Are you blacklisting rogue or time-wasting apps? Are you tracking voice, data and roaming usage? Have you stamped out jail-broken phones?
If you’re not doing these and other Bring Your Own Device (BYOD) related tasks, then you’re setting yourself up for a fall that can threaten your network security, reduce worker productivity and take a bite out of your budget.
BYOD is a relatively new mega technology trend—only a few years old—and early adopters have made their share of missteps. Now their lessons learned are bubbling to the top, pitfalls are being exposed and best practices are emerging.
“There’s still a long way to go,” says CEO Pankaj Gupta of Amtel, a mobile device management vendor. “But it’s getting cleaned up pretty rapidly.”
Here are five pitfalls that early BYOD adopters have encountered, along with ways to avoid them.
Pitfall 1: An ‘Open Door’ Attitude Toward Apps
Most iPhone owners visit the App Store regularly, downloading all sorts of apps—from Dropbox to Angry Birds—that are dangerous to the enterprise. These apps can lead to corporate data leakage, open the doors to malware or bring the potential to make workers unproductive.
BYOD’s early adopters often acquiesced to employee demands (“Are you saying I can’t have Angry Birds on my iPad?!”) when it came to apps, even allowing employees to expense publicly available apps such as iWorks and GoodReader.
But smart CIOs are taking control of this exploding app problem before it gets out of hand. They’re building private enterprise app stores, developing custom apps, creating app whitelists and blacklists, pushing out mandatory apps, and putting in place copy-and-paste restrictions.
It’s important to note that they’re not taking a hardline approach. Part of the job of the CIO is to find middle ground. Geofencing, for instance, creates a virtual perimeter that lets employees have Angry Birds and play Angry Birds, but just not play Angry Birds at work. Geofencing also prevents employees from downloading hi-def videos on their BYOD tablets and clogging up the network.
Pitfall 2: Playing the Role of Big Brother
Geofencing’s dark side, however, is that it requires BYOD phones and tablets to turn on location services. But employees don’t like companies to use their personal devices as corporate spies and monitor their whereabouts. It’s a little too Orwellian.
“There’s this little war going on with privacy,” Gupta says.
But CIOs need to continuously monitor BYOD phones and tablets to protect sensitive information. This means they need to strike a balance between a company’s right to monitor, access, review and disclose company data on a mobile device and the employee’s expectations of privacy.
In the case of geofencing, a CIO can set parameters for location tracking to be done only during work hours. Employees will have to trust that the company isn’t secretly monitoring their movements off-hours or reading personal email and text messages.
Pitfall 3: Ignoring Usage Tracking
Trust is a two-way street, and some early BYOD adopters went overboard in trusting employees. That is, they didn’t track talk, text, data and roaming usage, says Gupta. What happened? CIOs told horror stories about thousands of dollars in international roaming charges, employees expensing family plans, and other nefarious and costly deeds.
David Schofield, a partner at mobile consultancy Network Sourcing Advisors, last year reported that when about 600 workers jumped on a new BYOD smartphone program at a tech company, expenses went through the roof: collectively $300,000 over budget in the first year.
In some cases, lack of BYOD monitoring has led to the dreaded “zombie” phone, Gupta says.
What’s a zombie phone? Early adopters of BYOD found hidden costs in the form of BYOD-only expense-report processing fees, and so they decided to reduce the number of expense reports with an automatic flat stipend appearing in an employee’s paycheck. If a CIO didn’t monitor usage, devious employees took advantage with a zombie phone—a phone that has zero usage yet still receives the automatic stipend.
Pitfall 4: Allowing Rogue BYOD Phones and Tablets
There’s no question BYOD puts CIOs between the proverbial rock and hard place.
On the one hand, BYOD lets people choose their personal devices for work purposes, essentially making employees more familiar and productive with the technology. These mobile devices are within hand’s reach during off-hours and weekends. It’s this power of choice that leads to BYOD’s greatest benefits.
On the other hand, CIOs need to put restrictions and limitations on personal choice. After all, they can’t let any device onto the corporate network. “Surely, you cannot allow jail-broken iPhones and rooted Android devices to access enterprise data resources and expose the organization to malware and virus attacks,” Gupta says.
The best response is to support the popular consumer devices coming from Apple and Samsung and then muddle through the rest. There’s really no optimal solution, but leaning too far to either side can be disastrous.
Pitfall 5: Giving BYOD Policies Short Shrift
Perhaps the biggest pitfall, one that encompasses the previous four, is poor communication about BYOD between IT and employees. Poor communication, by the way, has been a major thorn in the IT-business relationship for decades.
With BYOD, communication needs to get good quickly.
Employees need to know what will and will not be monitored; what apps are dangerous to the company; what kinds of devices and operating systems are allowed; what the expectations are for privacy; what will happen in cases of lost devices, lawsuits and employee termination; and what the consequences are for noncompliance.
Unfortunately, too many early adopters crafted a BYOD user policy without a lot of detail.
“The biggest red flag is the one-page, isn’t-this-policy-great kind of policy that says, ‘Here are some things to be aware of,’ but it doesn’t get into the obligations and rights for both the company and program participant,” says Matt Karlyn, partner in the technology transactions practice group at Boston law firm Cooley LLP.
On the upside, thanks to the lessons learned from BYOD’s early adopters, you can map out your BYOD plan and avoid these pitfalls. Even if you’ve fallen into any of these traps, there’s still time to regain your footing.
“BYOD looks like it’s widespread, but it’s not,” Gupta says. “There’s a learning curve, and mobility is changing rapidly… The vendors themselves are learning as well.”
In other words, the BYOD journey is just beginning.
Tom Kaneshige has been covering business and technology in Silicon Valley for two decades. As senior online writer at CIO.com, Tom covers Silicon Valley culture, BYOD and consumer tech in the enterprise.