BYOD: What's in a Policy?

Posted by Steve Knutson on January 24, 2013

A year ago, I brought up the emerging issue of BYOD (Bring Your Own Device) to work. At the time, the concept was still new. Today, the statistics and trend projections have panned out and BYOD is becoming an issue that not only IT professionals have on their radars, but also other organizational leaders.

Creating a BYOD policy has been essential with today’s mobile hungry workforce. Through a BYOD policy, your business can establish a set of rules governing your corporate IT department’s level of support for employee-owned PCs, smartphones and tablets. There’s a lot of them and without the appropriate protocol, they could be compromising your network. It’s become so important that it’s gained the attention of the White House and you can review a list of resources provided to federal agencies facing BYOD.

Not supporting the devices is really not an option. They will outnumber your corporate devices soon – if they have not already. More than 1.2 billion smartphones will enter the market within the next five years and will account for about 40 percent of all handset shipments, according to ABI Research. I wrote about the advantages of buying and not buying mobile devices for employees in a previous blog post.

A BYOD policy typically focuses on three key areas of security:

  • Information Security: An operating system compromise due to malware, device misuse, and information spillover risks.
  • Operations Security:  Protecting against personal devices divulging information about a user when conducting specific activities in certain environments.
  • Transmission Security: Protections to mitigate transmission interception.

An effective BYOD policy can promote accessibility, responsiveness and higher worker satisfaction. But the implementation of BYOD in the workplace also presents organizations with a series of security, policy, technical, and legal challenges. So what’s in a BYOD policy? Here are five items to help you get started:

  • Remote Access
    If you already have established practices for remote access, review them. Chances are the majority of the remote access procedures you employ will apply here as well and give you a good starting point for your BYOD policy.
  • Apps
    No, they are not all created equal. Create a list of apps that are off limits at your organization and block them from being used on your network. Your data will thank you. This is an ever-changing market so make it a practice to review apps regularly and grow your black list as needed.
  • Push a Password
    This is one of the most important steps you can take. Requiring employees to log in before accessing your network from any device will help protect your data and applications.
  • Data Segregation
    Having data downloaded in separate places on the device based on if they are personal or corporate helps offer further protection for the organization.
  • Terms of Use
    Having employees sign the policy or agree to it as part of their terms of employment is an important step to educate employees and ensure everyone understands the organization’s practices.

The implementation of BYOD policy is a growing trend that organizations unlikely will be able to avoid. There’s a lot to consider when creating a BYOD policy for your organization and that often times prevents organizations from starting the process. A BYOD policy will be a work in progress for some time. 

Topics: BYOD / Bring Your Own Device, Mobile Devices