How an organization can create an effective BYOD strategy
If a company doesn’t own a device, control of it no longer needs to be a top priority.
This year has seen tremendous mobile device and operating system innovation – think of the new Android-based Samsung Galaxy Tab, the new Windows 8 tablets, and of course, the new iPad and iPhone 5.
These devices are changing the ways in which people communicate, collaborate, work, play and quite simply, live their lives.
It’s no surprise that when Forrester Research, Inc. did a study this year, they found that of those information workers who use a tablet regularly for work, 70% chose the device themselves and furthermore, 58% of IT organizations expect to see an increase in employees bringing in their own mobile devices to use at work.
Unfortunately, organizations today do not have a proper BYOD strategy in place – meaning companies are either saying no to personally owned devices, they are managing approval of these devices on an ad-hoc basis (for an executive as an example) with no easy way to enable these workers, or are allowing employees to use their device under the condition that IT can wipe it at any time.
Many may ask, “Why prevent users from purchasing their own devices, which in turn allows IT to cross this line item off their budgets? Isn’t this a good thing?” But, it is the fact that IT departments no longer have the comfort of the BES server and full control over the device that keeps many IT pros up at night.
Organizations have tried – and failed – to apply draconian IT tactics to BYOD and mobile devices. Imagine walking into the office on the first day with your new BYOD tablet and having your IT department grab it and install “required management software” that takes control over all your settings and allows IT to render all data on the device unusable whenever they want. As a user, would you accept this?
While strict device security measures are required for some use cases, this is not the way to manage a BYOD program.
When creating a BYOD strategy, IT must keep in mind what they are trying to enable and what they are trying to protect. For most organizations, their goal is to enable productivity and protect data. If they don’t own the device, device control no longer needs to be (and really shouldn’t be) a top priority.
Instead, IT should make sure they have:
1) Technologies in place that will provide secure, policy-based access to all of the applications a user will need to be productive, such as mobile application management for native mobile apps, app virtualization for Windows apps and single sign-on for web and SaaS apps.
2) Technologies to protect all of the information/data that a user will need to access, such encryption, mobile DLP and secure file sync and sharing tools that put data control in the hands of IT.
3) Using these types of technologies gives control back to IT, in spite of losing control of the device. But, that’s a good thing. Users can now use their personal devices, with all of their personal content, at the same time they access secured corporate content.
As an example, IT can make sure that every application that runs on a device requires confirmation the device has not been jailbroken, can only run when on a Wi-Fi network (opposed to 3G which would drive up telecom costs) and can be locked or wiped if lost or stolen.
As for data, IT can ensure that all data is encrypted on the device, that corporate data cannot be copied and pasted outside of a secure zone and can be wiped on-demand. All of this while leaving the user personal content untouched.
As the innovation in smartphone and tablets continues to rise, there is going to be greater pressure on IT to enable BYOD. And it should – it makes for more productive, happy workers and less cost for IT. With a BYOD strategy that puts the management, security and control of all business content squarely in the hands of IT, saying “yes” to the next big device is easy.