BYOD Should Be A Right Not A Privilege: Enabling BYOD in Your Organization

Author: Scott Montgomery, Vice President, Public Sector Solutions, McAfee

I once worked for a woman whose notion of effort and productivity was extremely succinct: “You can work a half-day every day you’re here, you just tell me which twelve you’re going to work.” With the advent of tools and services available via your employee’s mobile devices, you may find that by enabling their demands for convenience, that twelve hours is exactly how much work they’ll put in. If you are the lone voice of dissent, shouting to anyone who will listen about the dangers of mobile platforms, you’re going to be buried alive by your management and consumer demand. In a 2012 survey of approximately 4,000 young worldwide workers, a staggering 50% called Bring Your Own Device (BYOD) a right rather than a privilege.

Below are a few ways you can start preparing your organization for the inevitable.

Knowledgably Reduce Your Surface Area
Achieving nirvana is not possible – you can’t support every device, manufacturer, carrier, and operating system, nor should you try to initially. You may want to empower your work force to utilize their purchased devices, but it shouldn’t be at any cost. Determine what you’re comfortable with from the standpoint of effort and risk – even if initially it’s only one specific device like one financial services firm recently did. Communicate your thinking to the workforce and solicit feedback. Rinse. Repeat.

Make Some Decisions and Document Them
Except for laptops, the mobile productivity space is still wildly immature. If you simply allow people to do whatever they want, you’ll quickly be living in a Gunfight at the OK Corral more than creating an effective mobile productivity policy. Determine exactly what organizational data, applications, and services that you’ll make available to BYOD employees first. Document what you picked and why. Communicate your thinking to the workforce and solicit feedback. Rinse. Repeat. Determine what risks are incurred by the communication vectors the BYO device will utilize (Bluetooth, browser, app, thin client) and then look to experts to help mitigate those risks cost-effectively. It is essential to ensure you have secured the data that will remain on the device when it leaves your network’s control.

Make Your Lawyers Speak English
Your work force’s literacy level will quickly drop to roughly the equivalent of the world’s population in 1940 when asked to read and understand a BYOD agreement. Perform training in plain English so that everyone (employees, HR, legal, IT) understands that the organization’s data on the BYO device is subject to protection by the organization. Let’s be clear – what this means is utilizing the employee’s purchased carrier services to make changes to the device, it’s underlying operating system, and potentially the apps and data, up to and including accidental loss of employee personal information. If the employee can’t buy into the additional risks for the BYOD reward, then they can’t access the organization’s BYO services.

By starting slowly, carefully documenting steps, and involving the work force in the process, you can get to the safe, productive BYO environment that your employees demand.

About the author: Scott Montgomery has been with McAfee since Fall of 2008. At McAfee, Scott runs worldwide government certification efforts, and works with the public sector teams and customers worldwide to design solutions to information security and privacy challenges using McAfee’s products and services or one of the more than 100 companies integrated with McAfee technology.