Many ways to implement BYOD, each with different level and type of control
Important to understand the amount of control you’ll be giving IT over your device
IF your workplace doesn’t already have a Bring-Your-Own-Device (BYOD) programme, odds are it will soon.
According to Gartner, “Half of enterprises say they intend to move exclusively to BYOD for smartphones in 2017, eliminating their employer-supplied option.” More businesses recognise that their employees are capable of making their own choices about the technology they use.
But before you jump head first into your BYOD programme, consider a few things to help you establish the right blend of personal preference and workplace functionality.
There are several ways for a company to implement BYOD, each with a different level and type of control over employees’ mobile devices.
For this reason, it’s important to understand the amount of control you’ll be giving IT over your device, and the personal content you’ve put on it.
BYOD made simple (and sometimes painful)
The simplest way for IT to offer BYOD is just to make the company Microsoft Exchange email server available to any user on any device they want to use.
While quick and easy, many people don’t realise what they’ve actually made possible by connecting to that server.
By using the policies available in Microsoft Exchange, IT could disable your camera, require you to enter a PIN (personal identification number) code each time you use your device, or even restore your device to factory settings – and wipe all content in the process, including personal emails, contacts, photos, music and apps.
It’s highly unlikely IT would do this without a good reason, but that provides little comfort if you’ve just lost the photos from your daughter’s birthday party.
Better for you, better for IT
Many companies start with the primitive approach described above, but soon realise its limitations and proceed to mobile device management (MDM), a more sophisticated and intelligent way to enable BYOD.
In this scenario, IT tells you to download an enrollment app from one of the major app stores – for example, Apple’s AppStore or Google’s Play – and go through its process to enroll your device in the MDM solution.
This process makes several things possible and allows IT to configure your device remotely to make your BYOD life easier.
MDM also lets IT place restrictions on your device similar to those under the previous approach. IT can also perform checks to make sure your device hasn’t been tampered with, which can make it less secure for corporate content.
Often, these compliance checks are triggered automatically when you move to a specified distance with the device – which means that you have to keep location services active the whole time you’re using it.
It’s all in the interest of security and protection, and it’s a small price to pay for the freedom to use your own device, but it also means your battery may drain faster, so keep your charger handy.
Surgical security for BYOD
Mobile application management (MAM) is an increasingly popular approach to enable BYOD, whether by itself or in combination with MDM.
With MAM, company configurations and restrictions can be managed on an app-by-app basis, instead of all-or-nothing for the entire device.
For example, IT can:
Require a PIN code when accessing business apps, but not when using personal apps. Even if you use a personal PIN code, it’s likely yours is shorter than IT requires for protecting corporate assets.
Disable the camera and other functions only while you’re using business apps, while allowing you free rein any time you’re not using corporate data.
A combo approach
Some companies use both MAM and MDM together. The thinking is that MAM gives IT a way to protect corporate apps and data without putting your personal content at risk, while MDM is most useful for providing the pre-configured settings that make your life easier.
With the combo approach, IT can selectively wipe only business-related contents and settings on your device, leaving your personal stuff untouched.
If you lose your phone, IT can wipe business apps and data quickly to maintain security – but if you do end up finding it, all personal apps, email, photos, music, contacts, etc. will still be intact.
(Note: If you’ve used a business app to create personal content, such as using an IT-mandated copy of Word to write a letter, that content will be wiped along with the app, so be sure to save elsewhere).
Questions to ask IT
Now that you know how BYOD can work, here are a few questions to ask IT to determine how it’ll actually work in your organisation.
What device-wide restrictions would IT put on my device when I enroll it if they are using MDM? Would IT ever use a full-device remote wipe feature to completely reset it, or would they use a selective wipe to remove business content without touching my personal content? On an iOS device, you can check for yourself whether IT has configured location-specific services on your phone, along with other policies, by looking in settings under General>Profiles.
Will my device’s battery drain more quickly once I enroll? When you enroll, do you see the location service icon at the top of your screen – if yes, IT may be using changes in your location to trigger device compliance checks.
What corporate apps will you push to my device? If my device has limited storage, will you take up so much room there’s none left for my personal content?
What restrictions will you put on the apps I use, such as preventing cut-copy-paste or camera access? Are there useful new capabilities I’ll gain?
What feedback have you heard from other BYOD users? What is my alternative?
In all likelihood, you’ll still want to go with BYOD, but now, you know what to expect and what kinds of control you’re giving IT over your personal device – so your BYOD experience will combine convenience with peace of mind.
Brian Robison is a principal mobile technology evangelist with Citrix XenMobile, primarily responsible for helping enterprises and governments understand how to drive productivity through mobility while concurrently managing security risks and demonstrating compliance.
Citrix rolls out MDM tool that gives users choice, and no headaches for IT
BYOD: Corporate security and global users’ privacy rights
Securing enterprise mobility in Malaysia’s BYOD world
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.