Policy creation is the most important aspect of BYOD beyond the technology itself. Each organisation will have its own challenges and opportunities.
Ask your customers whether they will need to allow all devices, or only those that meet certain IT criteria. Will they provide employees with a stipend? Will they allow them to buy them but pay the data plan?
Will any types of applications, such as data sharing apps, porn, or music be forbidden? Who will be responsible for supporting the device? The technology chosen should support the policy.
The idea is not to bring more users to the helpdesk as this defeats the purpose of BYOD. One solution is that all devices are configured over the air to maximise efficiency for IT and the employees.
Users should initially agree to an acceptable usage agreement. Then settings can be delivered over the air, and access to email contacts, corporate documents and content should be automatic. Policies should also restrict access to certain business apps.
They should also be warned when they are using too much data. They may not be concerned with corporate or regulatory compliance issues when it comes to using their own devices in the workplace, so this also needs to be considered.
Personal data must be separated from business-critical applications. Sensitive information must be protected by IT, especially if an employee leaves the organisation. In contrast, recreational activity such as sharing photos with friends via Facebook should remain untouched by corporate IT.
Not only will users appreciate this approach, but so will the IT department, where life will be infinitely easier as a result. IT can wipe corporate data selectively when an employee leaves.
If a staff member loses his or her device, the entire appliance can be wiped. Mobile device management offerings should be deployed that can provide an IT manager with this choice, balancing corporate governance with individual privacy.
Lastly, companies need to have a way to enable or disable new devices and OS features as they become available. Any lag in the IT department's ability to do this will increase risk and create security gaps, and perhaps even reduce productivity.
When iOS 5 was released, there were many concerns about corporate data leakage into Apple's cloud storage. Only companies that implemented mobile device management which provided immediate OS feature updates had the tools to block or allow iCloud.
Unfortunately, many organisations were stuck waiting for their vendor to release a support update, leaving their data at risk.
David Lingenfelter is information security officer at Fiberlink
Telco also announced series of initiatives to drive digital growth in the UK
Nana Baffour opens up on Getronics' mammoth acquisition of Pomeroy
Analyst predicts SaaS will remain the dominant segment in the market as it grows 17 per cent in 2019
NSS Labs claims vendors are refusing to have their products tested effectively and are trying to restrict its access