Why a Formal BYOD Policy Is Absolutely Essential

According to new research from tech analyst Ovum, employees are relying more heavily upon their own smartphones, tablets and laptops at work to access company data and applications. Unfortunately, an alarming number of organizations are still struggling to get a handle on this bring-your-own-device (BYOD) phenomenon.

The Ovum study shows more than half of employees are using a personal device to access company data. Approximately one-third of these devices are invisible to IT departments. 62 percent of employees who use their own devices are working for an organization that has no formal BYOD policy.

The key takeaway is that employees are using and will continue to use their own mobile devices in the workplace – with or without your knowledge or approval.

That’s because employees love BYOD. They love being able to use one set of familiar devices instead of carrying around separate devices for work and personal use. They love the flexibility of being able to work anytime, anywhere. This familiarity and flexibility can boost employee productivity and customer service. For employers, BYOD can reduce costs because they don’t have to purchase as many devices.

However, the risks of BYOD can quickly wipe out all of the advantages, especially when devices aren’t properly managed. The risk of a security breach increases. Sensitive company data is more difficult to control. Network performance is more likely to suffer. Regulatory compliance becomes more difficult to maintain.

A formal BYOD policy provides clarity and reduces risk by explaining what devices and applications are permitted, how they should and should not be used, and how access to the network will be controlled. It sets guidelines for how company data should be accessed, used and stored. Security configurations and controls and device reset and data deletion procedures should be explained. A BYOD policy also lays out the responsibilities of both the organization and its employees in adhering to this policy, how the use of personal mobile devices will be monitored without invading the user’s privacy, and the consequences for violating the policy.

Organizations must consider a number of factors when developing a BYOD policy.

Business goals. Identify the business reasons for allowing the use of personal devices, from reducing expenses and support costs to boosting employee productivity and satisfaction.
Regulatory compliance. If your industry is subject to strict compliance regulations, these requirements must be addressed and enforced in your BYOD policy.
Device requirements. Determine what devices and operating systems should be used, and how you’ll prevent noncompliant devices from accessing the network.
Support. Balance how much support your organization is capable of providing with how much support employees are likely to need.
Costs. What is the responsibility of the employee, and what is the responsibility of the organization? How and when will stipends be paid?

BYOD isn’t going anywhere, and managing a BYOD environment isn’t getting any less complicated. Let Atlantic-IT.net, your outsourced IT department, help you evaluate the technology and business impact of BYOD in order to maximize the benefits and minimize risk.