The success of a BYOD program lies in cautious creation of a bring-your-own-device policies, but many companies are negligent to write them. BYOD trend is becoming the leading strategy for provisioning subscriber devices in most software development companies in India over the next few years. There are a lot of interesting strategies, products and services that make BYOD effective and easy for the companies. BYOD isn't a free-for-all, do-what-you-want condition. Cautious planning and end-to-end strategizing are required before a company purchases any systems for managing BYOD.
Here are some of the key factors to consider for establishing a successful BYOD policy:
The permissible devices
The devices used during the decade of Blackberry services were pretty clear (i.e. only the Blackberry phones were used for work). Now in the era of iPhone and android, this decision is not that easy. Make sure you specify the devices that are permitted in your corporate network. The version and model number of these devices should also be taken into consideration while selecting the devices. The device choices can be any of the following:
- Android phones
- Android tablets
- Phablets (i.e. Phone + Tablets)
Security of data and devices
There is a lot of confidential information in the mobile devices connected, and accessing the corporate network of your software development company. There is a need of strong password attached to devices of employees at all times. Many employees don’t even have a password or screen locks on their personal devices, because they see it as an interference to quick access, so this needs to be addressed to prevent security breaches. Other security factors include the use of antivirus apps, other security softwares and proper configuration of firewall in your BYOD policy.
Services for selected devices
It's important for employees to understand the helpdesk boundaries when questions or problems creep up with personal devices. To set these boundaries, you'll have to provide a solution for the following questions:
- How much support for initial connections by personally owned devices, to the corporate network will be available?
- If a device breaks, what support is assured from IT representatives of the software development company?
- Is there a provision of application support on devices owned by the employees?
- Will you limit Helpdesk to tickets addressing email, calendar and other personal information management-type applications only?
- Is your support basically a remove and reconfigure operation?
- Will you provide other devices on a temporary basis to employees while their phone or tablet is being serviced?
You need to make a decision on what apps will be allowed or banned which is commonly referred to as whitelisting or blacklisting. A BYOD policy should explain that IT has the authority to prohibit the use of certain applications that might threaten the security or integrity of the data used in corporation. This applies to any device that will connect to your network, whether corporate or personal. The concern is whether users can download, install and use an app that presents security or legal risk on BYOD devices that access sensitive corporate information of a software development company. What if a poorly written instant chat messenger steals your organization's address book?
Alignment with acceptable use policy
Allowing personally owned devices to potentially connect to your VPN introduces concern regarding what activities may and may not be permitted. Some of the points that require discussion are:
- If you set up a VPN tunnel on a mobile device and then your employees post to social networking, is this a violation?
- What if your employees browse objectionable websites while on their device's VPN?
- What if they transmit, either purposely or not, inappropriate material over your network, even though they're using a personally owned device? What authorizations are there for such activity?
- What monitoring approaches and tools are available for enforcement of such policies?
If you already have an acceptable use policy in place, integrate BYOD policy with it.
Employee Exit Plan
What happens when employees with devices on your BYOD platform leave the organization? How do you enforce the removal of access tokens, e-mail access, data and other proprietary applications and information? The consideration of how will the back up of user’s personal photos, apps, video, etc. will be performed before the mobile device is wiped, is of prime importance. Make a clear plan, document it and share this with the employees.
A written and properly implemented agreement between authorized users and the organization is essential. Companies should run any proposed policies by their legal advisories before drafting any agreements and putting them into practice. Laws vary significantly from authority to authority and from nation to nation.
Conclusion: If you have not embraced BYOD yet, get ready, because its propagation will only continue to accelerate. With a strong BYOD policy, IT can sleep better at night knowing that they have governed their BYOD environment.