Bring Your Own Device (BYOD) is more than a fad. It's a movement toward a different kind of enterprise computing. BYOD requires a lot of planning and work, but businesses that embrace the change can find new efficiencies and actually increase security. Here are 10 tested tips to make your transition as smooth and productive as possible:
1. Engage Stakeholders In Discovery
The biggest benefit of BYOD is a happier, more productive workforce. But that can't happen if your workers don't support the process. To get everyone on board, start with these four steps:
- Identify Stakeholders: Create a manageable-but-representative committee of key influencers from all relevant departments. Be sure to include the CEO or a designated representative so you have buy-in and visible support from the top.
- Identify Targets: Using your committee, create and prioritize a list of necessary applications and desired use cases for personal devices.
- Take A Pulse: IT will ultimately decide which devices to support, but a quick poll of your committee (or your entire workforce, if that's possible) can identify promising places to start the evaluation.
- Work With Legal & HR: Throughout the process, you'll need to work with your Legal and Human Resources departments to build your policies, service and support agreements and other procedures. Having a representative on the committee will help you identify potential complications before they become problems.
2. Think TCO, Not ROI
BYOD will not usually show cost-savings up-front. Don't plan on offsetting development costs with hardware savings, as personal devices will typically supplement your existing work devices, rather than replace them. That also means you should think twice before offering device stipends to employees.
Properly implemented BYOD can expand your device footprint at close to zero cost. In 2010, Intel implemented a personal device program. Three years later, it supports nearly 25,000 employee-owned smartphones, eliminating unsecured devices, increasing job satisfaction, and adding nearly an hour of productivity per employee, per day, with little to no increase in IT Service Desk calls. With no net impact to Intel's ongoing costs, initial investments in a well-designed BYOD program have been well worth it.
3. Think Users, Not Devices
Traditional IT operations focus on maintaining and securing the PC device image, including the operating system, applications, data and personal settings. In a BYOD environment full of disparate devices, this strategy crumbles. On a conceptual level, the goal of a BYOD program should be a security model that follows the user across multiple device classes in a variety of situations. On a practical level, that requires a shift from securing device images to securing data, at rest and in transit.
4. Create BYOD Policies
You should enlist the help of both departments in the creation of your usage policy, which will outline safe usage practices and prohibit any behavior that could put the company at risk. This policy will inform the content of the education program detailed in Step #9.
5. Evaluate Operating Systems First, Then Devices
Giving users choices doesn't mean you have to support everything. In fact, if you're going to get the most out of your BYOD system, you shouldn't support everything.
Since devices change constantly and new form factors are continuing to emerge, beginning the selection with specific devices can be tricky and expensive. IT should first evaluate which operating systems it chooses to support, and work toward device support based on that decision. Selecting a dominant, uniform operating system (OS) environment can allow IT to leverage existing security and performance benefits. For example, most businesses use Intel-based Windows systems for their desktop and laptop systems. Extending that combination to other device types can help IT leverage existing security features (for example, Secure SMB, used by Windows 2012 and Windows 8), share common applications, and reduce support and training costs.
Within the subset of devices that support a chosen OS, IT should then select models with the most management-friendly hardware. For example, Intel Core vPro processors found in business-level laptops, Ultrabooks and other devices provide chipset-level device locking, auditing, and wiping. Embedded management features can increase security and eliminate the need to build or integrate redundant systems in software.
6. Maximize Commonalities
Commonalities provide efficiencies. Wherever possible, strive to use the smallest possible number of tools. Sharing applications, hardware and vendors will save additional costs and minimize the number of integration points in your system. In descending order, IT should look to:
- Shared Platforms: A common operating system and hardware configuration (for example, Intel-based processors running Windows 8) produces an almost identical support and maintenance case, even across multiple form factors. In situations where duplicating hardware is impossible, look for compatible systems from the same vendors, if possible. For example, a smartphone running Windows Phone 8 on an Intel Atom processor will still be able to share many of the same applications and remote management tools as Windows 8-based Ultrabooks running Intel Core processors.
- Mobile Application Management: MAM tools such as Microsoft ActiveSync can provide secure synchronization between servers and non-Windows devices, allowing users to access corporate assets through their native applications, while still enforcing your internal business and security rules. While these tools don't provide the full set of options available in a shared platform, this type of synchronization can allow participation of other device types, if necessary.
- Virtualization: With proper hardware, virtualization can provide a level playing field across many classes of devices and a number of disparate operating systems. It is not a panacea, since many form factors cannot support virtualization, and performance can suffer versus native environments, but it can be an effective method to pull other devices into the fold.
7. Address Compliance
Properly implemented BYOD can actually help businesses enhance their compliance efforts. Poorly implemented BYOD can destroy them. The key to BYOD compliance is understanding the weaknesses and exploiting the strengths of each device. For example, a smartphone's unsecured 3G or 4G connection could be considered a liability, but with properly implemented Mobile Device Management (MDM) locking down that feature and allowing access to the filesystem, the phone could be as secure as any PC on the network. Low-level hardware functionality that provides system control below the operating system layer is extremely helpful, as it allows IT to manage, wipe and potentially recover sensitive data from hardware that has fallen out of compliance or may not be properly functioning.
8. Evaluate Management And Deployment Tools
Once you've selected supported devices and platforms, you can begin building your tools. Each project will require a different blend of security controls, but at a minimum, IT should evaluate:
- Two-factor authentication
- Secure storage using encryption
- Secure policy settings and restrictions
- Secure data transmission to and from the network
- Remote wipe capabilities (where possible)
- Server-side virus protection
- Mobile Device Management (MDM) software to secure monitor, manage and support mobile devices over the network
Wherever possible, IT should leverage hardware-embedded options for greater reliability and enhanced security. For example, Intel Core vPro processors' embedded PKI tokens eliminate the need for third-party devices or software.
9. Create An Employee Education Program
Employees understand their own devices and your corporate network, but they may be unaware of how to manage the union of the two. It's important to provide initial and ongoing education on new security risks and the proper conduct required to minimize them. For example, an employee's child may use work tablets in off-hours to view videos. In this case, simple steps, such as creating user profiles on the device and avoiding password-sharing can dramatically reduce the likelihood of accidental data loss.
10. Assess Feedback
User needs and consumer hardware continue to evolve, and so should your BYOD program. You won't get everything done in your first iteration, and you'll want to engage your user committee to review hits and misses to plan Phase Two. Having everyone involved keeps everyone accountable, and it ensures that IT will be seen as a critical business partner - not a roadblock.