BYOD Risks, Rewards and Best Practices
An increasing number of companies are allowing employees to use personal devices in the workplace, a trend known as Bring Your Own Device (BYOD) — or Bring Your own Technology (BYOT), Bring Your Own PC (BYOPC) or Bring Your Own Computer (BYOC) — and named the biggest CIO challenge of 2010 by TechRepublic.
Several technology and cultural advancements have combined over the past 5-10 years to make BYOD a necessary reality. Key drivers include:
- The consumerization of IT and commoditizing of laptops, smartphones and tablets brings end users to demand the ability to use their own devices in the workplace.
- Expectations from millennials, or Generation Y, require organizations to meet the desires of their employees to work remotely and flexibly — anytime, and from anywhere.
- Virtualization and cloud computing enable organizations to provide secure and manageable data accessibility to the network from non-corporate devices.
As with any new technology, the implications of BYOD can be both positive and negative:
- Employees are empowered by using personal devices in the workplace, and it’s been shown to increase overall job satisfaction and productivity. BYOD can help attract and retain top performers that seek flexible work hours and mobility. IT benefits from a simplified technology infrastructure and reduction in end-user troubleshooting.
- On the flip side, BYOD brings concerns for data security and system compatibility to the forefront.
Who Can Use Personal Devices at Work? Almost Anyone.
BYOD spans multiple industries, often with unique uses and challenges.
In the medical industry for example, the first thing that may come to mind is data security, and HIPPA privacy laws. However, the Boston Medical Center is currently piloting BYOD among doctors who prefer the simplicity of the iPad for writing notes at patient bedsides.
Placing specific restrictions and stipulations on the use of outside devices is one way that IT supports and controls personal devices brought into the workplace. To help regulate the Boston Medical Center, mobile device fingerprinting allows IT to identify every device on its network and automate certificate installation, which guarantees that only authorized devices and users can access a network.
With access to critical data funneled through employee-owned devices, remote-access software that enables offsite support, management and virtualization — such as VMware View or Citrix Access Gateway, XenDesktop and/or XenApp — keeps corporations in control.
Whirlpool is another company on board with BYOD. Kevin Summers, the chief information officer at Whirlpool, said that eventually the appliance-maker expects 60 percent of work computing equipment to be employee-owned. Other companies embracing BYOD include Carfax Inc., Pharmaceutical Product Development Inc., USAA and more.
To Maintain Control, Take it Early.
Ensuring that your company is ready for its employees to bring a variety of personal devices to the workplace means having clear policies set in place. Be sure that your employees understand both the rules and consequences of your policies, and that the policies are enforced.
When outlining your company’s BYOD policy, some IT and C-suite considerations include:
- A model for BYOD — is it truly “bring your own” or will your company offer a stipend? In stipend models, it’s important to determine the amount the company will spend on the purchase of an employee’s device, and/or voice and data plans.
- Installment of company software on personal devices, such as client hypervisors and remote-access software in case of device loss or theft.
- Policies and contracts that clearly state who owns what data.
- Signed corporate policy agreements stating that if the personal device is lost, stolen or infected, the entire device will be cleared of all data — which may include personal images, documents, etc. — to avoid disclosures of confidential company information.
- Predetermined list of allowable devices and applications, which can significantly improve IT support and compatibility.
- Procedure for requesting new devices and applications, and for gaining approval on new technologies.
- Process and timeline for removing company access, data, and secure software from device when it will no longer be used for professional purposes.
- Support policies that outline when issues will be handled by IT, the end user or the device manufacturer.
- Additional considerations from Dan Woods of Forbes are also available.
BYOD also requires that IT will rely on virtualization technologies to securely and professionally manage business operations and devices.
By approaching BYOD with an open and aware policy, you prepare everyone – end users, IT and executives – for what is to come, and lay the foundation for a sound transition.
Other MCPc blog posts related to BYOD include:
Is your company integrating BYOD as a part of your organization’s IT and business strategy? What are you doing to get started, or what challenges have you overcome thus far?
Andy Jones is Senior Vice President of Sales. He has more than 15 years of IT industry experience, and is an expert on cloud, virtualization and managed services solutions. Connect with Andy on LinkedIn.
Stay Connected with MCPc: Subscribe to the blog; follow us on Twitter, Facebook or LinkedIn.
Image credit: nixxphotography / FreeDigitalPhotos.net