Creating a BYOD policy

See also: BYOD’s legal minefield

Bring Your Own Device (BYOD) has become a common phrase in most offices, but, it is not without risks. It’s important that a CIO should consider the implications of BYOD in their organisation.

Allowing employees access to business-critical information outside of a controlled environment may seem unappealing. But, fast-moving, dynamic organisations should never try and restrict their employees, especially when it could potentially be so beneficial to business.

They could lose out on increasing productivity, ensuring business continuity and use of cutting-edge technology.

It’s important to put a policy in place that provides for flexible usage of devices, taking into consideration all the different operating systems and hardware, and the risks that BYOD presents.

The CIO needs to work alongside both HR and the legal team as devising the policy involves dealing with the individual employees, their potential training requirements and the legal implications.

When the employee is provided with a device by the organisation, that organisation can determine what operating system is used and what applications the employee can install.

To ensure security for the organisation with BYOD, the CIO should think about a number of options to be included in the policy, including:

– Secure workspaces for storing, syncing and sharing files – Centralized administrative control over user accounts and files – Ability to block unsecure services to enforce best practices – Ability to remotely wipe the device – The types of data that can be accessed and/or stored on the device and the levels of data encryption required – Regular monitoring, reporting and auditing of individual devices and the policy as a whole.

Because of this, a CIO must consider the ways BYOD impacts on IT infrastructure.

Ensuring security and managing the information in a device-agnostic environment requires new skills and expertise within a team.

All the updates and security must be at the back end of the chain with applications streamed to the individual device; essentially removing the often laborious task for business technology support of having to check and update all devices within the business.

This can save time, money and resources leading to a more malleable organisation which is able to stay ahead of the technological curve.

Employees should be given the option to opt in to an agreement of a BOYD policy. It is vital that all employees understand what they are signing up to and why this is crucial if they are going to use their own devices in a work context.

If an employee refuses then they should not use that device for work purposes and to do so is to contradict with organisation’s policy; this is where working closely with HR and legal shows its true value.

David Clarke is chief executive of the BCS