Like it or not, BYOD has arrived. Here’s what you need to know.
BYOD Facts (with the Stats to Back it Up)
- Most companies are now on board. In 2013, 60 percent of companies supported BYOD (from Exinda). 74% of respondents in a Tech Pro Research Report said that their organization was planning to use BYOD by 2014.
- People using BYOD tend to like it. Employees who can use personal smartphones and tablets in the office are generally more satisfied (Cisco). Nearly half of IT managers strongly agree that BYOD has a positive impact on the output of workers (Intel)
- Employers won’t be buying as many computers. The Good Technology State of BYOD Report states that 50% of enterprises with BYOD programs are requiring workers to cover all costs. By 2017, one in two firms will no longer provide devices to their employees (Gartner).
- Employees will bring their own device – no matter what. 67% of people use personal devices at work, regardless of the office’s official BYOD policy (CBS News).
- BYOD saves time. Employees report productivity gains, saying the BYOD allows them to be more efficient and more available to their colleagues. Employees using BYOD in The United States save an average of 81 minutes per week (Cisco).
- BYOD means big money. The global market for BYOD will increase from $67.21 billion in 2011 to about $181.39 billion by the year 2017 (from MarketsandMarkets)
BYOD Questions You Need to Be Asking
What Devices Should You Support?
Not every device is created equal. Some won’t be worth the cost/risk of support. Some companies are all Mac or all PC, others throw in Linux. For some, mobile may seem too expansive. But by going desktop/laptop only, those companies miss out on the big “anywhere and always on” benefits of BYOD.
If you’re going to dive into mobile, here is a list of some of the most common mobile devices:
- Android: Samsung, Motorola, HTC, LG, Sony Ericsson, Huawei, Dell, Lenovo, Acer, Asus
- Windows Phone 8: Nokia, HTC, Samsung
- iOS: All Apple devices
- Blackberry: All Blackberry devices
Where are your users located?
The cloud has made a worldwide workplace a reality. But risk and complications increase with geographic distance – especially across international borders. “Areas with rigorous privacy legislation such as the EU and Brazil also affect the legal workload and nature of the security controls needed to stay compliant,” reports EY ( 2013).
What’s your company’s BYOD risk tolerance?
Not every work document is top-secret. Different companies have different security needs. Decide where you stand on the spectrum:
A more defensive, low-risk approach will allow fewer types of devices, implement more restrictive policies, and provide full help desk support.
A more aggressive, higher-risk approach will allow users self-help, along with using more devices and more corporate apps (not just email and calendar apps).
What do your employees want in BYOD?
Ultimately, BYOD comes down to employees and their devices. Take a look at our suggestions for user survey questions in the best practices section below.
Are there any special compliance requirements for my industry or nation?
There are no “one-size-fits-all” answers for BYOD. Do your due diligence for your company.
How much control should the company have over the employee’s device and content?
This is both a security and an HR issue. A balance must be struck between granting user freedom and maintaining device control. Your answers here may have legal consequences for data ownership.
What restrictions on access, if any, are there?
For BYOD to be effective, employees don’t necessarily need access to everything. Consider keeping some doors closed to personal devices.
What happens to company data on a personal device when the employee leaves the company?
A disgruntled former employee with access to important information, resources, and credentials is every employer’s worst nightmare. Don’t let BYOD be the loophole that lets it happen. Establish the “right to wipe” company data and a clear exit policy. Ideally, agents should be installed on each device for remote control.
BYOD Best Practices
Survey Your Employees on BYOD
A BYOD program that is too restrictive, or lacks support for the right devices, will result in a lack of participation and wasted time and money. To avoid these pitfalls, you need to gather employee input early in the preparation phase.
Survey questions could include:
- Which OS/devices employees currently own / plan to use?
- Rate your comfort with self-service support for your device(s): 1 2 3 4 5
- Most used / most valuable corporate app(s):
- What are your biggest concerns, if any, with BYOD?
Initiate Conversations Across Sectors of the Organization
It’s important to get buy-in from the top to the bottom of the company.
That will mean addressing each sector’s particular concerns. Finance will likely want to know if the program will cost the company money; HR will want to know about personal data on devices. The IT department, of course, will be thinking about their scope of responsibility in device management and security.
Make a BYOD Policy
90% of workers in the United States are using their personal smartphones for work purposes (Cisco). But A 2014 survey from Software Advice revealed that only 39% of companies have a BYOD policy in place.
“The gap between BYOD use and BYOD policies is both staggering and frightening,” remarks Alan Shimel, Editor-in-Chief of DevOps.com. On the bright side, by simply establishing a policy, you’ll be ahead of the pack.
Here are some sections to include in a company BYOD policy:
- List of permitted devices
- Lay out Security Policy
- Establish a Service Policy
- Determine Ownership over apps and data
- List of Allowed / Banned Apps
- Set up terms in case of employee exit / termination
Actually Enforce Your BYOD Policy
In Doing More Faster, Alan Shimel explains the two approaches to enforcing a BYOD policy:
“The first is a soft, honor system,” he says. If you go this path, Shimel says to make sure you “explain what is, and what is not, allowed and expect employees to follow the rules. Clearly communicate the repercussions for failure to follow the rules.”
Some companies will prefer the control of a more pro-active approach. Again, Shimel explains, “You would use a tool like a Mobile Device Manager (MDM), and install an agent on a user’s device (or an app). This gives you insight into the usage of the device and allows you to restrict data it can see, and/or what data the agent can save or transmit.”
Neither approach is without its challenges. “One of the issues with MDM is that many employees do not want to give up access to their own device to their employer. Also a large issue is one of privacy. Employees don’t want their employer seeing what they do outside of their work environment.”
Educate Your Policy
It’s not enough to just put the rules written out in your BYOD policy, you must actually put it in the heads of your staff. This means required training, regular reminders, and one-on-one conversations. A well-educated team of BYOD users is IT’s best friend. But it’s not enough for your staff to just know the rules; they must actually believe in them.
“Don’t forget to educate on ‘the why’ as well,” says Shimel. Employees tend to view BYOD policies as arbitrary and don’t understand the reasons behind them. So naturally, they subvert them. Educating staff on the reasons behind the policy makes it more likely they will adhere to it.
Upgrade Your Infrastructure to Support BYOD
A true BYOD infrastructure can be quite the undertaking, one better suited for larger businesses. Yet, in many ways small businesses stand to benefit the most from BYOD.
Here are the roles to fill:
- Systems Engineer
- Device Expert
- Security Expert
- Applications Developer
- Service and Support Resources
Multiple roles can sometimes be filled by one person, but they had better be well-trained or a fast learner. Regardless, BYOD can be a big burden for your IT team to carry alone.
If you want upgrade your infrastructure the easy way, hire a cloud infrastructure. Directory-as-a-Service options exist that essentially allow you to outsource these roles and responsibilities to a dedicated team that specializes in cloud directory services.
Install Strong Security Systems
Your BYOD security checklist should include:
- Know every device on your network (can be achieved with RADIUS)
- Control user access to IT resources
- Have the ability to remotely wipe data
Note: Interested in locking down Macs? Here’s our article on BYOD Mac security.
Put A “Breach Plan” in Place
“As the business owner, assume the worst,” advises Shimel. “Planning for an incident and having an action plan in place is what separates the winners from the losers in many security incident situations.”
The breach plan should include what you do in case of device theft, hack, or a disgruntled terminated employee. It is wise to have previous arrangements with any security contractors you will need to hire in case of an emergency. “Have a checklist and make sure key players know what is expected of them,” says Shimel.
Continue to Evolve and Improve your BYOD Approach
As with all things in the world of business technology, you’re aiming at a moving target. Part of a good BYOD policy is being flexible, staying in the know, and continuing to change and evolve.
If you’re not sure that your company is ready to be ever-vigilant on this front, you can again consider hiring a service to streamline your BYOD policy and make sure a specialized team is keeping your business on the cutting edge.
BYOD Resources and Recommended Reading
MobileIron’s “Ultimate Guide to BYOD” [whitepaper]
This 21-page document walks you through making the transition to BYOD. Register to download.
Teresa Meek’s “10 Things You Need to Know about BYOD” [article]
This great, short piece in Forbes lays out the basics of BYOD in bite-sized form.
BYOD: Security Risks and Considerations for Your Mobile Device Program [pdf]
This Sept 2013 report from EY lays out a framework specific for mobile devices.
The Guide to Doing More Faster, Now with IT Control [ebook]
This is JumpCloud’s very own guide to navigating the exciting opportunities and challenges that new advances in IT offer, from DevOps to Remote Workers and – of course – BYOD.
We’ve done everything in our power to jam-pack this page with every BYOD fact, question, best practice, and resource… but maybe you know about something that we left out. If so, drop us a line on our contact page.