Problem solve Get help with specific problems with your technologies, process and projects.

BYOD FAQ: Answers to IT’s burning questions about BYOD

There’s no one way to handle BYOD, but this BYOD FAQ can help IT pros find the right path when it comes to application control, app delivery and BYOD policy.

The BYOD movement has taken hold, and it looks like it’s here to stay.

Employees want to use their personal devices to work more efficiently and effectively, but for IT, it’s more complicated than just setting up email access on a smartphone. The bring your own device (BYOD) phenomenon creates tough challenges for admins.

If you’re wondering how you can securely manage a BYOD program and deliver enterprise apps to personal devices, then you’ve come to the right BYOD FAQ. Take a look at the answers to these frequently asked questions about BYOD, and you’ll learn how to implement and enforce policies that will improve the success of BYOD in your organization.

How can I control apps on BYOD devices?

The best way IT can control apps on BYOD devices is to have an acceptable use policy in place. Since BYOD adoption has picked up, IT pros have less control over the apps employees use. A policy that lays out expectations and consequences for users can improve the success of your BYOD initiative. Mobile device management (MDM) systems also offer application controls through their blacklisting and whitelisting features. In addition, those with auto-quarantine or remote wipe capabilities also help in the event that a user installs non-compliant apps on his or her device.

How can my organization create a BYOD policy?

Every organization’s BYOD policy is a little different, because policies are most effective when they’re organization-specific. The most important thing you can do is create a policy as soon as you decide to allow users to bring their own devices to work. The basic points of good BYOD programs address the same things: how users should protect devices, what they can and can’t access and what will happen if and when they leave the company.

A strong BYOD policy should also consider device selection, reimbursement, MDM, device security and mobile application security. Also think about how you’ll enforce BYOD policy once it’s in place.

What mobile app delivery options does my department have?

There are four good mobile app delivery approaches, but each has pitfalls.


Using desktop virtualization for BYOD security and management

Enterprise app stores give IT licensing and compliance control and let users download pre-approved mobile applications, but they require a lot of maintenance and resources. Web apps are compatible with different devices and don’t need a distribution system, but without an Internet connection, they aren’t practical. Cloud file-sharing services are good for app delivery, since most employees are already familiar with services such as Dropbox. If you chose the cloud option, you’ll have to use or develop cloud-based mobile apps or pay for cloud storage services. And mobile desktop virtualization lets users connect to a PC environment and stores all sensitive data on servers instead of devices. But for desktop virtualization on mobile devices to work, users need a reasonably large screen and a reliable Internet connection.

Like on Facebook.

This was last published in April 2012

Dig Deeper on EMM tools | Enterprise mobility management technology



Find more PRO+ content and other member only offers, here.

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Pros and Cons of BYOD

I am an expert in Personal Information Management (PIM). The risks associated with BYOD are great. AND surprise - the risks go both ways.

RISKS to the Enterprise:
1.) Security Breaches.
2.) Bots, Bugs, Trojan Horses, Malware, etc.. Does the Iranian Centrifuge incident ring a bell? Extreme example to be sure, but corporate sabotage is a very real threat.
3.) Corporate embarrassment. An employee has illegal content (Pornography, Corporate secrets of another firm.) on their device. The device is confiscated for legal purposes, discovery in a court case for example. This could be made public.
4.) Very real opportunity loss. Scenario: A sales Rep is using their iPad 3 while they are on a Sales Call at HP, Dell, Samsung, Google or any competitor with a tablet offering. Same for the phone they use. You could very easily lose the opportunity and never know why.
5.) Loss of productivity. Depending on the applications involved, not all applications may be usable on all devices. iOS cannot and will not read Flash is a good example. A corporations training videos, and or demonstration materials are in flash. Won't work in the Apple world.
6.) Cost associated with potentially needing to re-write code into HTML-5 a platform agnostic platform.
7.) Support issues, and costs to support multiple platforms. May need to invest in several platforms in order to be able to replicate the problem in order to rectify it.

RISKS to the Employee:
1.) Personal devices will undoubtedly contain business information, making them eligible to be ceased in the case of a law suit. Discovery will mandate either temporarily or permanently confiscating the device for forensic purposes.
2.) The replacement of the device at issue may not be reimbursed by the company.
3.) You will undoubtedly have very personal information on your device. If it is confiscated, that information becomes of a public nature at the whim of the legal system.
4.) If the primary use of the personal device is of a business nature, and it is lost or stolen, the firm may not reimburse you for it.
5.) Backing up the information of your personal device will undoubtedly involve some business information. It is very difficult not to mix and segregate personal and business information. So, it follows that you may have business information on your back-up systems. This puts those systems at risk of confiscation in the case of litigation and discovery as addressed in #1.
6.) You as an individual get let go. The corporation, or Agency knows you have sensitive information on your phone, notebook, PC and or tablet. IF the information is of a very sensitive nature, and it is critical to Homeland Security, or a State or Federal Agency, it may be confiscated on the spot. Then you are on the street with no tools. When was the last time you backed up all your systems? And put the information in a Safe Place? You will never get those back!!
7.) Use all front end security measures to secure your devices. You do not want to be the individual that carries in the Trojan horse virus. It happened at Sun Microsystems in about the year 2001. And the Executive got called on the carpet in front of approximately 9,000 employees for it.

CALL TO ACTION: Mitigate the risk:
Keep personal and business devices separate. Make sure you have a reasonable business and personal backup strategy. Execute that strategy on a regular basis. Have specific Corporate Policy that details what the Exit strategy is for employees BYOD tools. Always use security measures on your personal devices. The first thing you see when you pick up your phone or tablet should be a screen that asks for a security code!!


Peter Gailey
The PIMCoach
It is always tricky when employees or staff are allowed to work on their personal devices. I believe much of the issues around security, backup, policies etc. can be addressed via a Corporate VDI solution. Allowing employees to fire up a desktop which will then integrate back office systems allowing employees to do thier work using their personal laptop for eg. Again this is not fully secure as well, as there is also a danger of data leak, but definitely works better than other approaches.