2Establish the Objective
3Get a Baseline
4Define the Allowed Devices
Based on the objectives and input from key stakeholders, including management and potential exceptions, create a definition around which devices are allowed. Is it a true BYOD, or is it more of a CYOD (choose your own device)? This means that employees can bring in devices as long as they are on the approved list.
5Secure Apps and Data
6Enforcing the Policy
The easy part is rolling out the policy; enforcing it is another matter. This will take time from the IT organization or whoever is tasked with managing this program, and it will also require some tools. While monitoring tools for devices are important, enforcement tools such as mobile device management (MDM) software become critical if security and compliance are top concerns. An MDM tool can set policies on when a device can connect to the network and can manage what apps are available to employees. MDM software also lets you revoke software or other data from a device in case of loss.
Once you have established the devices, apps and data, set parameters. Some of these are tolerance levels if you are using MDM software. Other parameters might be for exceptions, as you may have a population of users that may be eligible for exceptions to the rules. The clearer your objectives are, the easier this is to manage. The more important security is, the less flexible your exception process will be.
Don’t take for granted that employees don’t need training because they are using their own device. While the understanding is that employees in a BYOD program are responsible for supporting their own devices, still have a training plan to roll out the program. This should include letting employees know what devices are permitted and why the program is being rolled out, as well as best practices on keeping company data secure. As new employees join, there should be ongoing training available so the message stays consistent and doesn’t turn into word-of-mouth.
9Test Before Rolling It Out
As you roll out the policy, do it in a pilot program. Test it with people who are likely to push the bounds of the device policy. Test it with management and also with employees who are more likely to give feedback. This helps you refine or catch any oversights before the entire company is given a new policy. Change is always difficult, and it is better to go in prepared and knowing what types of feedback are going to come your way.
10More Complex Than One Might Think
Rolling out a BYOD program is a lot more complex than just letting employees bring whatever they want and not addressing the matter. However, it does show more responsibility in keeping the company network resilient and company data secure. There are tools available to help with monitoring and managing devices.
11Use Shortcuts as Needed
You can also find some shortcuts such as utilizing hosted virtual desktops, which are available in a turnkey manner through cloud providers. A virtual desktop can run on virtually any laptop, desktop or tablet and can give employees access to company applications and data in a secure environment even as employees hop from one device to another.