Get expert advice on building an effective BYOD strategy

Is your organization struggling with the task of creating a “bring your own device” (BYOD) strategy? Pick up some pointers from some of the leading expert practitioners in information security. The Wisegate community has just published a new report on effective BYOD strategies.

Is your organization struggling with the task of creating a “bring your own device” (BYOD) strategy to deal with all those iPhones, iPads, Android devices and Windows Phones your coworkers are clutching? If so, you certainly aren’t alone. This is a top-of-mind issue for many IT and security professionals who want to give their colleagues mobile network and application access in a controlled manner that doesn’t invite risk and vulnerabilities.

The members of Wisegate, the business social network site for IT and security professionals, are working their way through this same challenge. The members have been polling each other and holding sharing sessions to give each other insight on what they’ve done, how they’ve done it, what works, and what doesn’t work.

Tech argument: Corporate-owned vs. employee-owned mobile devices

BYOD: There is no stopping employees' devices on your network

Wisegate is sharing some of this insight in a new report called “IT Peers Share Advice on Effective ‘Bring Your Own Device’ (BYOD) Strategies.” This is your opportunity to learn what these information security experts consider when they develop corporate strategies and policies for smartphones and tablets. The report is full of opinions and advice on topics like:

• What devices and mobile operating systems the Wisegate members prefer to support, and which ones they avoid, and why

• What mobile device management (MDM) products they have evaluated and chosen

• The sensitivities and challenges of wiping data off devices that are not company-owned

• What to put into end user agreements and how often to ask employees to sign them

• Who from your company should be involved in developing and/or approving the policy

Members offer advice based on experience

Even if your organization has already developed a BYOD strategy, the Wisegate report is worth a read just to see if there’s anything you might have overlooked. For example, one great bit of advice I picked up was to have workers re-read and re-sign their user agreements at least twice a year to avoid any “lapse of memory” over what employees agree to when they use these devices. This can help prevent conflicts if you ever have to wipe a device clean and the employee cries foul over losing personal photos and information.

Other bits of insight from the report including the following:

• Android’s not ready for the enterprise. From a risk and vulnerability viewpoint, the Wisegate members are hesitant to allow Android-based devices on their networks. The thinking is that the application marketplace for Android is somewhat “chaotic” and uncontrolled. Any developer can place any application on the public marketplace, making it too easy for end users to pick up viruses and malware.

• Involve HR and Legal in policy development. While the IT group may take the lead on developing smart device policies, the team should also include representatives from Human Resources and Legal, as well as constituents from key user groups. The HR and Legal reps will help eliminate ambiguity in the policies, and the user representatives will encourage compliance with the policies.

• Give considerable attention to data wipe policies and procedures. Since one of the key risks of allowing the use of these devices is data vulnerability, you must consider how to wipe data off a lost or stolen device. A select wipe may be able to remove company data without affecting personal data; a full wipe will delete both. Make sure your plan is well documented in the user agreement so that workers understand what’s at stake.

• Decide who “owns” the phone number. If workers are permitted to use a personally-owned device for work, there could be an issue over work-related calls going to that phone after the person has left the company. Would you want sales calls intended for your company going to an ex-employee who now works for a competitor?

• Does BYOD really save the company money? Many organizations think they will save money by not having to buy employees the smart devices they use to access corporate assets. However, allowing BYOD can cost as much or more in the long run if IT has to support a variety of device types and the data protection methods get complicated.

There’s lot more good insight in the Wisegate report. Find it here. If you’d like to request an invitation for Wisegate membership, go here.

Linda Musthaler is a Principal Analyst with Essential Solutions Corporation.  You can write to her at LMusthaler@essential-iws.com.

______________________________________________________________

About Essential Solutions Corp:

Essential Solutions researches the practical value of information technology, and how it can make individual workers and entire organizations more productive.  Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.  

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Related:

Copyright © 2012 IDG Communications, Inc.