We're living in a bring-your-own-device (BYOD) era: no-one wants to be stuck with an ancient work laptop or under-powered mobile when they can buy sexier options for less themselves. So how do you go about developing
The world of professional IT is filled with buzzwords, but they're often undefined, misunderstood and abused. This week, our Myths And Realities series defines some much-discussed concepts and busts some of the myths that surround them.
What BYOD Policy Is
Encouraging people to use their own device (phone, computer or tablet) has many benefits: workers are more likely to be engaged and can adopt more flexible working practices. However, it creates at least three distinct headaches for IT departments:
- The need to ensure staff can access applications and services reliably on multiple devices. While email is relatively straightforward, other business-specific apps can be troublesome.
- The need to ensure business data is secure and that those devices are kept patched and up-to-date.
- The need to support new devices when employees decide to upgrade or switch.
A BYOD policy aims to address these issues, defining what is acceptable in a specific business. It can range from the typical prescriptive policies of the pre-BYOD era (you must use devices chosen and managed by IT) to a "bring whatever you like and you will offer anything as web services" free-for-all. Many policies end up in a middle ground: popular devices are supported for basic services, and staff who want to use something else are responsible for dealing with issues that result from it not working. Mobile device management (MDM) platforms are often used to manage these deployments and provide added security and control.
What BYOD Policy Isn't
Something you can simply ignore. Even if you set a "no phones other than approved models" policy, people will bring their own personal devices anyway. That ship has sailed.
A one-size-fits-all proposition In any business, the range of applications and data needed will differ between employees. A travelling board member will have obligations regarding confidentiality and data security that won't apply to office-based workers further down the totem pole. Trying to create a locked-down environment for the latter is potentially a waste of your time.
An excuse to make staff buy their own equipment. If a tool is essential to get the job done, then the workplace should be paying for that, either by supplying the tool or by allowing the staff member to claim it. Saying "you have to have an iPad but we're not paying for it" isn't on; it's unethical and likely to lead to staff discontent.
BYOD Policy: The Challenges To Accept
Policy will need to evolve continuously New devices emerge constantly, and keeping track of all the options is time-consuming. Business needs can also evolve rapidly. Accept BYOD as an ongoing challenge, not something you can definitively "solve".
BYOD is part of broader security policy Many aspects of BYOD are required as business policy anyway. Issues such as how often passwords are changed or what happens to equipment when a staff member leaves have to be addressed anyway: BYOD simply creates new variants on these.
BYOD picture from Shutterstock