Mobile // Mobile Devices
06:50 PM

Survive The BYOD Revolution

When employees use their own devices at work, problems can result. Here are seven ways to cope.

Get our report
on end user device management,
free with registration
Picture this:Your company's new CMO just called. She wants to use her iPhone to get her corporate email--could you send someone up to help configure it? And by the way, her assistant has an Android phone, and he needs email access, too.

The two smartphone platforms have different malware profiles, both make use of open Wi-Fi hotspots, and both will store sensitive product data. But a flat-out "no" won't go over well, and just granting access with no controls could lead to disaster. Brace yourself as smartphones continue their march from high-end perk to wildly successful consumer product, and tablets take a similar path.

Our InformationWeek 2011 End User Device Management Survey found companies warming to consumer-centric technologies, including employee-owned devices. But before you incorporate mobility into your line-of-business apps, you need a policy that covers the bring-your-own-device (BYOD) option. Here are seven questions you must answer:

1. Who gets what? Probably not everyone gets a company-provided device. This decision should be based on roles and spelled out clearly. The policy should specify what device and service plan are authorized for each job title and who has the authority to overrule the policy.

2. Who pays? Specify if BYOD is allowed, and if so, what the reimbursement policy is.If it's a corporate-paid phone, are personal voice and data use allowed, and how much? If employees are reimbursed, setting the rate too low can cause disgruntlement.

3. Which ecosystems? Not all mobile operating systems are created equal, and their capabilities improve on an erratic schedule. For example, BlackBerry is still the standard for mobile security, while the Android 2.x releases and Windows Phone 7 don't support on-board encryption, creating a security threat if a device is lost or stolen.

Evolving environments mean IT should specify both the operating systems and version levels allowed, and define a procedure for testing and certifying new devices, platforms, and releases.

4. How will you provide support? This is where mobile device management systems such as those from AirWatch, MobileIron, and Zenprise come in. MDM capabilities vary, but you'll generally find policy enforcement and remote wipe and lock standard. Many systems also feature internal app stores and troubleshooting tools. Most require a client be installed on the mobile device, so you need to define procedures to install the client and activate the user..You'll also need to determine how to get the client off the device when the user leaves the company.

65% Are open to employees using new consumer-centric technology
65% Expect an increase in employee-owned devices accessing business resources
33% Have plans to build custom business apps for mobile devices
Data: InformationWeek 2011 End User Device Management Survey, Feb. 2011, and Mobile Device Management and Security Survey, August 2011

5. Who controls phone numbers? Consider whether you need to retain the mobile phone numbers of employees in customer-facing roles when they leave. The easiest approach is to issue corporate-provided phones. Another option is to use a PBX client so business calls go through the PBX.

6. How about noncompliance? Users are the weak link in any security plan, so identify how they'll be trained in mobile device use, how IT will let them know what isn't acceptable, their role in securing company data and minimizing liability, and the consequences for not complying. Employees should sign a document acknowledging they know the rules; that should be repeated with each policy update.

7. When will you revisit policies? Spell out how often you intend to re-evaluate your mobility policy--we recommend one year as the maximum.

Michael Finneran is a consultant specializing in mobile technologies. Write to us at

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
11/3/2011 | 3:44:21 PM
re: Survive The BYOD Revolution
Security concerns arise with the introduction of new mobile devices to the corporate network, and implementing a Mobile Device Management solution is an effective way to protect and secure these devices.

I work for AirWatch (AW), a Mobile Device Management provider, so I am familiar with the pains IT departments face in deploying a BYOD program and how deploying an MDM solution can address the new security concerns.

IT departments often decide to enforce different policies for personal devices as compared to corporate owned devices. An important feature in AW is the ability to label devices as Corporate Dedicated, Employee Owned, or Corporate Shared so that each type of device can be managed according to a specific Corporate vs. BYOD policy. Additionally, a device type can be specified for each user in order to control the type/s of device/s each user is allowed to connect to the corporate network.

When implementing a BYOD program, various aspects of security should be considered. In order to accommodate each security concern, AW provides centralized management of:
- Security Restrictions
- Passcode Policies
- Corporate Email
- Corporate VPN
- Corporate Wi-Fi
- Enterprise Certificates
- Enterprise App Catalogue

The topic of compliance is another important issue. As part of the AW device enrollment process, end-users must accept a EULA agreement confirming that they understand the terms of use. Compliance rules can be set to monitor end-user adherence to corporate MDM policies, and automated actions will occur in the event of incompliance. When an incompliant device is discovered, the flexible rules engine can notify administrators or end-users, perform an Enterprise or Full Device Wipe, or remove access to the corporate network.

If an employee utilizing the BYOD program leaves the company, an Enterprise Wipe can be performed in order to remove all corporate data from the device.

If you are interested in learning more about MDM, you can watch a comprehensive video:


The AirWatch Team
User Rank: Apprentice
10/31/2011 | 7:45:38 PM
re: Survive The BYOD Revolution
It's a tough problem for IT, especially if most of your corporate apps are browser-based (which really limits your ability to block access to them).
I'd shy away against putting things on someone else's device, as once you install an app on a device, you have to fully support that device.
I do like the solutions that use VMs or device partitions to separate corporate data and apps from personal data and apps.

Jim Rapoza is an InformationWeek Contributing Editor
User Rank: Apprentice
10/31/2011 | 3:58:43 PM
re: Survive The BYOD Revolution
Good stuff here. I would add as well that organizations might want to think about what happens to corporate data on the devices of people who leave the company.
Brian Prince, InformationWeek contributor
Building A Mobile Business Mindset
Building A Mobile Business Mindset
Among 688 respondents, 46% have deployed mobile apps, with an additional 24% planning to in the next year. Soon all apps will look like mobile apps and it's past time for those with no plans to get cracking.
Register for InformationWeek Newsletters
White Papers
Current Issue
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.