Do you access business data from your personal devices? Does your business allow you to store and access critical data from your phone? Have you thought about the severity if you were to compromise this data from a device that was not business issued?
The notion of employees using their personal tools at work isn't new. There is a long history of employees using private vehicles for sales representatives, couriers, and truck drivers. Similarly, enterprise mobility is not new. Businesses like Intermec and Motorola have developed a usage for mobile devices since the 1970s. What has changed and continues to progress is the sophistication of consumer mobile devices. More powerful and feature-rich than ever before, mobile device technology has been increasingly emerging in the workplace. The question you should be asking yourself is not should we allow BYOD, but how can we leverage BYOD to grow?
BYOD strategy success variables
If we investigate the analogy of vehicles in the workplace, you will see some regulating variables that ensure their successful use. Firstly, there are situations, dare we say uses, where it may not be appropriate to utilize a private vehicle. For specialist fields like mining, police, and healthcare or where there's a need for branding, a business vehicle may be a better fit. Secondly, there are mature policies that summarize how a private vehicle can be used. For example, cycle couriers may get a fee per delivery whereas taxi drivers must prepare and service their vehicle following strict guidelines. Another challenge to consider is that employees expect to be able to utilize their private vehicle in their own time for their own purposes. So what should the business do to prepare for BYOD? A useful technique would be to develop a BYOD strategy that encompasses the requirements, threats, policies and technology that apply specifically to your business.
Present use of mobile technology
The very first variable to consider is how your company now uses mobile technology. The most common responses are phone calls, e-mails, calendar, the internet and CRM applications. These features may be of low or high confidentially depending on your industry. Determine the specific risk to your business if a competitor was to have access to this information. Could a malicious user release commercially sensitive information or compromise a government regulation?
Increasingly, businesses already use or are planning to make use of mobile technology to access their corporate networks and back-end systems. These features of mobility warrant a closer review of the demands and dangers associated. Carefully consider what data and information will be accessible from these devices. How will it be accessed? Will your IT department have control over the permission settings and the ability to track who has accessed and when? Could a malicious user download all of the customer info? Some rich applications are similar to the police car in the vehicle analogy and need specific gear to run properly (e.g. bar code scan, a specific Operating System, or credit card reader).
Managing other risks and variables
Some variables your business should consider for BYOD in order to develop the correct polices:
• The cost of support - how will you handle problems on these mobile devices?
• Personal data - what if worker data is wiped or compromised?
• Who is paying - for the device, data, calls and support?
• Brief lifespan - with models changing every six months what'll your upgrade strategy be?
• When employees leave – who/how removes the businesses data?
The right policies for your enterprise
We have worked with small businesses that love technology and utilize every characteristic including geo-fencing and remote management tools for support but don't require stringent regulations on their information. At the opposite end of the spectrum, government controlled industries that simply use technology when they have to with every feature encrypted and locked down. Practical polices should shield the Business without hamstringing productivity and innovation.
When you have a good picture of your requirements, think about the policies that your business would wish to include for personal devices. These policies may be suitable for both BYOD and corporate devices. Most Enterprises have an acceptable use policy for their desktop computers or the internet which could be leveraged as a starting point. Do not just consider the technical policies, for example security, authentication, password strength and data segregation, also think about the commercial, that is who pays for the information, calls and support.
Handling the mobile device fleet
In many organizations the mobile fleet is unregulated, causing applications to sit on the shelf while the organizations pays for it. Consider all the versions, brands and operating systems that you have out in the field. Do you have a mix of old and new devices, lightweight laptops and rugged devices in the area?
Just because your business will support BYOD does not mean it can support every type of consumer device on the market. Look at the popular consumer device models and consider your enterprise conditions and policies. You can create a whitelist of devices that are appropriate.
Supporting tools and options
After you determine the BYOD requirements and policies, you may need to consider a tool-set like Mobile Device Management (MDM) to help with the execution of your strategy. Typical MDM characteristics comprise:
• Remote Management, Control & Wiping
• Asset & life-cycle management
• Authentication, policy & security direction.
A MDM can help segregate personal as well as corporate information, set a standard operating environment (SOE) and support numerous devices with ease. MDM solutions can either be hosted through a provider or installed locally on your infrastructure.
Employees constantly want to leverage the very best tools and mobile technology. BYOD allows employees the freedom to do just that. However, businesses need to be prepared for this trend in order to provide the freedom to their employees in a cost-effective way. It is vital you develop a BYOD strategy that considers the requirements, threats, policies, and technology specific to your particular business. If you have any questions or are not sure where to start in terms of BYOD, reach out to one of our experts at 212-376-4040 or emails us at hello@consultcra.com. We are always more than happy to point you in the right direction.