keep in mind the specific risk to your business and data. If a competitor has found a phone, what data can they access? Can a malicious user release commercially sensitive information or compromise government regulations?
Companies are increasingly using or planning to use mobile technology to access the corporate network and back-end systems. These characteristics of mobility warrant a closer examination of the requirements and risks. These applications usually fall into the category of web-based or rich / native applications. Think carefully about the data and functions that mobile applications enable? Can a malicious user download all customer data? Some rich mobile applications are similar to the police car in the analogy of the vehicle and require specific equipment to work properly (for example, barcode scanning, a specific operating system or using a printer). It can help to document each type of user and the functions and applications they need.
Management of other risks and factors
While loss of IP and business data is paramount, there are a number of other factors that your business should consider for BYOD, including:
• Support Costs – How To Deal With Problems On BYOD Devices?
• Personal data – what if employee data is deleted or opened?
• Who pays – for the device, data, calls and support?
• Short lifetime – with models that change every 6 months, what will your upgrade plan be?
• Employees leaving – cleaning company data?
The right policy for your company
This is a real “horses for courses” question. I’ve worked with small businesses that love technology and use every feature, including geofencing and remote control devices for support, but don’t require strict rules for their data. On the other end of the spectrum are government-regulated industries that only use technology when needed and every feature needs to be encrypted and locked. In my opinion, sensible policies should protect the company without impeding productivity and innovation.
If you have a good idea of your requirements, data and risks, think about the policies that your company would like to include with regard to mobile devices. In fact, this policy may be appropriate for both BYOD and corporate devices. Most companies have an acceptable usage policy for their desktops and / or internet and this can be a good starting point. Don’t just think of the technical policy (e.g. security, authentication, password strength and data segregation), but also think of the commercial (which is who pays for the data, calls and support).
Mobile fleet management
I’ve seen a number of organizations where the mobile fleet is getting out of hand and monthly fees are paid for sleeping SIM cards that are on a shelf. Consider all device models, brands and operating systems you have in the field. Do you have a mix of old and new devices, iPhones for executives and rugged devices in the field?
Just because your business supports BYOD doesn’t mean it needs every type of consumer device. Look at the popular consumer device models and consider your business requirements and policies. You can whitelist suitable devices.
Supporting tools and solutions
Once you have a handle on BYOD requirements and policies, you may need to consider a toolset like Mobile Device Management (MDM) to help you implement your strategy. Typical MDM functions include:
• Application management
• Asset & lifecycle management
• Authentication, policy and security management.
An MDM can help separate personal and business data, establish a standard business environment (SOE), and support devices more easily. MDMs, however, depend on the functions of the operating system or hardware manufacturer. For example, you can view the screen remotely on a Windows mobile device, but an Apple device may not support this feature. Likewise, some MDM products are offered as a hosted service and others need to be installed on your own hardware. Examine the toolsets; a good starting point is the magic quadrant of Gartner for MDM. When you think of IOS, a great public resource is the Ministry of Defense’s IOS surfacing guide.
Employees always want to use the best tools and mobile technology is an area that continues to evolve. Be prepared for your business to take advantage of the benefits of mobility in a cost-effective way. Develop a BYOD strategy that takes into account requirements, risks, policies and technology. Remember, BYOD is taking place, but may not be suitable for every mobile business need.
BYOD may be suitable for:
• Phone calls
• Web-based applications
• Simple Workflow-like applications
• Reporting and Business Intelligence
BYOD may not be suitable for:
• Applications that rely on rich device integration such as RFID, scanning, keyboard or stylus
• When a specific operating system or API is required.
• Scenarios where a robust or IP rated device is required
• Where the business process depends entirely on the device