Embracing the trend for BYOD will have an impact on your business, but there are ways to make sure this is a positive impact and not a negative one. For example, it is suggested that employees using their own device may work up to 240 additional hours per year. In a webinar with Martin Callinan from Express Metrix, we looked at some of the things you should consider when creating and implementing a BYOD policy.
In Martin’s experience, most people are somewhere in the middle of having a formal policy and having an informal structure with regard to managing BYOD and asset management. Working towards a formal policy requires you to consider several factors:
- Eligibility – Which users will have access to what systems and information?
- Devices – What devices will we allow to access our network?
- Apps & data – What apps and data can user’s access? Will this cause a risk?
- Support – How will support work? If a user downloads a piece of software to their device and their device fails, yet they require the device to do their job, who should be responsible for fixing the device?
- Services – What services will IT offer and not offer?
- Financial – What is the cost/model approach? What are the short and long term implications?
As Martin says, “You cannot secure what you cannot see.” A main pitfall of any BYOD policy is not having accurate and trustworthy data, but this goes hand-in-hand with your policy. If your data isn’t accurate, your policy won’t be much use. The accurate tracking of devices and how those devices are being used within your organisation is critical; otherwise, you have an inherent security risk. This tracking is also fundamental to having control in a BYOD environment.
An often overlooked area of BYOD is governance and compliance. A user accessing an application from a device could trigger the need to purchase a license, which could be an unnecessary purchase if it’s not relevant to their job role. Compliance can be an unbudgeted spend. Controlling this situation is very important.
Introducing a BYOD policy can also help you to control costs. For example, it would be beneficial to track which users open what applications and also, how long they use the application for. This will help keep tabs on the number of licences required for each application. A person may open an application but not use it or not need it to do their job, but in doing so, they are consuming an unnecessary licence.
The main points to remember regarding a BYOD policy are:
- It’s essential to have data you can trust
- Treat BYOD like any other asset
- A policy will help to minimise risk regarding security and compliance
- A policy will help you be proactive in controlling your environment
Have you introduced a BYOD policy into your organisation? If so, how did you develop, communicate, update and manage your policy?