There is such a thing as a successful enterprise BYO program and it doesn’t take a Christmas miracle to get it implemented! According to a Gartner report, by 2015 companies will begin moving toward mandatory BYOD programs; and by 2016, more than half of all enterprises will have BYOD programs in place.
While it is commonly believed in the IT world that a well-implemented BYO program can boost productivity and reduce costs, overcoming the twin obstacles of employee trust and data privacy have effectively slowed the overall execution of these programs to the detriment of both parties.
In fact, according to a study published in CIO magazine, over 70% of employees do not trust their corporate IT group to keep personal information private, even as 80% of employees use their personal devices for work related tasks.
The following three guiding principles will help businesses overcome the trust gap and deliver a BYO program that employees love, and IT can live with.
1. Establish trust by clarifying what the IT team can see on an employee’s device. Being very clear about those areas strictly off-limits to IT eliminates ambiguity and helps clarify boundaries, thereby preventing unpleasant surprises down the line.
2. Address Issues [and sign documents] with the Employees, HR and Legal department. The BYOD policy should clearly identify what happens in the event of a lawsuit – does the business replace the device? Will the device be returned, or will the company reimburse the employee? Another decision that needs to be agreed upon is whether the employee will be reimbursed for the service plan. Finally, users should sign a mobility usage agreement acknowledging they understand the rules and expectations of the BYO policy.
3. Create security tiers that allow employees to adhere to their preferred level of security monitoring and measures. Everyone has different comfort levels with surveillance, and those levels should correspond directly to the types of tasks and information access they can perform with their device of choice. Setting reasonable limits based on consistently applied policies helps to create clarity and ensures employees use the right device for the right task, without sacrificing their sense of privacy or corporate security.
4. Establish data containers that separate work and personal data to reassure employees their private information will stay private. As the inventor of the centrally managed localized container, we at Moka5 believe this is absolutely essential to successful BYO implementation. Using containerized data and applications that are isolated from each other allows what belongs to IT to be managed by IT, and what belongs to the employee to managed by the employee.
5. Encourage Self-Provision and Self-Support. When an employee legally owns the device they are using personally and for work, they tend to feel responsible for that device. The IT department should encourage employees to continue maintenance on their device as needed, However, it should be clear to both the employee and the company the corporate data generated, maintained, or saved on the device remains owned by the company.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.