You’ve made your list, have you checked it twice? What does it include that is shiny and nice? An iPad, Android smartphone or a tablet? If Santa leaves one under your tree, I bet you will BYOD.
BYOD or “bring your own device” is seeping into enterprises large and small upending enterprise mobility. For most businesses, enterprise mobility used to come with a short list of best practices like virtual private network access and IT controlled corporate laptops. BYOD has pushed these channels aside with employees opting instead for the latest consumeroriented gadget.
If IT execs had it their way, the Black- Berry would be the BYOD device of choice considering its proven management controls, such as authentication and encryption. Where Apple’s iOS also outpaces the Android platforms with hardware cryptographic keys and an out of the box application security architecture the Android Honeycomb platform does offer some security capabilities.
Unfortunately, with the Android smartphone markets exploding with hundreds of phone models to choice from, phone manufacturers are scrambling to leverage security across all models. Google is beginning to listen though, and are taking enterprise security more seriously in the latest versions of the Android platform, embedding encryption and Exchange OS support in lieu of vendor specific APIs. Not a moment too soon, as of July Google Android encompassed 42 percent of the 82.2 million user U.S. smartphone market, up from 36 percent in April. The Apple iPhone’s market share was 27 percent, outpacing Blackberry, which was 22 percent in July down from 26 percent in April. The Windows phone is barely keeping pace with less than 10 percent of the market share.
As BOYD infiltrates your business, refrain from haphazard security measures sure to incite an employee revolt. Define your mobility strategy like any other business incentive. Form a committee comprised not only of IT, but all lines of business, including your high mobility adopters. Facilitate open discussion on data access and sensitivity, determining your risk tolerance in line with your business model and regulatory compliance requirements. The more sensitive the data your business uses in the course of a normal business day the higher your risks and stricter your security policies should be.
A written policy can serve you well when it includes who pays for the devices and disposal of the old or damaged ones. Who will retain control over installation and removal of enterprise applications such as email and VPN profiles?
Will it be a corporate paid device? Who gets a phone? Not everyone will get a company provided device — your policy should spell out device and service plans by job title and responsibilities. Will personal use be allowed? Remember employees talk — if a stipend system will be used insure uniformity.
Who owns the phone number? Your customer facing employees are the face of your company. Issue corporate phones or utilize your onsite PBX for call routing via unified messaging.
Upon separation, will you wipe a phone completely even if the employee owns it? Will all cameras need to be disabled to insure data theft via camera is minimized?
The policy should also address support — how much time will your IT staff spend fixing a phone that just returned from vacation? Will the corporate device go on vacation?
What happens if there is unacceptable use? At minimum, employees should acknowledge the rules and their role in securing company data and consequences, if any, for non compliance.
The impetus is on you to foster mobility connectivity insuring the highest level of productivity for your workforce while providing secure access. Jon Heimerl of Solutinary agrees BYOD is playing out across the corporate landscape. “We are at the point now where companies are starting to say, “We’ve got to embrace mobile technologies and smart devices and support them, whether we really want to or not, because that’s the way of the world right now.”
Jill Van Hoesen is chief information officer for Johnson Newspapers and a 25-year IT veteran. Contact her at firstname.lastname@example.org. Her column appears monthly in NNY Business.