1Where Does a Company Begin?
Start at the beginning. Query employees and do the research. Find out the risks and costs. Determine who on staff (or in the value chain) is already using smartphones and tablets. Ask them to show you what they’re most commonly doing with the devices that may involve the company. Make sure key company and IT administrators are involved in setting policies (or no policy at all, if that is appropriate). BYOD can indeed drop capital-equipment costs and improve productivity among employees, but it has to be done in a supervised and safe fashion.
2Determine your Company’s Needs
Whether you are a small startup or a large corporation, determining the scope and scale that your BYOD program needs will enable you to decide what type of program is right for your company. One goal might be to establish employee satisfaction and productivity through the use of having individual mobile devices. Another may be to reduce cost. The overhead involved with handling mobile expense reports alone could erase any savings.
3Determine Employees’ Needs
What is your employee’s preference? What devices have they already bought? Do they work purely on smartphones? Or do they use tablets, ultra-mobile PCs and notebooks, as well? Determining the behaviors of your employees will help narrow down your options for acceptable mobile devices and will ultimately guide your mobile application security requirements.
4Decide What Apps to Allow
IT administrators also need to decide what apps to prohibit. Because each organization has a different risk profile, there is no one-size-fits-all model for BYOD. After determining what is right for your organization and what constitutes an acceptable risk, analyze which apps are essential to your company. Realize it is impossible to satisfy every employee. Find a middle ground. With thousands of apps out there, it may be easier to focus on allowed app behaviors and what type of data can be accessed by each app.
5Decide on Your Company’s Policy
Your BYOD guidelines are a policy issue, and policy isn’t something created only by the IT department. Chief security officers (CSOs), CEOs, legal departments and communications directors need to be on board with your proposed policy. Define a clear service and acceptable usage policy for mobile devices that every department can sign off.
7Consider an MDM Tool to Enforce the Policy
With mobile-device management (MDM) in place, remote workers will no longer have to bring devices into the office for manual configuration. Check with your IT department to ensure your MDM program is synchronized with your new BYOD policy. If it isn’t, change it to match their preferences. An MDM that can take advantage of unbiased, third-party app reputations—or knowledge of what each app can or can’t do by policy—should be on the top of your list.
8Roll Out the BYOD Program
Launch the BYOD program across the entire organization. Communicate why the company is moving to BYOD for all departments. Specify what devices are permitted and firmly stick by your policy. Make sure you also have a removal strategy in place when employees leave the company. Most deployments roll out in phases, with a smaller pilot stage of perhaps less than 1,000 devices and then expand to worldwide deployments.
9Update as Necessary
After you’ve rolled out the program, keep up-to-date on upgrades and enhancements. Unlike legacy IT programs, mobile IT is evolving at a fast rate. Have a task force or mobile IT team that is able to stay up to date. Ensuring that your IT team has the bandwidth to stay on top of all upgrades will help with any challenges.
10Developing a BYOD Policy Won’t Happen Overnight
By following these best practices, companies can establish a clear, consistent and successful policy. The benefits of a BYOD policy are multi-fold: lower IT/support costs, a highly productive mobile workforce, employees that are happy to work with the latest technology and apps, and greater peer collaboration provided by the mobile teams’ increased connectivity.