CXO

Four worst mistakes you can make with a BYOD policy

BYOD initiatives require careful thought and planning. Here are four mistakes that can ruin even the best BYOD policy.

Bring Your Own Device initiatives still remain high on the priority list for many CIOs and as new portable devices are released, the pressure to provide an opportunity to use these devices grows.  BYOD initiatives require careful thought and planning and often require policies that protect both the organization and the individual.  In this article, I will outline four mistakes that can ruin even the best BYOD policy.

Limiting devices by specific models

In an effort to attempt to limit the initiative's impact on IT resources and simplify the arrangement, I've seen some BYOD policies that listed the specific devices and models that would be supported under the program.  Although I don't recommend a complete hands off approach, attempting to get too granular with device choice will result in the following:

  • Deep testing of every new device to see if it's supportable.
  • The need to constantly update the policy as new devices are released.
  • Frustrated users attempting to find the right device and becoming even more frustrated when the new device they want isn't on the list.

Instead, I generally recommend that organizations attempt to categorize and approve broad swaths of devices while keeping in mind the needs of the organization.  For example, you might provide support for any device that supports Exchange Active Sync (which is what I did at a former organization) or something along those lines.

Excluding the right to wipe the device

Although controversial to many, I feel that the right to wipe the device should be included in any BYOD policy. Bear in mind that BYOD is not a requirement; it's generally an opt-in program.  If an employee doesn't want to be subject to possible device erasure, they can either get a company-issued device or not use the BYOD program.

Why is this important?  The security of corporate information is paramount in these kinds of programs.  In a perfect world, companies implementing BYOD would use a robust mobile device management tool that isolates corporate information from personal.  But, many will many buy such software.  In the event that the device is lost or stolen or there is justifiable reason to believe that sensitive information on the device might become compromised, the company may need to wipe the device.

Even if you never plan to wipe the device, include the stipulation anyway.  If a unique situation arises and you find it necessary to remote wipe a device, you will be covered.

Allowing opt out of critical upgrades

An organization upgrades its equipment every few years.  This isn't just done for fun.  New tools and new software require new computers and operating systems.  The same goes for mobile devices. New apps may require new mobile hardware.  If an employee has chosen to be included in a BYOD initiative, there needs to be a clear requirement that the selected device must support current business needs.  Obviously, people have contracts with their devices, so there needs to be some flexibility, but employees need to ensure that they are able to do their jobs even when using a personal device under a BYOD arrangement.

Allowing opt out of corporate data management policies

Mobile devices are well-connected to cloud services.  However, many cloud-based services are not yet used by businesses, who prefer to operate their own services behind the company firewall.  Under BYOD arrangements, it could become very easy to bypass corporate systems.  For example, why save files to the corporate file server when DropBox is right there?

Ensure that your organization has policies around data accessibility and integrity and that you provide your users with the tools that they need to be able to adhere to them.

Summary

BYOD can be an incredibly positive undertaking, but policy mistakes can come back and haunt the CIO for a long time!

To see more on BYOD, check out our Special Features page.

To see our BYOD Executive Guide, click here.

About

Since 1994, Scott Lowe has been providing technology solutions to a variety of organizations. After spending 10 years in multiple CIO roles, Scott is now an independent consultant, blogger, author, owner of The 1610 Group, and a Senior IT Executive w...

3 comments
TechGuy1313
TechGuy1313

Agree with ecobb. Different situations do call for different situations but these 4 definitely are a good start point.  I have another 5 guidelines that are useful in crafting a BYOD policy if you are interested in watching a short video about BYOD (that features pirates and explosions). The video (https://www.youtube.com/watch?v=ITP-02z02tI) is called Navigating through BYOD and is not only educational about the research-supported suggestions.

ecobb951
ecobb951

I think depending on the situation, these are 4 good guildlines, but the BYOD situation is very complex and will require many different type of solutions to account for all the different business situations. An example: At our doctor owned hospital, the doctors wanted to use thier tablet and smartphones, but didn't want IT to control thier devices. Eventually IT get the doctors a HIPAA compliant text messaging service with HIPAA video and Dropbox intigration (app is Tigertext), which solved the problem and let the doctors feel like IT didn't control the device but security requiremetns were met. It is these kind of innovative solutions that IT departments will need to apply to thier business model.

MikeBytes
MikeBytes

You have just begun to uncover some of the pitfalls of BYOD. For example who is going to pick up the cost of the device contract if the employee's employment ends? If an employee is required to byod as some are then the burden will absolutely fall on IT for support for it all. It is bad enough employers are foisting off business cost on their employees particularly when salary increases do not keep up with real inflation, taxes are going up and so on. Byod is not a #2 pencil, it is a near sighted why to make money at the expense of the employee. Like outsourcing the hidden costs of support, cost litigation, etc will soon show that BYOD sucks on ice.

Editor's Picks