THE corporate world has perhaps experienced more changes in the last five years than it has the preceding two decades, due to factors ranging from global economic upheavals to disruptive technologies.
There has been a proliferation of new devices in the marketplace, including smartphones, tablets and ultra-portable laptops; a boom in wired broadband connections via fibre optic deployment as well as wireless broadband connections; and the arrival of a digitally-savvy workforce.
The last are workers who can actually be more productive with their own devices. This is because these devices are generally easier and more intuitive to use. They have become such a part of daily lives that there is a greater sense of familiarity, and this has led to a more flexible working style as to when and where people can access corporate applications, data and information.
This 'Bring Your Own Device' (BYOD) trend is becoming very popular among multinationals in Asia Pacific, with over 70% of those companies surveyed already having policies to support approved employee-owned devices, according to a recent survey by IT analyst firm Ovum.
While there is no denying this trend is taking off, the reality is that many organisations are struggling to keep pace, and are in fact finding it hard to embrace the BYOD phenomenon.
As a result, the response has ranged from creating policies that outright ban the use of BYOD, to not having any such policies, and thus, having virtually no control over the use of employee devices within the organisation.
For example, according to VMware’s Asia Pacific New Way Of Life Study 2013, 91% of the respondents said their IT staff know about workers bringing their own devices; in 2012, this figure increased to 96%. Also in the corresponding periods, 89% of respondents felt that IT departments were restricting staff from connecting to the corporate network, and this increased to 92% in 2012.
Instead of banning such devices or taking the ‘no-policy’ route, companies should look into guidelines and best practices for bringing BYOD into their organisations.
The first step any organisation should take is to realise that BYOD is not an all-or-nothing strategy, and that while most organisations can and should implement a formal BYOD policy, not everyone in the organisation needs to be part of it.
For instance, BYOD may not be appropriate for groups of people who handle highly classified information or departments, such as stock traders; or those with access to very sensitive information such as merger and acquisition plans, and legal or human resource information.
Forrester Research recommends that an organisation should consider a checklist of questions in order to assess whether certain employees should get be a BYOD programme. Some of the questions to ask are:
Whether employees are telecommuting or office-based;
How much access they have to privileged information;
What are the regulatory requirements for those employees;
Whether they have any software applications dependencies such as switching from Windows to Macs;
How technically savvy employees are, as some workers can support themselves, while others can't; and
How much employees travel, how mobile they are.
Policies that matter
Upon assessing the aforementioned criteria, the next step is to develop a coherent set of policies to guide those who would qualify for the BYOD programme (click infographic to enlarge). Policies that are developed shouldn’t be just about ‘dos and don’ts’ as every organisation must drive BYOD policies with key stakeholders in mind, as there are multiple departments that will be affected by such a deployment.
The stakeholders, which include the information technology, human resources and legal departments, need to agree on a comprehensive set of policies for administration. These policies must be driven and overseen by the highest authority in management.
Some of the issues in these policies include setting aside rules for eligibility, device and data ownership clauses; clarifying contractual obligations; general compliance and circumstances under which employees can be held accountable for a breach of contract; and how the matter or any other disputes will be processed.
From a technical standpoint, organisations would need to plan for BYOD security and device management.
Security issues that must be looked into include having the right holistic antivirus and/or anti-malware solutions that can mitigate against malware attacks as well as the hijacking of corporate data. These solutions must work hand-in-hand with enterprise mobility device management (MDM) solutions, which also incorporate mobile device management.
Some of the more important features in MDM solutions that must be included are policy-based control such as the restriction of application access to authorised users only; automatic de-provisioning upon staff resignation; and remote wipe for data and application in the event of the report of a lost or stolen device.
Additionally, there must be a way to separate corporate data from personal data, and implement automatic backup and recovery of both data and applications.
Encouraging the BYOD culture
One area that is not normally emphasised but is actually quite important in a BYOD implementation is the fact that such an environment in any organisation is ‘self-service’ in nature. Because the device is owned and operated by employees, organisations would need to establish a self-support zone within the company to enable workers to be able to support themselves in everyday, non-complex computing issues.
To accomplish this, organisations would need to think about setting up Wikis and self-service portals to help staff navigate through basic issues such as how to connect to the corporate WiFi network or install corporate software. More advanced implementation could include hosted virtual desktops, so that employees can access their applications remotely without having to worry about technicalities.
The issue of connectivity is also another important point that must be looked into. Companies must empower their BYOD employees with the ability to connect from their workplaces of choice, be it by wired fibre connections or wireless connections backed by fibre connections. This is to ensure that there is always enough bandwidth for employees to be productive.
In conjunction with this, employers should also ensure that data security is not compromised by implementing virtual private networks as the most important asset BYOD workers have is not their device but the information they possess.
At the end of the day, organisations should take baby steps in implementing BYOD, as it's unnecessary to get everybody on board, all at the same time. Some considerations to help guide you should include questions on evaluating return-on-investments, capital expenditure and security.
Finally, choose a vendor or service provider that has the right track record and expertise to help you establish policies frameworks and a workable plan of implementation.
Above all, keep the user in mind and make it easy for them to embrace a BYOD culture. By doing so, half your battle will be won.