Freedom in the enterprise: It’s the way of the future, and it is here to stay. But freedom without structure equals chaos. For most organizations, adapting to the BYOD world and finding this balance has proven to be a work in progress, and for some the road has been a rocky one.
A recent study by research firm Ovum found that 62 percent of BYOD employees are doing so with no policy in place. But despite that, employees are going ahead with BYOD – with or without their company’s approval. It’s time to accept and embrace BYOD for what it is – the future. But in order to make BYOD work for your organization, you need a well-researched and defined policy that is tailored to who needs access to corporate data, what apps and programs they need to be productive, which devices and operating systems (OSs) will need support and how to best secure this data in scalable and sustainable way not just for the short-term, but well into the future. Asking the right questions will help you define the requirements for successful enterprise mobility and how to keep it secure.
It’s important not to forget that implementing BYOD in your organization is meant to enhance your business in ways that greatly exceed the security adjustments needed to realize this vision. Effective BYOD is not a one-size-fits-all solution for every organization or industry, so it’s vital at the very beginning to obtain valuable and actionable feedback from your security team as well as management and staff at different levels who are the BYOD end-users. That way you can create policies that are driven by their needs and your organization’s strategic objectives, while aligning with regulatory and compliance requirements.
Here’s an overview of the steps you should take to create a BYOD policy. Covering these bases will help your company strike the balance between BYOD freedom and security.
BYOD POLICY CHECKLIST
| Step 1: Define your BYOD Policy Team | |
| Which Personnel (i.e. IT, HR, Finance, etc.) can form your policy team be channels to obtain accurate feedback on the BYOD needs of your employees?Example: Have Communications prepare a survey distribute via your BYOD policy team to gather feedback. |
 |
| Step 2: Define your BYOD Objectives | |
| What tasks do your employees need to perform by using BYOD? For example:
|
|
What are the main strategic benefits you expect to see from your BYOD program? For example:
|
|
| Step 3: Define BYOD apps data | |
| What data must employees access to achieve the BYOD objectives? Engage departments business units to define the functions roles who need to access corporate information on mobile devices. | |
What data in your company is highly proprietary/sensitive? Separate data into categories of sensitivity. Example:
|
|
| Which apps are most in-demand by employees in your organization why? List apps by department function. Sales – CRM to generate quote documents Admin. – Time tracking, expense reporting apps etc. | |
| What are the UX requirements that work best for your employees? Example:
|
|
| Step 4: Define the BYOD Users | |
| Who in your organization needs to access work email business apps away from the office? List the departments functions that apply. | |
| Which employees require special permission for mobile access to information that is highly sensitive (Proprietary/Confidential)? Example: CFO – financial data |
|
| Which employees require mobile access to lower levels of data sensitivity? Example: Customer Service reps – access to emails calendar. |
|
| Step 5: Identify Security Threats Vulnerabilities | |
| Which mobile devices OSs are being used by your defined BYOD users? Example:
|
|
| Which types OSs devices cannot be supported for BYOD by IT Why? Example:
|
|
| Which device vulnerabilities must be excluded from your BYOD Program Example: Jailbroken Rooted Devices |
|
Once you’ve gathered all of the information and determined your BYOD policy congratulate your team! This is the first major step towards a successful BYOD program. The next step is implementation of your BYOD policy. In Part II of this series, we’ll break down the different considerations you should make in determining the security approach that will best fit your organization. Stay tuned!