The shift from company-controlled devices to employee-controlled devices is one of the biggest IT trends in recent history. According to a study from Logicalis, 57.1% of employees already use their own devices for work-related tasks in some form or another. Another survey puts that number at 80%.
Can IT ignore BYOD?
What are IT departments doing about this Bring Your Own Device (BYOD) trend? The study listed above answers that question with some interesting statistics: 46.1% of employees who use their devices for work claim their IT departments are either unaware of or ignore BYOD. Is this a viable approach? Not at all. Let me give you two reasons why your IT department needs a BYOD strategy:
1. It will help you avoid security breaches: First, employees are already using their own devices, whether you like it or not. Unfortunately, many people have horrible security habits. How many of those employees carry sensitive data on their smartphones? What happens if they lose their phones? A BYOD strategy may just help your company avoid a security breach.
2. It will boost your staff’s productivity: When properly managed, BYOD becomes a competitive advantage. A good BYOD strategy gives employees the applications and tools they need to remain productive from anywhere using their own devices. For instance, this article explains how companies that embraced BYOD had an advantage during Hurricane Sandy, since their employees could remain productive despite being stuck at home.
Now that you understand why addressing BYOD is so important, let’s focus on the big question: How can your IT department control BYOD? How can you limit the risks of BYOD, while taking advantage of the benefits? It all starts with communication…
Step 1. Create a BYOD policy
Communication is the first step in controlling BYOD. Companies must create a BYOD policy, so employees understand what they can and can’t do with their mobile devices. What does this entail? This article written by workplace management solution provider, Matrix42, outlines 5 essential elements of a BYOD policy, which I’ve summarized below:
- Outline acceptable use
- Approved devices and support
- Measures for securing devices
- Reimbursement policies
- Enforcement and liability
Does your BYOD policy need to be a long, incomprehensible legal document? Not at all. “It doesn’t have to be complicated,” explains Oliver Bendig, VP of product management at Matrix42. “But it does need to be clearly outlined and then enforced.” Essentially, employees need a simple, concise policy that explains their options and limitations when using their own devices.
Now, the policy is just the first step in your quest to control BYOD. In the second step, you must decide how to approach BYOD control. You have two options: Control the data or control the device? To help you understand each option, I’ve outlined both of them below:
Step 2 (option 1): Control the data
In a recent interview with CIO magazine, Dell Software’s CIO, Carol Fawcett shared her path to BYOD control at Dell. In the early stages of implementing a BYOD solution, she realized something: The key to BYOD isn’t about controlling the devices. It’s about controlling the data.
Rather than trying to control the 4,300 smartphones and 200 tablets in their company, they developed web apps that let employees access their data and business apps using their personal devices. This mobile web app approach offered 3 huge BYOD benefits:
- Data isn’t stored on the device: Perhaps most importantly, mobile web apps don’t store data on the device itself. Dell’s IT staff controls the data and user access, and doesn’t need to worry about a lost/stolen device causing a security breach.
- They work on any device: Since mobile web apps work across all platforms, employees aren’t restricted to certain devices. Also, Dell’s IT staff didn’t have to create separate apps for every platform.
- It’s easier on the IT department: Trying to monitor every device and become familiar with every platform was too time consuming for their IT department. The mobile web app method lets the IT department focus on securing data in a central location, without worrying about the devices.
In other words, this approach lets employees access necessary data using any device, without actually storing data on the device itself. Essentially, it turns the device into a doorway to the data, but not the destination.
Now, I realize the term “mobile web apps” may be confusing. Are they just web pages that employees access on their phones? Not at all. Rather than trying to explain them, let me show you some examples. We’ve actually adopted this approach to BYOD here at mrc, and while I can’t show you our internal mobile web apps, I can show you the next best thing. Visit www.crazybikes.com from a smartphone or tablet if you’d like to see a few types of mobile web apps that businesses might offer to their employees.
Finally, one last point: You might be wondering how this method deals with accessing files like Word, Excel, or PowerPoint documents, across various devices. To address this issue, many companies use file storage and synchronization services, like Dropbox, Skydrive, Google Drive, Syncplicity, and more. It gives users a “cloud-based” folder that’s accessible across all devices, while giving IT control over data and user access. If the device is lost or stolen, the IT department just revokes user access to that storage account.
Step 2 (option 2): Control the device
The second option for BYOD involves controlling devices with the use of Mobile Device Management (MDM) tools. Installed on each employee device, MDM software lets companies secure, monitor, and manage devices used by their employees. MDM software typically lets companies distribute applications over-the-air, control device settings, remotely wipe data, and more.
A recent article in USAToday explains how MDM tools help companies avoid BYOD security problems at the device level. One example mentioned in the article involves an attorney whose smartphone was stolen from his car. Using MDM software, his IT director quickly located the phone and remotely wiped the data, avoiding a security breach.
While that level of control sounds great for IT departments, there’s one drawback to this method: Employee buy-in. Oftentimes, employees using their own devices don’t like the idea of giving their company full control to access and remotely wipe their personal devices.
How can you avoid the employee buy-in issue? The most obvious solution: Issue company controlled devices complete with MDM software to your employees. While not the cheapest option, it does ensure control over all corporate mobile devices.
Whether you like it or not, employees already use their personal devices for work-related tasks. The first step in controlling this growing BYOD trend is clear communication. Create a BYOD policy that clearly defines what employees can and can’t do with their personal devices. Secondly, you must choose how to enforce your BYOD policy: Control the data or control the devices. Regardless of which choice you make, one thing is certain: You must do something. Your company can no longer afford to ignore BYOD.