Like any major change initiative, implementing a BYOD policy in a way that can run successfully is a project is a multi-faceted project with many bases to cover. In Part II, we explained the pros and cons of different approaches you can take towards securing your defined corporate data.
Once you’re able to determine these important components and the best way to secure them, you probably have a beautifully-worded BYOD policy – on paper. But just like a recipe for the most sumptuous meal, the thing isn’t going to cook itself. In fact, don’t be surprised if the BYOD program you feel will most benefit your company going forward will require some significant changes in your business processes. These new processes will be needed in order to make BYOD work for the various departments and roles that need it the most.
Here are the most important steps to take in order to put your BYOD plan into action:
Identify new business processes
What new processes must be implemented and communicated to your employees who will be using BYOD? Here are a few examples:
1. New employees: Create a brief and user-friendly BYOD manual. This manual should inform new hires on the BYOD registration processes required right away as well as educate them how to implement passcodes and other security measures for their device. The sooner your BYOD users are informed the better for everyone involved. It’s important this piece of communication is created in an easy-to-understand and succinct manner. Arming your new employees with a good grasp of how to implement some security best practices from the beginning can go a long way towards minimizing headaches down the road.
2. Departing Employees: It’s equally as important to set up a process that guarantees the appropriate enterprise mobility personnel are notified when an employee is departing. A consistent process needs to be documented so that user access to your corporate network resources can be disconnected, and if necessary the device wiped. This process will vary depending on which security infrastructure you’ve adopted and if the corporate apps and data are located on or off of employee devices.
3. User sign-on & authentication: This will also differ greatly depending on your industry and the number of applications users need to log into in order to be productive. Do you need to implement a single sign-on process to facilitate workflow and eliminate inefficiencies?
Determine access levels by role and by department
This goes back to defining your BYOD apps and data and how that allows you to achieve your mobility objectives. You can tier access levels by department for high, medium and low sensitivity data and use this as a guide for approving mobile access. For example, some sales roles may require access to CRM and ERP software, while other more senior roles will require access to more strategic and sensitive files. Identify who needs to approve access to these levels. Dissecting each department and mapping out workflows to define access levels is important in making sure the right people in your organization are empowered with the information they need to be productive.
Outline your budget needs
There are several areas of your BYOD program which will require space in the budget:
1. Device and/or data costs: Are you subsidizing employee-owned devices and/or data plans? If so, to what degree? Or are you providing corporate devices and footing the bill (COPE)? Capture the costs for supporting devices and/or data plans for all of your users.
2. Support for BYOD users: Who will be able to dedicate the time resources needed to support your BYOD users and administer access to corporate data? In many cases, creating a new position to handle this responsibility will be needed.
3. BYOD security vendor fees: Whether you are choosing to employ MDM, MAM, VMI or a combination of different security solutions, you’ll need to determine and outline the licensing costs for these vendors.
4. App licensing: Many enterprise and consumer apps require licenses in order to support a rollout across a network of users so it’s important to capture the costs involved.
5. Custom solutions: Different industries that require custom solution (i.e. single sign-on processes in healthcare) are available so once you’ve determined if your organization has industry-specific needs, it’s worth evaluating their potential value vs. cost.
Develop Project Plan and Timelines
Your Policy should collaborate in deciding on the steps or milestones that must be achieved in order to integrate BYOD practices into you your company processes. The scope, resource requirements, costs, communications and procurement requirements must all be identified, preferably on a Gantt chart or other project management document which captures all of the moving parts. This will allow your team to set realistic timelines for each piece of the initiative until the program is ready and up and running.
Illustrate the big picture to gain management approval
The more precisely you are able to communicate the policies, business needs and solutions that will help propel your organization into the new mobile era and help add value to the bottom line, the more likely your senior management will recognize the big picture and commit their support, budgetary and otherwise, to making your BYOD vision a reality. Once your project plan receives the green light, it’s time to go forward and make your organization ready to reap the full benefits of enterprise mobility.