More and more companies are embracing Bring Your Own Device (BYOD) as part of a Mobile Device Management Strategy (MDM) primarily as a means to save money. The cost savings can be potentially huge but what steps should you consider with regards to implementing an MDM/BYOD policy?
Here are 10 things you should think about:
- Do a cost benefit analysis of current company owned devices. Remember to include insurance and accessories. Work out your real savings.
- Bring Your Own Device does not mean you have to embrace every device! Set some guidelines. Perhaps you want to limit it to iOS and BlackBerry or iOS and Android or indeed maybe you wish to embrace the top four. Embracing MDM/BYOD does not mean anarchy rules; set a policy.
- As part of your move to an effective MDM/BYOD policy, understand how your employees prefer to work. Are many of your employees mobile? Field agents? Sales reps? On the move? Is most of their work conducted this way?
- Are all your data points accessible over mobile devices? Are they joined up? Is application access supported across all devices? Data sources need to be unified so they are accessible from one application on a mobile device; the service you choose needs to support data services that perhaps don’t even have access from the chosen mobile device. It also makes it easier to work with data from a single dashboard rather than having to install ‘n’ number of apps.
- Have a secure file sharing policy. You do not want employees using their devices and sharing data that cannot be audited. Not only does this promote data leak, but for regulated industries it can break compliance laws. Any data sharing needs to keep audit logs of all links shared, from the person who shared them to the remote IP address that downloaded the data. Password protection and time expiration on links would be idea.
- Ensure you have control of user access into corporate data. You may not own the user device but you still want to have some measures of protections about how users get access to corporate applications and corporate data. You need to be able to turn access off without compromising the user’s device. Administrators need to be able control access for any user either by device, IP address or geolocation.
- As part of your MDM User policy mandate apps that promote security, such as anti-virus/malware apps and or one that promotes the creation of separate identities and user areas for business and personal data. Don’t be shy in having a strict policy. Even though you are implementing an MDM/BYOD policy, you may still need a small selection of devices for users that will not or cannot sign up for the policy.
- Decide whether you are going to have ‘device wipe’ as part of your policy. This is one of the most contentious areas of MDM/BYOD. If you implement it, you will need to include it as part of your policy and ensure users understand the consequences. Note that all devices enable remote wipe.
- Consider your policy for un-authorised apps being used with corporate data. We have all heard of how DropBox has infiltrated enterprise IT by the back-door and is actually in use in department within companies but without official sanction by IT. You need to be able to audit un-sanctioned cloud storage uses to be audited just as other corporate data, even if the user uses the external service directly.
- Policy is key. Staff members need to fully understand and sign up for the MDM policy being introduced. It should be easy to understand and easy for the staff to get access to the resources they need from their apps. On the company side, understanding the costs savings, investment needed, and security implications is key. Implementing an MDM/BYOD policy may look attractive but it requires thought and planning to be successful.