3 steps to help IT embrace BYOD

  • BYOD programs force IT to become more flexible while managing their usage.

  • IT must develop policies for users, groups, devices, apps, and content to help meet the goals of information security and user flexibility.

Bring Your Own Device (BYOD) programs can help reduce costs and save IT from having to keep up with end-user demand for the latest devices. But BYOD programs also force IT administrators to become highly flexible, having to pivot quickly and corral un-enrolled devices that access company resources and content. For some organizations, this is a scramble, as even the smallest data leakage could have major implications. Administrators can make the BYOD transition more easily by taking a measured approach and following these three steps:

1. Develop policies for users, groups, and devices.

team collaborating

Start with basic criteria. Who will be able to participate in the BYOD program? Some organizations make BYOD company-wide; others choose to offer BYOD to certain business units or geographic regions. Will all users be able to access the same information, or will certain groups be limited in specific ways? Under what conditions and for what services will individual users be reimbursed?

IT should also consider implementing policies about who other than the employee is allowed to use the device (e.g., family members, friends, etc.) and what policies apply to those users.

 2. Develop policies for apps. 

mixed images

The first step in developing policies for applications is evaluating whether mobile device management (MDM) is enough for your organization, or if a mobile application management (MAM) initiative makes more sense. MDM allows IT to create policies that limit the use of specific applications. MAM doesn’t always mean limiting app use; instead, it can ensure consumers are using a more secure version of the app. If MAM makes sense, IT leaders should then evaluate and decide among various application security approaches such as secure container, application wrapping, or virtual desktop infrastructure (VDI).

Secure container creates a separate workspace on the mobile device where all corporate data and approved apps live, isolated from personal information that may also be stored on the device. While this approach enables administrators to easily wipe the secure container, it may offer limitations in ease of use from the end-user perspective.

Application wrapping involves injecting secure code into the application. Many MDM vendors now include app wrapping as an add-on option. This method is much easier and doesn’t require coding; however, it is not always as secure and may violate the app’s end-user license agreement or may not be supported by the app vendor. VDI allows IT administrators to enable remote access to applications without storing any data on the mobile device. It’s better suited to legacy apps and larger devices (like tablets) that can support a non-mobile optimized user interface.

3. Develop policies for content.

shaded triangles

People use mobile devices for a variety of personal and professional purposes. Before implementing BYOD programs, IT leaders should create policies about all types of device content, including content brought in by cameras, web browsers, applications, and external hardware (e.g., Bluetooth). IT should also ensure that the organization has clearly defined acceptable use policies. Different devices will have different capabilities, so IT should consider their ability to monitor and enforce content restrictions.

IT should also ensure that the organization has a clear policy about what content is wiped from a device, should the individual leave the organization or report the device as lost or stolen.

Following these three steps won’t eliminate all risk, but it will help to ensure that your BYOD program meets the goals of information security and user flexibility.


Lisa Durant is a Research Analyst at Nemertes Research. She has written this guest post for the Networking Exchange Blog.

Lisa Durant Research Analyst Nemertes Research About Lisa