A few months ago, I asked a very large international customer about its bring-your-own-device (BYOD) plans. The reply was, “Our strategy is akin to random acts of mobility.” What was meant is something I’ve heard from many other customers. People are bringing in the devices they want IT to support, and they are getting their way. This puts tremendous pressure on IT to support these devices, even if they are not part of a larger plan. While randomly supporting devices is bad, the motivation behind the requests is usually good because BYOD increases productivity by letting users access information in the way they want.
While IT should support this willingly, there needs to be a better plan. Of course, that’s easier said than done. The evolution of systems management in most companies has been piecemeal with a variety of systems—some proprietary—deployed to support the different iterations of company-approved laptops, tablets and smartphones. Combine these systems with the reality that users now typically use three-to-five devices respectively, and it’s no wonder that IT faces a constant struggle to track who has which devices, what data they can access and whether the devices are secure. In such an environment, random acts of mobility are unavoidable.
So how can companies move from randomness to a successful BYOD strategy? Let’s start with a definition of “success.” I think of it as letting individuals use their devices of choice while easily managing users, devices and access to data—all for a reasonable cost.
Achieving this success requires two critical pieces. First, a set of best practices and policies that creates the proper balance between the users’ desire for flexibility and the enterprise’s need for data protection and regulatory compliance. Are there limitations on how devices can be used? How much support will the company provide for user-owned devices? Does the enterprise have the right to wipe data? What happens if a device is lost or stolen? Should data access be limited according to an employee’s role, time of day or location? To formulate and codify these best practices and policies, it’s imperative to bring together representatives from IT, legal, compliance, finance, HR and business.
The second requirement is a new technology solution that makes it easy and cost effective to implement policies and best practices while being able to scale to incorporate more users and devices. To facilitate policy and compliance management, look for a solution that uses a secure workspace installed on BYO devices. Such a workspace effectively separates personal information from enterprise data and enables IT to manage and, if necessary, delete enterprise data without impacting the personal side. To ease deployment and control costs, look for a comprehensive solution that offers management of user identities and access, devices, applications and content. This eliminates the need to purchase and support multiple point solutions, which increases cost and complexity. By meeting these requirements, your BYOD strategy should be a success.