Top 10 Policy Changes IT Must Change to Deal with Employee-Owned Devices

Maribel Lopez is the CEO and mobile market strategist for Lopez Research, a market research and strategy consulting firm that specializes in communications technologies with a heavy emphasis on the disruptive nature of mobile technologies. AT&T has sponsored the following blog post.

Employee-owned devices are entering corporations at an unprecedented rate, regardless of a company’s IT policy. The growing popularity of smartphones and tablets such as the iPad means IT can’t ignore the issue any longer. IT must put in place policies and controls that allow the company to embrace employee-owned smartphones, tablets and other upcoming devices.

IT will need to revise existing policies to account for employee-owned mobile devices. While there are numerous areas in a mobile policy, the inclusion of employee-owned devices changes many sections of a company’s security and management policy. When building or revising a mobile policy, IT’s policy should include the following:

1. Who is eligible? What type of employees can access the company’s network (e.g., certain job titles, roles, etc.)? In most cases this has evolved from select roles to “everyone” if they are willing to accept and comply with the company’s security policies.

2.  What data and services can be accessed? Should the company allow employee-owned devices to access email, a subset of business applications, all mobile available applications or only business applications that are web-enabled?  Most organizations start with email but base access to other apps such as CRM (Customer Relationship Management) and ERP (Enterprise Resource Planning) on roles/departments (e.g. sales, finance, purchasing).

3.  How will apps and services be delivered?

Does the solution require a desktop client to deliver applications or will apps be downloaded from a site? Can IT push applications to the device over the air? Service providers, device manufacturers and third party software providers are now providing “enterprise app stores” to aid with the distribution of company specific apps in a secure manner.

4. What does the company pay for?

Will the company reimburse 100% of the monthly cost, a fixed stipend, and the cost of the data plan or a percentage of the voice and data plan? Each company is different but in many cases companies are allowing “bring your own device” programs where the employee is responsible for paying for both the device and any telecom expenses.

5.  Which operating systems and devices?

How many platforms will IT support (e.g., Android, iPhone OS, Blackberry, Windows Mobile, etc.)? At this time, OS support is being driven by consumer popularity. In general, firms are supporting at least 3 different operating systems.

6.  How is the device secured?

What security measures will be enforced on employee-owned devices (i.e., passwords, device encryption, remote lock, wipe, etc.)? Microsoft’s ActiveSync security policies are the first line of defense for many. However, businesses need to get serious about security. IT should be evaluating solutions that support multiple operating systems from security, networking, third-party software and telecom/managed services providers.

7.  How is the device managed?

Will the device be maintained over the air (OTA) or via syncing with a desktop or web app? Fortunately, security and device management solutions are converging, providing IT with the opportunity to buy a suite of tools or a service that can manage devices, security polices and basic application management such as OTA updates.

8.  What support is provided?

Will IT assist in the first time device set-up? Will IT provide first or second tier support? A “BYOD” policy doesn’t translate to zero support. Firms should select management tools/services that offer self-service portals to assist with employee-owned device troubleshooting and management.

9.  What are the privacy issues?

Is the employee’s data private? What is the treatment of an employees data (i.e., is it stored? How can it be used? etc.)? In the future, security solutions will allow for sandboxing or partitioning of a device to separate consumer versus corporate data. Until this type of solution is ubiquitous, firms must proceed with caution.

10.  What are the legal concerns?

Is use of a personal phone by non-exempt employees considered overtime? What is my responsibility as a corporation if I discover illegal activity? While the legal aspects vary by industry, IT must work with the firm’s legal team to understand potential exposure.

Employee-owned mobile devices provide tremendous opportunities for businesses but only if firms devise a strategy on how to manage and secure the influx of new connected workers.

Your Turn: Can you think of any other policy changes IT professional should consider when dealing with employed-owned devices? Share your comments with us below.

Networking Exchange Blog has some articles that you’ll want to reference for more information to help you:

1. IT’s possible panic attack –

2. Mobility Matures: It’s Time Your Company Treated It Like a Grown Up

Maribel Lopez CEO Lopez Research About Maribel