BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
It takes a village of CIOs, software architects, users, independent software vendors (ISVs), developers and cloud providers to address the problem set that the bring your own device (BYOD) movement generates.
The enterprise team that is proactive about BYOD management and policies will avoid the security and workflow problems suffered by those who have discovered that their data and applications were being accessed on personal devices.
On-premises and cloud-based BYOD management tools are available and gaining in maturity, but the majority of enterprise teams are still playing catch-up with in-house BYOD policies. This column reviews the device management tool scene and then lays out 10 BYOD management best practices.
Status of BYOD management tools today
About 60% of workers today access company data on their smartphones and tablets, but only a third of businesses have implemented management tools and processes for those devices, reported Ovum's 2013 Bring-Your-Own survey of 4,371 employees in businesses in 19 countries.
"People are bringing their own devices, but in many cases they and their companies are not taking care of those devices and the applications on them appropriately," said Richard Absalom, consumer impact technology analyst at Ovum. Only about 30% of businesses have any type of BYOD management in place. "Obviously, a large proportion is probably going unmanaged," he said.
Only about 30% of businesses have any type of BYOD management in place.
BYOD management offers plenty of opportunities for application developers, ISVs and cloud providers, Absalom said. "There's a big demand for cloud services to cover enterprise mobility management," he said, citing Fiberlink's MaaS360 as an example of a cloud-based EMM provider's service. Entrepreneurial ISVs moved quickly into the area with cloud-based BYOD management tools, examples being Armor5, MobileSafe and Cisco-acquired Meraki. There's still room for innovation, even though major vendors -- IBM, HP, Dell, Microsoft and others -- have entered the market, he added. Also, the majority of the mobility management vendors will have a mix of cloud and on-premises offerings to cope with the different demands.
Enterprise BYOD best practices
Before choosing tools, CIOs and their DevOps teams have some analysis and strategizing to do. These tips from experts cover best practices for enterprise BYOD management. The experts canvassed include Krish Kupathil, CEO of AgreeYa Mobility; Ovum's Absalom and others.
1. Any BYOD policy has to have input from across the business. CIOs should drive BYOD management efforts and include IT, software architects and developers, users, business decision makers, and the human resources and legal departments. "Everyone in the company must be on the same page about what you can and can't access on personal devices," Absalom said.
2. Make policy guidelines clear and compliance mandatory. The policy should be legal and the rules clear to all employees about joining, leaving or altering participation in a BYOD program, Kupathil said. Absalom advised requiring signatures on BYOD policy agreements: "Everyone must agree legally to uphold the policies and to their device getting locked if it gets lost, stolen or compromised," he said.
3. Mobile devices offer an array of technologies, ranging from Global Positioning System (GPS) receivers to cameras and audio recorders. Policies should cover the use of these features as they relate to work. It's not just data loss that's a concern. Consider the loss of intellectual property if a smartphone video is made of in-development application screenshots, or the legal implications of smartphone videos of executives in compromising positions.
4. Policies regarding usage of insecure Wi-Fi networks have to make provisions for the limitations of their security measures. Some networks could be labeled off-limits, based on security alerts, for example. Obviously the business must ensure that personal devices are in line with the enterprise security standards. Encryption and access control are musts on any device where business-related data resides, according to Kupathil.
5. Develop loss, theft and exit policies, along with technical issues, raise the security stakes. Balance these features and risks to protect users' personal information and your own business reputation. Absalom explained: "When an employee leaves, say in sales, and they take all of the contacts on their personal phone, that is a big corporate asset that goes missing."
6. Make sure top executives' devices are covered by and adhere to BYOD policies.. Execs normally have more access to secure information, so their devices and usage can present a big risk. Being proactive is imperative in this case, because CIOs and CEOs often are early adopters of new gadgets.
7. If you create credentials for your users (like usernames and passwords), create them securely. For example, Kupathil said, a short number string might be an appropriate token for authenticating a user on a game scoreboard, but the same credential wouldn't be appropriate for a social networking app.
8. If BYOD policies and management technologies are in place, all appropriate employees should have access to devices. "The enterprises should allow employees broader device choice and cover part of the device cost," Kupathil said. "This will automatically increase participation and, eventually, decrease the operational cost."
9. Create clear policies on which devices can be used. "BYOD does not mean that employees should bring whatsoever device they have and expect it to be included with the system," Kupathil said. "Not all are enterprise-ready."
10. The organization's bandwidth for testing devices and enterprise applications running on them certainly impacts the decision on which and how many devices can be permitted, said software tester Peter Walen. So, it's important include quality assurance and test managers in BYOD policy discussions.
What are your or your team's problems with or best practices for managing BYOD? Send them to firstname.lastname@example.org.