We’re living in a bring-your-own-device (BYOD) era: no-one wants to be stuck with an ancient work laptop or under-powered mobile when they can buy sexier options for less themselves. So how do you go about developing
The world of professional IT is filled with buzzwords, but they’re often undefined, misunderstood and abused. This week, our Myths And Realities series defines some much-discussed concepts and busts some of the myths that surround them.
What BYOD Policy Is
Encouraging people to use their own device (phone, computer or tablet) has many benefits: workers are more likely to be engaged and can adopt more flexible working practices. However, it creates at least three distinct headaches for IT departments:
- The need to ensure staff can access applications and services reliably on multiple devices. While email is relatively straightforward, other business-specific apps can be troublesome.
- The need to ensure business data is secure and that those devices are kept patched and up-to-date.
- The need to support new devices when employees decide to upgrade or switch.
A BYOD policy aims to address these issues, defining what is acceptable in a specific business. It can range from the typical prescriptive policies of the pre-BYOD era (you must use devices chosen and managed by IT) to a “bring whatever you like and you will offer anything as web services” free-for-all. Many policies end up in a middle ground: popular devices are supported for basic services, and staff who want to use something else are responsible for dealing with issues that result from it not working. Mobile device management (MDM) platforms are often used to manage these deployments and provide added security and control.
What BYOD Policy Isn’t
[related title=”More On BYOD” tag=”byod” items=”8″]
Something you can simply ignore. Even if you set a “no phones other than approved models” policy, people will bring their own personal devices anyway. That ship has sailed.
A one-size-fits-all proposition In any business, the range of applications and data needed will differ between employees. A travelling board member will have obligations regarding confidentiality and data security that won’t apply to office-based workers further down the totem pole. Trying to create a locked-down environment for the latter is potentially a waste of your time.
An excuse to make staff buy their own equipment. If a tool is essential to get the job done, then the workplace should be paying for that, either by supplying the tool or by allowing the staff member to claim it. Saying “you have to have an iPad but we’re not paying for it” isn’t on; it’s unethical and likely to lead to staff discontent.
BYOD Policy: The Challenges To Accept
Policy will need to evolve continuously New devices emerge constantly, and keeping track of all the options is time-consuming. Business needs can also evolve rapidly. Accept BYOD as an ongoing challenge, not something you can definitively “solve”.
BYOD is part of broader security policy Many aspects of BYOD are required as business policy anyway. Issues such as how often passwords are changed or what happens to equipment when a staff member leaves have to be addressed anyway: BYOD simply creates new variants on these.
BYOD picture from Shutterstock
Comments
2 responses to “BYOD Policy 101: Myths And Realities”
Yes you can “ignore” byod. Staff may bring devices to work, but that it turn does not mean companies have to support them. Its the same with cars, or other work tools. Employees may bring their own, but it doesn’t mean they automatically get to use them over work vehicles or tools. Staff use what the company tells them to use. It really is that simple.
Not if you want to keep all your staff from leaving, or from working as efficiently as they can. These are the devices that people are using all day every day – if a policy is too restrictive it will affect productivity in a serious way. People have every right to complain if the companies policies make them less efficient or are making their work less enjoyable for no reason. It really isn’t as simple as you want to make it.
These are all great tips for BYOD, but I really think securing the data is the most important. Having a good BYOD security policy is an important start, but the training of staff about the policy is critical to it’s success. Our hospital put a BYOD policy in place to use Tigertext for HIPAA compliant text messaging, but the doctors still used their unsecure regular SMS text messaging. Even though we had a good BYOD policy, it wasn’t enough; we had to bring each doctor in to admin for training and explaining the HIPAA issues and how to use the app correctly. Now we have the doctors in compliance which has significantly lowered the cybersecurity risks and increased productivity for the doctors and the hospital. Here is an example of a BYOD policy similar to ours: http://www.hipaatext.com/wp-content/uploads/2013/03/BYOD-Policy-20130213.pdf