Before jumping headfirst into the BYOD pool, think about the potential challenges: cost, policies, user support and security.
If you've read my column on the
BYOD challenges: Cost and policy
First, consider how to pay for services. Users may cover the cost of their own devices (although the employer might provide a subsidy), but who pays for the device's voice and data plans? There are a number of possibilities for BYOD cost-sharing. Employers can reimburse a fixed amount or a certain percentage of a wireless bill, or companies can pay only for business-related phone calls. Accounting for data usage is far more complex, because it can be difficult -- or impossible, in many cases -- to determine whether the access was business or personal. I recommend a predefined fixed-percentage reimbursement for data, in most cases. It's easy, simple to calculate and minimizes the opportunity for disputes. Companies can also look into corporate plans to cut the base cost overall.
More on BYOD challenges
Desktop virtualization challenges in the BYOD era
Create and enforce a BYOD policy
Answers to IT's burning BYOD questions
Next, you'll need policies, agreements, education, training and consciousness-raising. At the very least, you'll need acceptable use and security policies. A BYOD agreement should reflect users' understanding of all policies, procedures and tools involved. A training class, online educational tool(s) and/or regular reminders of the importance of adhering to policies are essential, as is appropriate disciplinary action when employees violate policy. Make it clear that careless regard for corporate data and exposing the organization to potential legal or regulatory risks are unacceptable.
Then there's the challenge of user support and its associated costs. It begins with "onboarding" users and their device(s), a process that needs to be as simple and self-service as possible. Help desk staff need to be up to speed on common problems and how to fix them with minimal effort. I recommend limiting users' choice of devices to a few on an approved list. Reducing the opportunity for device proliferation can limit the overhead that comes with supporting any given device or version of an operating system. "Bring your own device" isn't the same as "bring any device."
BYOD challenges: Management and security
BYOD can also affect management and operations. While mobile device management is the best way to manage enterprise-owned devices, it's a little more problematic with personal devices. The agreements noted above should clearly spell out what the firm can and cannot do with respect to device configuration, policy enforcement and usage tracking, as well as how enterprise-owned data will be managed on devices and the applications that access that data.
And finally, the biggest of the BYOD challenges is security. Any IT manager who isn't concerned about sensitive organizational information walking around on user-owned devices isn't paying attention. This topic is so big that it deserves its own column (which it's going to get). There are steps IT can take to improve security, even though the security challenge crosses technical, operational and even cultural lines.
It would be wrong to jump into BYOD without careful consideration of the BYOD challenges. But as BYOD gains popularity, the technologies, systems and procedures required to make it work are evolving just as rapidly. And while the dives noted above will be more like a toe in the water in the short term, just about everyone will eventually find that the BYOD pool is indeed the place to be.
This was first published in January 2013