BYOD is becoming a fact of life for many organizations. If you're about to get your BYOD program off the ground, consider these cautionary pointers.
BYOD lets employees use their personal phones and laptops for work—and it's rapidly gaining acceptance. Here are 10 mistakes to avoid as you consider how to implement your own BYOD program.
1: Resisting BYOD
It may seem obvious in a list of BYOD mistakes, but resisting BYOD is becoming an increasingly untenable policy. As computing devices have grown to be more personal, trying to dictate device usage to employees is similar to telling them what brand and color pens they're allowed to use.
2: Not supporting common devices
It's tempting to support only a limited selection of BYOD devices, or only one brand or operating system; however, providing more choices rather than fewer is key to successful BYOD. In general, the tradeoff for BYOD is that users are providing their own hardware and software support, so limiting device selection generally does little to change your support requirements. Similarly, it makes sense to support common form factors. BYOD should be about more than employee-owned phones, and once you have the structures and policies in place for one device type, it's generally easy to extend that support to BYOD smartphones, tablets, and laptops.
3: Going "NSA"
Devices contain everything from work-related emails to intimate photos. Just because a management toolset allows you to access and monitor everything on an employee's personal device does not mean you should do so. Furthermore, it's important ensure that access to monitoring tools is tightly controlled. It's respectful of your employees' privacy and also a good measure to prevent legal troubles should IT be found misusing these tools.
4: Not supporting native email and calendar
Some companies attempt to enforce use of nonstandard email and calendar apps on employee devices in the name of security or control. Most modern mobile OSes can now segregate corporate email in different secure "containers," eliminating the purported benefit of special email clients. Furthermore, relying on some obscure email vendor to create a better email experience than Apple or Google is a recipe for frustration.
5: Trying to secure the endpoint
One of the major areas of contention in BYOD programs is that they allow "unsecure" devices onto corporate networks. However, BYOD policy or not, we're well past the days when end-user devices could be presumed secure and "trusted." Whether it's an employee laptop or corporate-issued phone, allowing end-user devices free rein over your network is bad policy. Secure your applications and infrastructure and you won't have to chase the impossible goal of securing end-user devices.
6: Not facilitating self-support help groups
Since BYOD programs often attract tech-savvy early adopters, help facilitate these pioneers by providing self-support tools. Many companies create intranet pages or publishing mechanisms, so users of a particular platform can publish tips on how to set up these devices to access corporate services. For little more than a few pages on your intranet, you can make your employees your first line of BYOD support.
7: Instituting a "we don't support that" help desk
A major frustration of BYOD users is calling support for an application problem and being told "we can't support you" since they're on a BYOD device. BYOD should not be a license for your help desk to end a call immediately upon discovering an employee is on a personal device. Rather, initial troubleshooting should seek to identify if the problem is related to the device or a corporate application or service.
8: Creating cellular plan barriers
BYOD usually starts with smartphones, which have effectively replaced desk phones for many workers. As part of the transition, employers usually require employees to transfer their devices onto a corporate cellular plan. This is fine policy and makes reimbursement transparent to employees, but you should avoid making this process overly burdensome or expensive. Signing on with only one carrier or requiring employees to give up their phone number can slow adoption of your otherwise well-executed BYOD plan.
9: Not matching security to risk
Although there are certainly security risks to allowing employee devices to access company services, you must take care to match the security requirements to those risks. If you demand that employees install a half-dozen security applications that slow their laptop to a crawl, or mandate a 15-character alphanumeric password and 30-second timeout on their phones, you'll tilt the balance too far. Remember that the ultimate goal of BYOD is to make employees more productive and effective by allowing them to use their preferred devices. Putting unreasonable security requirements in place where there is little sensitive data at risk is generally going too far.
10: Not reaping the benefits
BYOD may largely have been seen as an employee benefit, but there are also benefits for IT. With widespread BYOD adoption, you can effectively transition hardware and software support to your end users and their vendors. A room full of hardware and support staff can be replaced by a closet with an assortment of chargers and a loaner laptop or two. As BYOD takes hold, consider how IT assets can be dedicated to supporting company-owned devices and be redeployed.
Other BYOD pointers?
Have you hit any rough patches with your company's BYOD program? Share your advice and suggestions with fellow readers.