According to a recent Gartner report, “by 2016, 20% of enterprise BYOD programs will fail due to deployment of mobile device management measures that are too restrictive.” Creating balanced BYOD policies that ensure your organization’s data security is no small feat. If your policies are too restrictive, no one will participate. You need to think outside of the security box. These 5 tips can help IT to ensure the proper BYOD balance.
- Define policies that users can live with.
- BYOD is about freedom of choice.
- Make a clear separation between our work and personal lives on the device.
- Prefer BYOD options that don’t leave data on the device.
- Communicate and use common sense.
Define Policies That Users Can Live With
Heed the lessons of previous BYOD experiments. Your users will never agree to handing over their devices so you can disable screenshots. Unless you run a spy agency, you don’t need geotracking on your employees’ devices. You also don’t need access to any of their personal apps. Focus on what you absolutely need in order to secure enterprise data. If you don’t, your employees will not participate in your BYOD program.
BYOD is about freedom of choice
BYOD is a consumer lead revolution; IT definitely didn’t invent it. Keep in mind that BYOD is about freedom of choice. I am appalled when I see BYOD rules that dictate which device models employees can work on. When it comes to apps, offer a few choices for each type of app that your employees will be using. Add a few email, calendar and document editing apps to your Enterprise App Store.
A recent Gartner reports states that “your employees use many devices and they expect to use any device or application anytime, anywhere.” Internalize this.
Make a clear separation between our work and personal lives on the device
Almost every BYOD solution includes email, a calendar and a contacts. Make sure your employees know not to use their work apps for personal use. If and when they leave your company, those apps will be deleted from their device. Make it clear to your employees where IT has rights (on the work apps) and that they should never forward work emails to their personal email account. Good fences make good BYOD policy.
Prefer BYOD options that don’t leave data on the device
Choose apps that do not store data on the device. When app data is stored in the cloud, there is much less potential for data leaks. IT will need less policies and it will make the employee’s life easier. Your employees will be thrilled to know that work data doesn’t join them everywhere they go.
Communicate and use common sense
Communicate your BYOD policies to your employees – on paper and in person. Instead of sending a dry email full of technical terms that non-IT personnel will never understand, convene a BYOD workshop and give everyone a chance to ask questions.
Make it crystal clear what IT will do with the administrative rights they have on your users’ devices. Let them know that you will never use the “nuclear option” and wipe the entire device. It is important that they are aware that the worst case scenario is waking up and finding their work apps and data wiped. In the post-Snowden revelations era, mobile users want to know that you will never look at their private data nor will you perform backups. They now know what metadata is and you need to assuage their concerns.
Mistakes are bound to occur; don’t install a regime of fear. Isn’t it better when employees feel free to approach IT and say, “I think I made a mistake with our app. How do I fix it?” Let them know they can come down from the tree and they will share their experiences and mishaps with you.