7 Tips for Establishing a Successful BYOD Policy
If you haven't developed a corporate Bring Your Own Device policy, or if the one you have is out of date, these tips will help you address device security, IT service, application use and other key components of an effective BYOD policy.
Thu, May 17, 2012
CIO — The number of smartphones in use across the globe will reach 2 billion by the end of 2015, according to many estimates. If you haven't been encouraged to establish a program to allow employee-owned devices to access, at the very least, corporate email, calendar and contact systems, it's a virtual certainty you will be now. (In fact, in many companies, your hand is forced by the C suite, because CEOs and other executives often find tablets and smartphones useful in their frequent travels and meetings.)
This pressure might leave you wondering the keys to developing a BYOD policy and how best to implement it. These seven core ideas should be a part of any good Bring Your Own Device program. Each idea comes with many important questions to ask yourself, your IT associates and your executive team while developing a BYOD policy.
1. Specify What Devices Are Permitted.
It was simple and clear in the old days of BlackBerry services—you used your BlackBerry for work, and that was it. Now there are many device choices, from iOS-based phones and tablets and Android handhelds to Research in Motion's Playbook and many others.
It's important to decide exactly what you mean when you say "bring your own device." Should you really be saying, bring your own iPhone but not your own Android phone? Bring your own iPad but no other phones or tablets? Make it clear to employees who are interested in BYOD which devices you will support%mdash;in addition to whatever corporate-issued devices you continue to deploy—and which you won't.
2. Establish a Stringent Security Policy for all Devices.
Users tend to resist having passwords or lock screens on their personal devices. They see them as a hurdle to convenient access to the content and functions of their device. However, this is not a valid complaint—there is simply too much sensitive information to which phones connected to your corporate systems have access to allow unfettered swipe-and-go operation of these phones.
If your users want to use their devices with your systems, then they'll have to accept a complex password attached to their devices at all times. You need a strong, lengthy alphanumeric password, too, not a simple 4-digit numerical PIN. Check with your messaging administrators to see what device security policies you can reliably enforce with your software.
3. Define a Clear Service Policy for Devices Under BYOD Criteria.
It's important for employees to understand the boundaries when questions or problems creep up with personal devices. To set these boundaries, you'll have to answer the following questions.