BYOD Policies: Securing Corporate Data in Today's Mobile World
By Brian Reed, CMO, Good Technology
In today’s fast-paced business environment, employees require mobile access to corporate information at all times for greater productivity, employee satisfaction and overall business performance. In many cases, employees seek access to work email, calendar, contacts, customer information and sensitive documents on their personal devices, creating a potential IT nightmare if corporate information isn’t kept secure.
Gartner predicts that by 2017 half of employers will require their employees to use personal devices at work. It’s imperative that enterprises take appropriate measures to ensure the surge in smart phones and tablets entering the workforce are secured through Bring Your Own Device (BYOD) policies that allow for both worker flexibility and enterprise-level security. BYOD policies can make all the difference, as they establish strict rules around which devices and apps are permitted access to corporate information, who owns what apps and data, which data might be read-only vs. editable or available offline, and who pays for work-based data and voice usage, among other essential decisions that need to be made.
Below are four key steps enterprises should take when developing effective BYOD policies to ensure a smooth transition.
Identify the reason for shifting to BYOD
The first step in implementing a successful BYOD program is to identify why one is needed and to clearly define the success metrics. Is a BYOD program needed for reducing capital and expenses? Is the goal to boost productivity in the workforce?
When identifying a company’s need for a BYOD program, it’s important to ensure the reasoning aligns with the organization’s business goals. Once a goal is clearly defined, it will be easier for business leaders to build a case for continued investment in the program and will also help further drive BYOD adoption throughout the company.
It’s essential to create a business case for BYOD and to emphasize to the mobile users what the benefits are as well as what may be at risk, and how the program will protect it. IT teams can get pushback when deploying BYOD because some employees perceive it as an excuse for IT to access their personal devices, wipe their personal information and perhaps increase data and voice consumed on their personal monthly carrier plans. However, if IT takes the time to explain to the users
Outline the rights of the company to manage corporate data on employee-owned devices
When implementing a BYOD program, an end user license agreement (ELA) should clearly outline expectations with employees and promote their voluntary compliance with enterprise and security policies while protecting end-user privacy. The policy should clearly state if a business reserves the right to wipe company data and applications in appropriate situations.
Many companies seek a containerization solution to ensure clear separation between corporate and personal data, which meets the mobile user demand for privacy and the IT requirements for security of corporate data. In the event that a device is stolen/lost or the employee departs the company, only the corporate data will be wiped remotely, thus reducing the chance of sensitive data being compromised. Containerization enables IT to confidently promote the use of corporate information in mobile workflows on employee-owned devices or company-owned devices, knowing that the enterprise’s data is always kept safe. Employees get the additional assurance of knowing that their personal emails, photos and music cannot be accessed or wiped by IT, ensuring their privacy.
Consider split billing solutions
BYOD has recently become a divisive issue when it comes to who’s responsible for picking up the tab when the bill for mobile phone service comes in every month. For example, in 2014 the issue was raised in the California Supreme Court and Court of Appeal.
Split billing can make the enterprise mobility management (EMM) transition even easier for enterprises by eliminating complex stipends, reimbursements and credits. Instead of incurring work-related data charges against personal monthly plans, access to corporate provisioned apps can be directly billed to employers and partners, streamlining back-end reimbursement as well as HR and legal issues around liability for end-user content. This means there's no more filling out expense reports, no more paying hidden costs associated with processing expense reimbursements and no more dealing with tax issues connected to stipends.
By integrating a corporate data plan and split billing into BYOD policies, business leaders are accelerating the move to a mobile-centric workforce.
Managers should ensure input from employees
Despite having the best of intentions, sometimes legal and IT departments develop a BYOD strategy that is not user friendly. When developing and rolling out a BYOD policy, business leaders should engage with all departments, including HR, finance, legal, security, privacy and IT leaders. When doing so, they can guide these key stakeholders through a structured framework of best practices around BYOD to enable collaborative, accelerated decision-making.
“Meaningful BYOD policies ensures that all parties involved are on the same page from the start”
Mobility is an essential component in maintaining competitive advantage. Enabling employees to work on the devices of their choice can accelerate day-to-day activities for greater productivity and create greater employee satisfaction. When implementing comprehensive BYOD policies, business leaders must clearly outline concrete reasons for deploying a BYOD program and ensure clear rights for the company to manage corporate data on personal devices. They should also consider implementing a containerization solution to separate corporate data from personal data and examine split billing solutions to eliminate the complexities of stipends, liability for end-user content and auditing of employee expense reports.
Finally, as you are rolling out your BYOD policies and solution for your company, make it a collaborative effort among all departments. Create a proactive internal marketing campaign to mobile users that is easy to consume and understand, such as videos, posters, FAQs, BYOD Fairs at major locations and more. Clearly explain the benefits and how the BYOD policy and solution are managing risks to corporate data. The key to making BYOD work is to build the program to serve both sides: meet the employees' needs while strengthening enterprise data security.