7 Tips for Establishing a Successful BYOD Policy
If you haven't developed a corporate Bring Your Own Device policy, or if the one you have is out of date, these tips will help you address device security, IT service, application use and other key components of an effective BYOD policy.
Thu, May 17, 2012
6. Integrate Your BYOD Plan With Your Acceptable Use Policy.
If your company is on the ball, chances are corporate-issued phones are already covered and treated like notebooks, desktop computers, and other equipment on your network. On the other hand, allowing personal devices to potentially connect to your VPN introduces some doubt about what activities may and may not be permitted. Discussions about an acceptable use policy are required to fully cover your rear.
- If you set up a VPN tunnel on an iPhone and then your employees post to Facebook, is this a violation?
- What if your employees browse objectionable websites while on their device's VPN?
- What if they transmit, inadvertently or not, inappropriate material over your network, even though they're using a device they own personally? What sanctions are there for such activity?
- What monitoring strategies and tools are available to enforce such policies?
- What rights do you have to set up rules in this arena?
7. Set Up an Employee Exit Strategy.
Don't forget about what will happen when employees with devices on your BYOD platform leave the company. How do you enforce the removal of access tokens, e-mail access, data and other proprietary applications and information?
It's not as simple as having the employee return the corporate-issued phone. In this case, many companies choose to rely on disabling email or synchronization access as part of the exit interview and HR checklists, while more security-conscious companies choose to perform a wipe of the BYOD-enabled device as a mandatory exit strategy. You should have a clear methodology for backing up the user's personal photos and personally-purchased applications prior to this "exit wipe. Proactively reach out to affected users to help them take part in this process—all while making it clear that you reserve the right to issue a wipe command if the employee hasn't made alternate arrangement with your IT department prior to his or her exit time.
Jonathan Hassell runs 82 Ventures, a consulting firm based out of Charlotte. He's also an editor with Apress Media LLC. Reach him via email and on Twitter. Follow everything from CIO.com on Twitter @CIOonline, on Facebook, and on Google +.