12 factors you need to consider while framing a BYOD policy | SupportBiz

Tech Mate

12 factors you need to consider while framing a BYOD policy

While the cost savings from implementing BYOD can be significant depending on the size of your workforce, costs alone should not be your reason for opting for a BYOD arrangement. The flexibility provided by this model should make your workforce more productive and enable your company to be more agile. However deploying BYOD is fraught with its own risks. You need to consider the following factors prior to putting together a BYOD policy.
  1. Take into consideration the age of the current company owned devices. Assets like desktops and the laptops have a lifecycle of three to four years. If they are closer to the end of their lifecycle, it might probably right time for you to consider the BYOD alternative.
  2. You might not want to standardize BYOD across your organization. Decide on which departments or cadres in your organization are most likely to benefit from BYOD and bring in the productivity gains you are looking for. BYOD works well with field forces like sales and support personnel who need to access data on the move.
  3. There are multiple device options in the market with different operating systems. Evaluate which are the best devices/OSs to allow depending on the applications you intend to let your employees access from their devices and the levels of security you seek.  You have the option of a highly heterogeneous environment (where you support all leading operating systems including iOS, Android, Blackberry and Windows) or one that supports just a couple of them. Create guidelines based on security and manageability considerations.
  4. BYOD does not merely affect the way you manage technology or devices. It has implications for other functions such as HR, legal and finance as well. Consequently, it is important that you have a policy that addresses all these concerns.  BYOD involves allowing employees to access corporate data on their personal devices. So you need to factor in the risks involved and based on that decide whether you should restrict access only to some applications such as e-mail or extend it to other applications like CRM, corporate directories etc.
  5.  Prior to rolling out a BYOD initiative you need to ensure that all data-points accessible over mobile devices are integrated. If you have chosen to allow access to multiple operating systems/devices you need to ensure that your network supports application access across device platforms.
  6. Before you actually let your employees use their devices to access corporate data, get your IT department to do isolation tests on the devices to qualify device benchmark. Your policy should adequately address these and other issues such as disabling USB drives.
  7. BYOD requires you to have a secure file sharing policy. This is very important considering that there have been instances in the recent past where employees have managed to access public file sharing applications on cloud such as `Dropbox’ from corporate networks, compromising data security. This is even more critical if your industry is bound by regulatory compliance, for such file sharing might result in violation of regulations. All data shared should have password protection and all links should expire after within a certain time capsule.
  8. Another critical issue is that of exercising control over user’s access to company data. While you don’t own the device it is still important to ensure that your policy spells out certain protective measures on how employees can access corporate data.  You should be able to control user access by device as well as by IP address. Ensure that your policy makes it mandatory for the employees to install security apps that facilitate separate user areas for business and personal data in the devices. Access to device should be password protected.
  9. Your policy should very clearly list various categories of apps that have the potential to compromise the security of company and should be able to audit the device from time to time for compliance.
  10. You should also be able to protect your data in the event of the loss of a device or when an employee leaves or is terminated from the company. You should be able to do a `remote wipe’ of the device. Remote wipe may mean the employee will lose his personal data as well when he is leaving the company. The policy should clearly explain these consequences upfront.
  11. Two issues that need to be addressed with great clarity in a BYOD environment is that of who pays for data plans and support. Your policy has to clearly articulate whether the employee pays for the data bill, or the amount the company is reimbursing him towards company usage. As the employee owns the device, whenever there is a support issue he/she needs to go to the device vendor and the company can support only the business applications. Such an arrangement can save you significant costs in support. 
  12. After addressing all these issues, it is important that your employees fully understand and sign up for the BYOD plan.