BYOD: add a touch of freedom
According to a recent Gartner report, 20% of enterprise bring-your-own-device (BYOD) programmes will fail by 2016 - primarily due to deployment of mobile device management measures that are too restrictive.
Nubo Software, a company that aspires to bridge the gap between security, IT departments and increasingly mobile employees with modern demands, says creating balanced BYOD policies that ensure data security is no small feat. "If your policies are too restrictive, no one will participate."
Nubo says organisations need to think out of the security box if they are to strike the right BYOD balance. The following five tips offer advice on how companies can achieve this:
1. Define policies that users can live with: Heed the lessons of previous BYOD experiments. Users will never agree to hand over their devices so you can disable screenshots. Unless you run a spy agency, you do not need geotracking on employees' devices. You also do not need access to any of their personal apps. Focus on what you absolutely need in order to secure enterprise data. If you do not, employees will not participate in the BYOD programme.
2. BYOD is about freedom of choice: BYOD is a consumer-led revolution - IT definitely did not invent it. Bear in mind that BYOD is about freedom of choice. Do not issue BYOD rules that dictate which device models employees can work on. When it comes to apps, offer a few choices for each type of app that your employees will be using. Add a few e-mail, calendar and document editing apps to your enterprise app store. Gartner says: "Your employees use many devices and they expect to use any device or application anytime, anywhere." Internalise this.
3. Make a clear separation between work and personal lives on the device: Almost every BYOD solution includes e-mail, a calendar and contacts. Make sure employees know not to use their work apps for personal use. If and when they leave the company, those apps will be deleted from their device. Make it clear to employees where IT has rights (on the work apps) and that they should never forward work e-mails to their personal e-mail account. Good fences make good BYOD policy.
4. Prefer BYOD options that don't leave data on the device: Choose apps that do not store data on the device. When app data is stored in the cloud, there is much less potential for data leaks. IT will need fewer policies and it will make the employee's life easier.
5. Communicate and use common sense: Communicate BYOD policies to employees - on paper and in person. Instead of sending a dry e-mail full of technical terms that non-IT personnel will never understand, convene a BYOD workshop and give everyone a chance to ask questions.
Make it crystal clear what IT will do with the administrative rights they have on users' devices. Let them know that the company will never use the "nuclear option" and wipe the entire device. It is important they are aware that the worst case scenario is waking up and finding their work apps and data wiped. In the post-Snowden revelations era, mobile users want to know you will never look at their private data nor will you perform backups. They now know what metadata is and you need to assuage their concerns.
Ultimately, says Nubo, mistakes are bound to occur, but employees should steer clear of installing a regime of fear. "Isn't it better when employees feel free to approach IT and say, 'I think I made a mistake with our app. How do I fix it?' Let them know they can come down from the tree and they will share their experiences and mishaps with you."