While Bring Your Own Device (BYOD) in 2015 remains strong, any big enterprise initiative can get off to a false start (or two) so there might be a point where an enterprise may consider pulling back all or part from BYOD. The term “BYOD hangover” has been bandied about amongst analysts, writers, and mobile industry types for some time now.

A BYOD hangover is just a reaction to the changing nature of BYOD and security in particular. Being able to adapt and change is key to adapt your enterprise and secure mobile users while maintaining a thriving BYOD initiative.

Change your security thinking

My thinking about mobile security has been routinely challenged since I’ve been writing for TechRepublic, and that’s not a bad thing. It’s not that I have a healthy paranoia rather mobile security and securing BYOD, in particular, is still a nascent undertaking as threat vectors change and evolves.

Mobile Device Management (MDM) was the first true mass-market mobile device security solution that governed BYOD device security and user policies. Enterprise Mobility Management (EMM) is a more holistic approach to mobile security. Some of this terminology can be marketing (there goes that BYOD hangover again!) but depending on the vendor there is a difference that marks a more strategic rethinking of mobile security requirements

Thinking beyond MDM/EMM means that other security tools joining the mobile security platform including the following:

  • Cyber security type threat analytics and management joining the traditional mobile security platform to guard BYOD and enterprise devices against malware
  • Mobile Application Management (MAM) that focuses solely on mobile app security and guards against risky mobile apps

Review the data costs and consider better solutions

The financial aspects of BYOD, especially data costs, are becoming less of a mystery as split billing gains more ground in the market. I also like what mobile virtual network operators (MVNOs) including DataXoom and now Cricket Wireless are offering new options for enterprises seeking better methods and tools to manage the data they buy for employee devices.

Don’t confuse Hillary’s email with BYOD

When the Hillary Clinton email scandal gained national attention, the first instinct of some technology writers was to equate it with BYOD. It’s not a technology story but more of a political or even a crime story if you’ve done any work with the United States Federal government.

While the State Department does their best to explain the basics to their users, you can ask anybody who has worked on a federal agency network, and they’ll tell you give up your right to privacy when you login. You see the warnings every time you login to your PC or mobile device. Federal laws govern the login of users into federal systems whether that is an email server, SharePoint site or other backend application. This shows the public facing login to a State Department system:

Federal laws and the system login

Even Sensitive But Unclassified Information at the State Department that would be information most of us would deem part of the bureaucracy requires safeguards with penalties of law governing any breaches.

If you have an executive like Clinton in your organization, there probably isn’t going to be much you can do about it except document the situation to protect yourself and your IT department from any potential blowback after a security breach.

Maintain compliance without tossing your mobile devices

While maintaining compliance in a BYOD environment isn’t without some hangover worthy challenges, the work in some compliance programs especially with the release of Payment Card Industry Data Security Standard (PCI-DSS) 3.0 and efforts made to make BYOD compliant with the Health Insurance Portability and Accountability Act (HIPAA).

I expect to see more positive developments with compliance programs and enterprise mobility and even BYOD. However, as it goes with any preparations for a compliance audit, you should include your auditors in your BYOD planning if applicable to your organization’s compliance efforts.

Just go CYOD

If you find your BYOD hangover isn’t subsiding when it comes to compliance, security, and related costs then you can always migrate users to Choose Your Own Device (CYOD) also known as Corporate Owned Personally Enabled (COPE).

With CYOD/COPE, users get a limited selection of devices to choose from. The business picks up all of the costs related to the device.

Use the hangover stage to initiate change

If you hit the hangover stage of your BYOD initiative, use it as a signal to drive some positive changes to improve your initiative whether it regards billing/finances, security, governance, compliance, or something similar. The legal and technology landscape we now live in means both mobile enterprises and users need to be able to adjust to change.

See also: