Managing BYOD with Policies in the Midsized Firm

policyThere’s been much discussion of the concept of Bring Your Own Device (BYOD) over the last few years. While the topic has been written about by many bloggers and authors, there’s been very little discussion about BYOD in the small and midsize business space.

Many large organizations have the ability to deploy large and complex systems to manage employee-owned devices. While some small and midsized organizations might be able to find the budget to implement sophisticated BYOD management systems, most can’t hope to find money to implement these costly solutions.

Not having the budget for sophisticated solutions shouldn’t stop organizations from building policies to manage employee-owned devices and the data held or accessed with these devices. In addition, additional consideration must be made for the employee-owned computers that might be used to access company owned assets while employees are at home or traveling away from work.

To build quality policies, an organization must consider not only the technology used but also the data accessed and any legal issues related to any data that might be accessed and or lost due to a loss off a phone or device.

In an ideal world, these policies would be backed up with systems and solutions to ensure that all policies are followed, but with the budgetary constraints found in many small and midsized organizations, a policy is sometimes the only thing in place to manage the business.

Has your organization implemented BYOD policies? If so, how well are they working for you?
IBMThis post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. I’ve been compensated to contribute to this program, but the opinions expressed in this post are my own and don’t necessarily represent IBM’s positions, strategies or opinions.

hit counter

Real World Mobility – Filling the Gaps

Sponsored by Dimension Data.

gray-stone-advisors-man-jumping-over-gap-sunsetI just finished reading through the Dimension Data Secure Enterprise Mobility Report.The report is a nice report on how modern organizations are thinking about and approaching strategic planning with mobility, BYOD and security in mind.

A few highlights of the report where 1,622 IT decision makers were surveyed:

  • 27% said they have a well-defined network policy for mobility
  • 23% said that they allowed employees to download non-corporate applications to increase productivity.
  • Only 29% have ave tested how well their applications work on mobile devices
  • Only 32% have conducted a security audit of applications touched by mobile devices
  • 79% of IT leaders who classify mobility as a top priority
  • 71% named data security as their greatest mobility-related concern
  • 71% of respondents indicated that their business leaders view personal mobile devices as potentially dangerous, costly and not business critical

Some of those numbers (or…maybe all of them) are a bit frightening but they aren’t a surprise.

They tell me that organizations are still a bit confused about mobility.  The survey highlights that companies and IT groups still see a dichotomy between seamless mobility for their employees and rigid and robust security for the enterprise.  While I won’t argue that this dichotomy doesn’t exist, a well developed strategy for enterprise mobility (including BYOD) should be able to reduce the gap between security, mobility and productivity without undue challenges.

Developing an encompassing strategy for BYOD and mobility isn’t easy. There are many areas to consider before rolling out a mobility strategy that cover all areas from security, bandwidth, architecture, BYOD, data governance, backup and recovery and ownership of data/apps when employees leave.

Organizations need to identify whether mobility is business critical and whether personally owned mobile devices fit into their business and strategy.  Based on the survey results, many business leaders don’t see BYOD as business critical but they do see mobility as a top priority.  In today’s world, I do think BYOD and mobility are synonymous so it behooves organizations to build a plan for mobility to include personal mobile devices.

Building a policy for today’s mobile world must fill the gap between security, data ownership, mobility and personal devices.  How well is your organization’s mobility strategy filling these gaps?

Sponsored by Dimension Data.

Incorporating Mobility into your Technology Strategy

Sponsored by Dimension Data.

In Thinking about Robust Strategies for BYOD and Mobile, I wrote:

 A robust strategy for BYOD and mobility requires a re-thinking of the entire enterprise strategy. While re-thinking doesn’t equate to re-working, it does mean a complete end-to-end revisit of the enterprise strategy to ensure BYOD and mobile devices are well represented in everything from security to backup to accessibility.

17775709-a-word-cloud-of-mobility-related-itemsI wanted to follow that up with a real-world example of a company that did exactly what I suggested.

A colleague of mine is the CIO of a mid-sized organization. A few years ago, she’d been struggling with how to incorporate BYOD into the organization’s technology and mobility strategy. Initially, she and her team were trying to ‘add’ BYOD into the enterprise by adding band-aid solutions to try to make BYOD work.

These band-aid solutions allowed devices to come into the enterprise and gave the appearance that things were working for the organization. Very quickly, the IT group realized their ‘band-aid’ solutions weren’t delivering anything more than a way to get user-owned devices onto the corporate network.

For example, these solutions didn’t provide a robust method for backup and recovery of user’s devices. A backup solution for BYOD (and all mobile devices) needs to provide not only backup and recovery but also security and retention for the data itself.

After about six months trying to address the shortcomings of their solution, the CIO decided it was time to take a step back and revisit their approach to BYOD and mobility. She decided to re-think their entire enterprise strategy from the ground-up, much like I suggested to introduce mobility as a key cornerstone to their business technology strategy.

Within six months, the CIO had a viable technology strategy in place in which mobility was a key feature of the enterprise strategy. Rather than an ‘add-on’ or band-aid solution to try to make mobility and BYOD work, they are now incorporating mobility into all aspects of their business solutions.

Has your organization incorporated mobility into your business and technology strategies? If so, how?

Sponsored by Dimension Data.

BYOD – reducing costs and complexity for IT

I’ve written about the topic “Bring your own Device” (BYOD) in the past but I never really touched on the issue of what BYOD does for IT complexity.

Does having a BYOD policy that allows your employees to bring their own devices increase the workload and complexity for the IT staff?

My gut reaction to that question: Yes…it does add complexity. Building BYOD policies doesn’t require more control and complexity – sometimes it can decrease complexity with the proper forethought and planning.

Notice, I said “with forethought and planning” there. Using best practices, common sense and see what others have done that has worked and what mistakes others have made in the BYOD realm, and you’ll be fine.

First off, let’s look at phones.  Each person has their own preference for a phone. While a majority of people may prefer an iPhone or an Android phone, some prefer the new Windows Phone and some may even prefer (or require) a Blackberry. It is quite difficult for an IT group to support all of those phones…so in the past, they’ve standardized on one (or two). In the past, this standardization was it…if you had a company phone, you had one of the standard phones.

The problem arises when people have a preference for their own phone and/or a preference (or intense dislike) for an operating system. So the employee carry two phones: 1 for work, 1 for personal. Some are even able to talk the IT group into allowing their ‘personal phones’ on the network to access email. This becomes a burden for IT support as they now have to make note of these ‘one-off’ phones that are allowed on.

Rather than standardize on a phone and provide support for those phones, build a policy that allows individuals to add their personal phones to the network.  This reduces complexity as it allows the IT group to focus less on phone standardization processes and focus more on security and mobility. By focusing on the security aspects, IT can implement products that help manage these new personal phones and the data that might reside on them. Additionally, this new focus allows IT to build consistent security across all mobile devices.

In addition to phones, tablets and laptops are another area that can be reviewed to provide additional service to employees while reducing complexity. Being ‘mobile’ is key for many employees these days, and adding BYOD policies that allow end-users to provide their own devices – along with the proper end-to-end enterprise security measures – makes sense. If your users are comfortable using their own tablet compared to your standard tablet, why not let them?

In addition to reducing complexity, BYOD can provide cost savings to the organization. Most employees have a smartphone, so why not allow them to use it for business calls and emails and save some money? Additionally, many today have tablets…if an employee can use their own tablet for business, that’s an additional $500 savings that the organization will not have to spend to buy a tablet for that employee.

The cost savings debate is one that can be tricky. You don’t want to take the approach that you are want to shift the burden of costs for mobile device to your employees. You don’t want to not provide devices and force employees to purchase their own. That would be bad for morale. But, if you have employees who have their own devices that they want to use, you should have a policy in place to allow them to bring them into the workplace to assist with their work.

Selecting the right BYOD strategy and policies might be a lot of work for IT in the short term, in the long run it will reduce complexity, support hours and costs for the organization.

This is a paid post in conjunction with IDG, Dell and Intel®.






If you'd like to receive updates when new posts are published, signup for my mailing list. I won't sell or share your email.