10 Pitfalls to Avoid When Implementing a BYOD Program

by Chris Preimesberger

Without open communication with employees, no BYOD program can be successful. A BYOD rollout should flow downhill. Executives should enroll their devices first, communicating the capabilities and privacy features before deploying throughout the organization. That way, employees are aware of what the solution can actually do before they are using it themselves, and see that the management team is committed to implementing BYOD.

BYOD devices house all sorts of sensitive corporate data. Documents, emails and images are all susceptible to being lost or stolen if the simple step of setting a password is not taken. Although it seems self-explanatory, many companies overlook this key step in making sure a BYOD program is successful. Once devices are enrolled, be sure to enforce passcodes with a relatively high level of complexity to keep that corporate data safe from prying eyes.

Most mobile devices on the market today have enabled ActiveSync, Windows Mobile software that allows users to sync Windows Mobile and other Windows CE-based devices with a Windows-based PC or Exchange Server. There are certainly benefits to the service. The problem lies in the fact that IT administrators have limited control and insight when it comes to ActiveSync. If a device is lost, for example, administrators have to rely on employees to tell them, giving thieves plenty of time to access sensitive corporate data.

Consider this one the ghost of email profiles past. Email profiles often remain active even after an employee leaves a company—with obvious security ramifications. To combat that, most administrators are faced with completely wiping devices. With an enterprise mobility management (EMM) system, however, administrators are able to configure and manage profiles, meaning they can selectively remove the profile from a device without touching the other information on the phone.

Even with a passcode enabled on a device, intruders can still get in. Encryption exists to protect data in that case, but unfortunately many companies do not take advantage of it. Thankfully, there are various encryption options for IT administrators to consider, whether it’s the whole device or just a corporate container.

Organizations today are sensitive to users who do not choose to enroll in EMM for privacy reasons. Administrators stand to gain important insight from some of the most sensitive tools, such as keeping lists of downloaded apps and keeping track of the location of a device. The key here is to communicate openly with employees and let them know what is being tracked and to allow them to opt out if desired.

With new operating systems—or versions thereof—coming out frequently, employees are sometimes behind the curve when it comes to downloading the latest version for their BYOD devices. This is bad news for employers, as older versions may have vulnerable apps or information, making any older device a weak link. To combat this, administrators need to be able to monitor and enforce updates and be able to employ tactics like blocking emails if devices are not updated.

This happens more often than you would think, even though Apple urges against using the same Apple ID for multiple people or devices. However, some organizations still do this, making it difficult to identify devices and control app purchases. Administrators need to enforce separate IDs for each user, and should push apps to individual IDs.

Whether administrators like it or not, employees use data-sharing apps like Dropbox in the majority of organizations. Even if the app is managed, employees are still able to transfer internal information. The key here is to integrate fully with a container-based approach where content is directly pushed to a container app on the device that can be controlled by restrictive policies. That way, administrators can remove corporate content on demand from these devices without having to worry about data leaks.

Many organizations don’t take the critical step of figuring out why they need BYOD before they implement it, and they don’t consider how employing a management solution will affect the current state of things. Therefore, many groups are surprised when old capabilities are suddenly blocked. Administrators need to be sure that EMM is meeting needs and not impeding them, and evaluate and identify the requirements of workers before moving forward.