At yesterday's MORE series webinar, we took a dive into the hottest topic in enterprise mobility: Bring Your Own Device (BYOD) programs. Whether your IT team has begun putting a BYOD plan into practice — or is looking to start from scratch — we've got you covered.
Read on for 10 steps that will make your Bring Your Own Device program successful. Remember, this is advise. The first rule of an effective BYOD program is to remember no two organizations are alike. We advise that you use these steps as a guidebook for your internal processes. If you'd like to access the slides, poll results, or on-demand recording of the webinar, all can be found in this MaaSters Center post.
Creating a comprehensive Bring Your Own Device (BYOD) policy
You should put two notions into practice when creating your BYOD policy. First, make sure your policy encapsulates your corporate standards. Second, ensure your policy offers your employees the flexibility they look to attain by bringing their own iPad, iPhone or Android to work.
Square away the following prior to implementation:
- BYOD Cost: Who will pay for the data plan? Will you implement a stipend as a carrot to get people to buy in? Or will make the end-user to pay for their own data use?
- Agree to Acceptable Use: What terms will you include in your Acceptable Usage Policy, and how will you ensure your employees read through it? Will it happen when they enroll (EULA) or will they have to opt in via a form?
- Your Industry Matters: Which devices will you support? You will have to account for factors such as Android fragmentation and any security or regulatory requirements that relate to your industry (i.e. Healthcare HIPAA compliance)
- Gatekeepers: Will you enforce passcodes? Encryption? Do you want to blacklist any applications?
- Management: What mobile device management (MDM) solution will you leverage to manage your devices?
Measuring your mobile device footprint
A poll run during our webinar, Putting Employee-owned iPhones and iPads to Work, showed 45% of participants were running Exchange ActiveSync (EAS) at their company — the primary method being used to montor their device inventory. Companies that rely solely on EAS to monitor their device inventory are at risk of having devices connect to the network that they are unaware of, known as rogue devices.
MaaS360 offers a free tool, MaaS360® ActiveSync Reporting Tool, to measure your mobile footprint. This allows you to block new devices entering the environment. When you have this tool enabled, we advise you to first identify all the devices that are connected to your network, and have them enrolled with the MDM solution. Then you can block devices attempting to connect thereafter. By taking this course of action, you can review your data and decide who needs to be managed in accordance with your policy.
Knowing your mobile footprint will help you 1) identify who needs to be enrolled to the program and 2) clean up your old devices!
Simplify user enrollment - Configure Over the Air
Once you've identified the devices you'd like to enroll, make sure you have a simple and secure mobile enrollment process that configures the devices. During enrollment, send users a simple URL. Upon clicking the link, users should be prompted with steps they'll have to follow in order to enroll. Existing users should be advised to delete their Exchange ActiveSync accounts on devices so they can start off fresh with the MDM solution. Once enrolled, devices will be auto-configured with the security settings you've set in your policy. Some will restrict access to YouTube, iCloud, the camera feature, and other functions that are out of line with your corporate mobile and BYOD policies.
Provide self-service capabilities
Self-service capabilities aren't for everyone, but when made available, can make life much easier for your end-users and the IT team. These capabilities allow users to log-on to the end-user portal and access a list of their enrolled devices. From here, they can locate their device, lock it, reset its password, or wipe it. The end-user portal also allows them to see why they're out of compliance. Giving your end-users this capability takes the pressure off your IT team and reduces the number of inquiries that can be expected when users have their phones and tablets enrolled.
Protect Personally Identifiable Information (PII)
This has been a hot issue as of late, which will come as little surprise. Personal devices come cram packed with personal information, documents, and applications that are on the phone for non-work purposes. And it should stay this way to protect privacy and security. Luckily, you can consult with your mobile device management (MDM) provider to find out how to properly address Personally Identifiable Information PII at your company. You'll need to identify your personal vs. corporate owned devices, and apply a particular policy to hide the personal information from IT administrators.
Isolate corporate data
Protecting the corporate data resting on these devices is equally as important as keeping your employees' best interests accounted for. If you're going to support BYOD, you need to be able to isolate corporate data on the phone, which includes, but is not limited to:
- Exchange ActiveSync Accounts
- Wireless settings
- VPN configuration
- Enterprise applications you've pushed down
Continuously monitor automated actions
Once you have your user-base enrolled, you must monitor the state of each device. Make sure to ask the following: is the device enrolled? Is it in compliance? Does it have any new apps? Answering these questions will allow you to make adjustments based on the data you're seeing. This information will tell you if you need to make new policies or compliance rules.
The optimum device inventory can be classified as follows:
- Proper version
- App compliant
- Not jailbroken or rooted
- Send a notification to the user with steps to be taken
- Block the device from accessing the corporate network and/or email
- Wipe the device (full wipe or selective wipe)
Manage Data Usage
Going back to one of our first suggestions, ensure you provide your employees the flexibility they are looking for when you give them the option to bring their own device to work.
You should provide an easy way to both track and be alerted on data usage. Help employees understand the benfits of using Wi-Fi whenever available. A mobile expense management (MEM) solution makes it possible to capture valuable trending information and reports that can shape usage patterns. This type of reporting enables you to learn who your users are, and what how they tend to use their devices. You can set usage policies based on specific segements that use their phones and tablets differently from the rest. Some actions you may want to take: set roaming and in-network megabit limits. Similarly, you can create threshold notifications that alert users when they are close to crossing the line.
Track the Return on Investment (ROI) of BYOD
The last tip I'll leave you with, and perhaps the most important, is to consider your incentive for implementing a BYOD program. Is this move going to help or hinder your organization? Consider the following when you compare your lineup of corporate-owned devices to the devices your employees will be bringing to work:
- Purchase cost
- Cost of a fully-subsidized data plan
- Cost to recycle devices every few years
- Cost of warranty plans
- IT time and labor (time is money!)
- Cost of a partially subsidized data plan
- Cost of a management platform
- Quantify productivity gains
- Subtract costs from above
Use the comments section below to tell us your story. What tools will you use to isolate your corporate data on personal devices? Post-BYOD implementation, what percentage of devices in your environment do you anticipate will be personal-owned? No matter where this experience takes you, make sure you keep us in the loop.