ORLANDO -- As workers meld their personal and professional lives, the modern enterprise becomes awash in user-owned smartphones, tablets and laptops. It's a trend that has concerned business managers and IT pros alike.
At Gartner ITxpo in Orlando this week, Nick Jones, vice president and distinguished analyst at Gartner, outlined the essential elements of a bring your own device (BYOD) program. While IT can no longer exercise draconian control over every user-owned device, it's important for each business to consider its BYOD program carefully and update it to keep pace with the rapid changes taking place in the mobility arena. BYOD programs have evolved to encompass a huge scope of issues including the following:
Scope and eligibility. Not every employee may need access to the company network, and companies routinely limit the scope of their BYOD program to eligible employees. IT and business teams must define the eligibility of mobile employees and decide who may and may not use mobile devices for work purposes.
Acceptable platforms. The ideal goal of mobility may be to allow worker productivity with any "smart" device, but this doesn't mean that every device should be allowed on the corporate network. Spend time identifying which mobile platforms should be allowed and make those decisions clear to the user base well in advance. This list of acceptable platforms will likely be updated on a frequent basis.
Tools and technologies. The foundation of a BYOD program includes deciding just which devices the company can and will support, and implementing the tools and technologies needed to enable that access. For example, devices may need new Wi-Fi access, which may demand proper access point coverage across the business campus.
Support levels. A proliferation of end-user devices poses a support nightmare for IT staff, and there are limits to the amount of practical support the business can provide. A BYOD program must define the support options and processes that users must follow when working with the corporate network.
Ownership and reimbursement policies. It is standard practice for businesses to provide some type of reimbursement to employees that purchase and use their own endpoint devices for work. Generally, organizations cannot force users to buy or use certain devices, but preferred platforms can be encouraged. For example, some organizations tie reimbursement to "preferred" devices, which the organization may be better-positioned to support.
Security and privacy needs. Security issues remain the bane of corporate mobility. No organization wants an employee with a malware-infested tablet compromised to wind up behind the corporate firewall with access to sensitive business data. Implement security measures that provide control over user devices -- such as wiping compromised devices -- while still respecting the users' privacy where possible.
User access to corporate assets and applications. It's almost certain that different users will have different levels of access to corporate data and varied applications from the enterprise app store. Evaluate, plan and implement the policies and tools needed to ensure proper access for local and remote users.
Policies and enforcement. Beyond access, corporations also need to address acceptable use policies, verify that users understand and agree to those policies, and implement the tools needed to identify and react to any breaches in those acceptable use policies. Tools can help to track behaviors and differentiate between occasional, accidental breaches and repeated, malicious breaches.
Ultimately, the cost of a BYOD program is justified by increases in worker productivity and end-user engagement. "For most organizations, BYOD isn't about saving money but empowering employees," Jones said.
Dig deeper on Mobile policy and enforcement for consumerization