The enterprise mobility landscape has undergone a radical change in recent times. With the massive uptake of mobile devices such as smartphones and tablets, and a steady growth in mobile applications across platforms such as Android, iphone, and Blackberry, more and more enterprises today are engaging with their customers through the mobile platforms. The dynamic mobile ecosystem is also creating opportunities for vendors to come up with more sophisticated mobile devices, apps and security solutions with unique features for customers.
Research shows that by 2015 smartphone sales will reach 982 million and mobile web users will surpass ‘traditional’ desktop Internet users (Source: IDC). This phenomenal rise in enterprise mobility is also prompting decision makers to rethink their IT strategies. Traditionally, IT departments controlled and regulated the kind of mobile devices that can be allowed on the corporate floor. However, with smart devices becoming affordable and wide ranging, it’s no longer possible for IT departments to restrict the mobile device usage for business purposes. Today, more and more employees are bringing in their cherished mobile gadgets to the workplace to conveniently using them to access corporate and personal emails, applications and documents, giving rise to a new trend called BYOD (Bring Your Own Device).
In simple terms, BYOD translates into Bring your own technology (BYOT), Bring your own phone (BYOP), and Bring your own PC (BYOPC) and is referred to as the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their place of work and use those devices to access privileged company information and applications.
Often touted as the new wave in enterprise mobility, BYOD is transforming the entire business landscape. While large enterprises are slower in migrating towards a BYOD scenario due to their legacy processes and IT policies, it is in the burgeoning Small and Medium Business (SMB) segment, where companies are finding it easier and simpler to deploy BYOD and reap multiple benefits. This is particularly so with companies those have mobile work forces.
However BYOD comes with its own share of risks and challenges. We will first examine the pros of BYOD and why it is relevant to you.
Why should SMEs consider BYOD
Today a number of smaller and mid-sized organizations have begun to consider BYOD as an option. We believe that if implemented properly, with the right tools and expertise, BYOD can yield multiple benefits.
The most obvious reason for you to consider BYOD is cost-advantage. BYOD can serve as a cost-saving tool for SMBs who operate mostly under stringent budget, and cannot afford a new smartphone for every employee in the company. As employees get their own devices such as tablets and smartphones to access their work e-mail, applications and data, BYOD saves you from making a big investment in supplying employees with devices.
The other benefit of BYOD is worker satisfaction. As employees are bringing their own devices to work, their personal apps reside next to their work related ones, providing a certain level of comfort. Also they are much more familiar with their devices, which make them easier to use. Also, as they can use the devices on the move, this flexible model leads to increased job satisfaction and is a way to keep employees happy while cutting costs.
BYOD also leads to increased levels of operational efficiency that companies are seeking in an increasingly complex and demanding business landscape. A Cisco study on BYOD and employee behavior noted that the cost benefits may be one of the parameters, but SME decision makers have often stated that BYOD as a trend can boost employee productivity, mainly because employees are using their known and preferred devices and have a certain level of control over its features.
Finally, with the flexible working style increased work satisfaction it offers, a BYOD model can help your employees achieve a better work-life balance.
In other words, BYOD allows users to be comfortable with their technology of choice while providing significant productivity. As the modern workforce in the SMEs are often found to be younger and tech-savvy, it makes good sense to allow employees to bring this trend, while ensuring that the security is not compromised and information is not leaked.
Setting Up a BYOD Policy
To help protect the organization’s assets and data from the risks of BYOD, you should have a BYOD policy. The policy must take into consideration not only the IT department but the entire organization and engage personnel from every other department.
Although the BYOD policies in SMBs would vary from one organization to the other depending on the size and nature of the business, most policies cover the same basic questions: How should users protect their devices? What data and applications can and cannot be accessed? And what happens when a user loses a device or leaves the company? And so on. From that perspective, the policy should take into consideration the kind of devices, applications, operating systems, user cases and most importantly the users to create a clear and simple BYOD policy.
Here are some of the key considerations for SMB owners when setting up a BYOD policy:
User accessibility: In the first place, the policy should specify the general accepted behaviors in BYOD practice. That is what are the functions or components a user can access. For example, illicit materials on their devices, or information that may be proprietary to another firm should be restricted and brought to the knowledge of employees. Before selecting BYOD as an IT strategy, it needs to be accompanied by a robust contractual agreement with the each user.
Device/apps selection: With the sheer number of devices available and a range of platforms, selection of device may be a challenge for SMBs. However, the policy should mention certain standard devices, apps and platforms such as Android, iPhone and BlackBerry and the versions, so that employees do not bring in any arbitrary smartphone or tablet on the enterprise network. The BYOD policy should explain that IT has the authority to prohibit the use of certain apps. The overall software configuration of the handset is a key variable in successful mobile IT strategy, so the BYOD policy should also cover the use of antivirus apps, other security software and firewall settings. IT managers should remember that the more types they allow, the harder it would be to manage.
Reimbursement: The BYOD policy should specify should explain exactly what charges the organization will and won’t reimburse. For example, some organizations pay for the users’ devices and monthly services, either partially or in full. BYOD policy experts believe that for SMEs, it may be easier to simply reimburse a pre-specified percentage of users’ monthly bills. Your organization may need to modify its accounting systems to support this critical function.
Security: The security part of the policy should specify what part of the information is sensitive, what the conditions are for the approved users may access sensitive information, and what to do in the event of a security breach. Whether the employees themselves would take up the responsibility for patching, updating etc of BYOD devices or whether the devices would be maintained by a support team. What happens if they fail to do this properly and more importantly, should a security breach lead to a lawsuit, the policies and technology in place needs to stand up to severe scrutiny. The policy should also specify the tools used for protecting BYOD security such as mobile device management (MDM) or mobile application management (MAM) to secure devices and applications. So when creating a BYOD policy, it is essential for small business owners to visit and revisit their overall security policy.
Agreements: Once the SMB implement a BYOD policy, it is important to have a written agreement in place with every mobile device user in the organization. An agreement raises awareness about the critical nature of mobile IT operations, and it protects organizations in the event of a BYOD policy breach. This agreement should be as simple and clear as possible, so as to prevent misunderstandings and should be aimed at reducing operational hassles.
BYOD policy challenges
It is important for SMB decision makers to know that having a mere policy may not help them overcome all the BYOD challenges. It is critical to know how to make the BYOD program work. Most of the times small business owners grapple with their BYOD practices because either the BYOD policy is not defined or integrated with the business objectives or the program is not adequately implemented or reviewed. In either case, the BYOD program fails to be a success.
One challenge that is observed in developing a BYOD policy is in defining personal use versus business use. Technologies such as mobile virtualization endeavour to separate both on the same device, but technical issues still remain. It is therefore important to select the right technologies based on the BYOD needs followed by regular reviews of policies and agreements (at least 2-3 times per year).
In other words, a BYOD policy for SMBs should take into account the best practices that encompass policy development, legal review, training, education, tools and systems. Following some of the best practices in BYOD can make it extremely cost-effective, productive and yield rich benefits for small business owners.