There are many companies which try to resist BYOD just because of the security implications. Although I see this resistance futile, it is there to stay for some time more (I have discussed this in the first two articles: #1 Web of Things and #2 The Swift Revolution).
If you remember, in my article titled “The Corporate Face” I have taken the view from a Chief Technology Officer’s (CTO) perspective and asked the questions which the CTO will have to answer with her IT team. The questions that I asked in the article were mainly technical questions, which the majority of them that could be solved with simple procedures.
In this article, I will try to explore the gray areas of the BYOD initiative without touching security. I will try to see what additional topics should the IT departments be discussing to support the myriad of different devices which come with myriad of operating systems (and operating system versions). I will also keep the perspective of company-subsidized devices, together with the employees’ own devices.
The device is a whole discussion in itself. Which devices – the brands – will the company support. You may argue that in terms of support, it is the operating system that should be considered today, rather than the hardware vendor. Not completely true. The consumer-grade vendors act according to the consumer rather than the enterprise preferences. Consumers like to have the cutting-edge devices and can renew them yearly, even more frequent, depending on their budget. When thinking about their own budget, they do not think too much about servicing, maintenance and procurement. They also do not think about the lost/stolen devices, which they can easily cover with an insurance. These are some of the cases which the consumer and enterprise preferences do not align. In the case of company-subsidized devices, where the company has some control over the purchase of devices, the budget, lost/stolen device and the servicing issues has to be clearly discussed and laid down in procedures. Having an approved device manufacturer list is likely to assist both the corporate IT and the employees.
Of course the device selection is not constrained to what I have just talked about. If you are a company having operations outside the shiny business offices, then you need to think about ruggedized devices. iDevices, glaring notepads are simply too fragile for warehouses, construction sites, air-cooling rooms and any other places where the device will be subject to rough handling. In such areas, the company has to have thick borders with the choice of devices. If the employee drops the company-subsidized iDevice to the concrete in the warehouse, she has to bear the burden to fix it from her own budget.
There is of course the issue with the proper and professional use of the devices. In almost all companies without an exception, I have seen executives using company-issued devices personally. This includes having unsupported applications installed on notebooks, photos of family eating up the phone’s storage and the like. Reasonably, I cannot say that the employees must have a separate device for business and another one for business. Nobody, including me, will prefer to carry two devices where both can do the same thing. But there are applications to overcome this problem, which allow you to separate your work and personal life on one device (one of them is Divide). The company can force the users to have such software installed on their company-subsidized devices.
Think of these applications as virtual machines running on the devices. Business-related data – applications, user-created content, shared data – is completely isolated from the personal data (technically, such applications create an encrypted partition where the business-related data is stored and managed). They solve the problem of data ownership and application management.
Of course these discussions cannot be thought at the IT-level only. The discussions are far from the CIO level, encompassing the whole company overall, especially the B- and C-level executives. If the IT department does not have the agreement and support of these executives, then the company has more to think about than the BYOD. How will you enforce policies on your staff when your B- and C- level executives disregard them?