-->

Keep up with all of the essential KM news with a FREE subscription to KMWorld magazine. Find out more and subscribe today!

Establishing a realistic BYOD governance policy

Article Featured Image

This is where iPass comes in. "We provide connections to commercial Wi-Fi networks around the globe for business," says Chris Witeck, iPass's senior director of product marketing. "Our plans provide IT departments with reliable, fixed-rate costs that minimize roaming by their employee's BYODs."

Step four: Start small.

Supporting BYOD on a corporate level does not obligate an IT department to suddenly support all platforms at once. Instead, it is logical to select a few platforms at the outset-both to allow the rollout of BYOD to work at a reasonable and affordable pace, and to allow IT staff a learning curve to become accustomed to the new way of working.

"Many organizations start small," says Durga. "Instead of allowing employees to bring in just about any device, they give them options from among a set of devices. So, for example, employees can use an iPhone or an Android device. As they mature, they add more device types (like Windows) to the mix."

"You have to understand that moving to BYOD is a really wide-ranging initiative for any IT department," adds Kane. "As a result, you need to take your time. Find out which BYOD is most in demand at your workplace, and start with that one. And don't roll out to all users. Select a few executives as a pilot group, and begin with them. There is so much riding on doing BYOD well that you don't want to rush it."

While you're doing that, consider limiting all other BYOD access to core functions, such as e-mail word processing and Web browsing. "But don't go too far, to the extent that you risk alienating your user base," Kane advises. "There always needs to be a balance between security and accessibility."

Step five: Probe for vulnerabilities.

The push for BYOD workplace adoption is being driven by employees, not IT managers. Employees want to use their own devices for the sake of convenience and familiarity. IT managers would likely prefer them not to do so, sticking instead to one corporate-tested and approved device whose weaknesses are well understood and anticipated.

Like it or not, the employees are in the driver's seat on this issue, in part because many BYOD users are executives with the power to override IT. So the smart way to deal with this reality is for IT managers to implement a limited BYOD rollout, and then to do their best to hack it, however they can.

It is better for serious flaws to be spotted and remedied by IT than for them to be discovered as the result of a hacking attack. Besides, if one particular BYOD platform proves to be seriously insecure, IT will have enough proof to convince management to keep it off campus.

Step six: Prepare for problems.

Employees lose their own devices all the time. If you are going to provide their BYODs with access to a business WAN, you must be able to deactivate that access easily and quickly. BYODs with network access should be capable of being wiped remotely, so that sensitive data can be removed.

As for the thorny issue of personal content: The same management system that restricts employee access to all network resources should also be used to prevent employer access to the employee's personal content. This will likely involve setting up some sort of password protection on the BYOD, to ensure that unauthorized users cannot access an employee's personal e-mails and photos.

"You may want to consider having separate data silos on BYODs, so that the employee has one set of password-protected apps for business, and another for personal use," says Kane. "This is one way to protect confidentiality on both sides-and to prevent any legal issues arising from employers looking at employee's personal data."

The time to act is now

BYOD is here, and business knows it. This is why "almost all the organizations that have a reasonably sized IT budget are already rolling out BYOD strategies," says Yarra. Unfortunately, most of those are limited to e-mail and other messaging-related apps: "Very few have gone beyond these basic apps to business applications," he says.

Harnessing the full power of BYOD will require businesses to take this next step, and to back it up with sufficient safeguards to protect their data and intellectual ownership rights. One thing is certain: The sooner IT departments come to grips with BYOD, the better ... for employers and employees alike.

KMWorld Covers
Free
for qualified subscribers
Subscribe Now Current Issue Past Issues