Get expert advice on building an effective BYOD strategy

The CIO-level business angle on the latest tech

Is your organization struggling with the task of creating a “bring your own device” (BYOD) strategy to deal with all those iPhones, iPads, Android devices and Windows Phones your coworkers are clutching? If so, you certainly aren’t alone. This is a top-of-mind issue for many IT and security professionals who want to give their colleagues mobile network and application access in a controlled manner that doesn’t invite risk and vulnerabilities.

The members of Wisegate, the business social network site for IT and security professionals, are working their way through this same challenge. The members have been polling each other and holding sharing sessions to give each other insight on what they’ve done, how they’ve done it, what works, and what doesn’t work.

Tech argument: Corporate-owned vs. employee-owned mobile devices

BYOD: There is no stopping employees' devices on your network

To continue reading, register here to become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Is your organization struggling with the task of creating a “bring your own device” (BYOD) strategy to deal with all those iPhones, iPads, Android devices and Windows Phones your coworkers are clutching? If so, you certainly aren’t alone. This is a top-of-mind issue for many IT and security professionals who want to give their colleagues mobile network and application access in a controlled manner that doesn’t invite risk and vulnerabilities.

The members of Wisegate, the business social network site for IT and security professionals, are working their way through this same challenge. The members have been polling each other and holding sharing sessions to give each other insight on what they’ve done, how they’ve done it, what works, and what doesn’t work.

Tech argument: Corporate-owned vs. employee-owned mobile devices

BYOD: There is no stopping employees' devices on your network

Wisegate is sharing some of this insight in a new report called “IT Peers Share Advice on Effective ‘Bring Your Own Device’ (BYOD) Strategies.” This is your opportunity to learn what these information security experts consider when they develop corporate strategies and policies for smartphones and tablets. The report is full of opinions and advice on topics like:

• What devices and mobile operating systems the Wisegate members prefer to support, and which ones they avoid, and why
• What mobile device management (MDM) products they have evaluated and chosen
• The sensitivities and challenges of wiping data off devices that are not company-owned
• What to put into end user agreements and how often to ask employees to sign them
• Who from your company should be involved in developing and/or approving the policy

Members offer advice based on experience

Even if your organization has already developed a BYOD strategy, the Wisegate report is worth a read just to see if there’s anything you might have overlooked. For example, one great bit of advice I picked up was to have workers re-read and re-sign their user agreements at least twice a year to avoid any “lapse of memory” over what employees agree to when they use these devices. This can help prevent conflicts if you ever have to wipe a device clean and the employee cries foul over losing personal photos and information.

Other bits of insight from the report including the following:

• Android’s not ready for the enterprise. From a risk and vulnerability viewpoint, the Wisegate members are hesitant to allow Android-based devices on their networks. The thinking is that the application marketplace for Android is somewhat “chaotic” and uncontrolled. Any developer can place any application on the public marketplace, making it too easy for end users to pick up viruses and malware.
• Involve HR and Legal in policy development. While the IT group may take the lead on developing smart device policies, the team should also include representatives from Human Resources and Legal, as well as constituents from key user groups. The HR and Legal reps will help eliminate ambiguity in the policies, and the user representatives will encourage compliance with the policies.
• Give considerable attention to data wipe policies and procedures. Since one of the key risks of allowing the use of these devices is data vulnerability, you must consider how to wipe data off a lost or stolen device. A select wipe may be able to remove company data without affecting personal data; a full wipe will delete both. Make sure your plan is well documented in the user agreement so that workers understand what’s at stake.
• Decide who “owns” the phone number. If workers are permitted to use a personally-owned device for work, there could be an issue over work-related calls going to that phone after the person has left the company. Would you want sales calls intended for your company going to an ex-employee who now works for a competitor?
• Does BYOD really save the company money? Many organizations think they will save money by not having to buy employees the smart devices they use to access corporate assets. However, allowing BYOD can cost as much or more in the long run if IT has to support a variety of device types and the data protection methods get complicated.

Linda Musthaler is a principal analyst with Essential Solutions Corporation.