‘Bring your own device’ demands policy update

BYOD, and changing legislation, means now is a good time for enterprises to update their usage policies, says Ian Goss-Ross, CEO at Elingo.

May 6, 2013

BYOD, and changing legislation, means now is a good time for enterprises to update their usage policies, says Ian Goss-Ross, CEO at Elingo.

The complexities of managing the bring your own device (BYOD) trend are top of mind for CIOs now. There are clearly advantages to BYOD, but in the background, new user demands are creating a headache for IT.

BYOD is an open subject at this stage, and it is becoming a priority as more and more employees want access to their work via their own mobile devices. The arrival of the user-friendly tablet, with its large screen size, is making always-on access to enterprise applications from their own devices an attractive prospect for employees. Once they are accustomed to working with a particular device, they want to use the same device in all environments, including the office. We see this quite often with Apple Macbook users too – if they use this device in their personal capacity, they tend to want to use it at work as well. The positive spin-off of allowing BYOD is that employees are happier and enjoy greater work satisfaction.

The down side is that managing this proliferation of devices, operating systems and applications presents a number of challenges for IT, but these are not insurmountable.

There are a number of ways to enable BYOD and still retain effective management and security of enterprise applications and data. Using the cloud is one. Cloud computing is helping to drive BYOD, because the management and security of data and applications is entrenched in the cloud solution. Companies that already expose applications to a mobile workforce via the cloud are likely well equipped to adopt BYOD. These companies might extend their mobile enterprise strategy to allow employees to use any device – in the office or remotely – and use it as a virtual desktop.

Using mobile device management solutions from the key vendors is another way to simplify the management of this new environment. Although not all the enterprise mobile device management suites are mature, and some are quite costly and will require additional resources to run.

Potentially the most effective way to address the BYOD trend is to revisit IT usage policies to specify which devices may be used, what support and applications will be made available to them, and what rights the company has with regards to the devices of individuals when they are used to access enterprise applications. Most importantly, companies must ensure that they educate their staff about all of these aspects.

Many companies have outdated and ineffective usage policies. In light of new governance, risk and compliance demands, they need to update these policies. This makes now an opportune time to address BYOD too.

Companies need to consider what is required to allow the myriad devices to interact with their systems, addressing the levels of functionality to be enabled, the applications that must be accessed, and where the data will be stored. They need to consider the question of the cost and use of bandwidth on personal devices, the privacy issues raised for individuals when their devices double as company access devices, and they need to stipulate what levels of support will be provided to employees using their own devices.

For security purposes, policies need to state controls needed on devices, such as passcode access, time outs to lock devices, that all device software has to be up to date, and that no jailbroken or rooted devices may be used. The source and type of applications installed on the device might also come into question. To effectively manage new trends such as mobility and BYOD, the IT usage policies need to be very specific about the devices to be used and how they will be used and supported. This may require collaboration between IT, risk officers, management and HR to ensure that BYOD is enabled in a way that benefits employees but does not negatively impact on the business or its IT department.