With mobile technology evolving every few months, keeping up with the devices' changing role in the workplace can be tough. Even though their effectiveness is being debated , bring your own device (BYOD) programs are popping up left and right, offering employees the comfort and ease of having their personal mobile devices in the office.
"Right now in the Xigo universe, we're seeing folks carrying somewhere between three to four devices, on average," said Randy DeLorenzo, chief mobility officer at Dimension Data company Xigo. "They're mobile devices that can be in the form of a smartphone, a wireless modem, an iPad [or] a second smartphone for international travel. And we're definitely seeing the entrance of BYOD on the second, third and fourth screens. ... Particularly in healthcare, security is a huge concern around HIPAA, but they are the most stringent of all our customers – they're very interested in security, digital finger printing, and those types of things."
DeLorenzo helps outline six keys to developing a BYOD program.
1. Have MEM plan in place before implementing BYOD. MEM, or mobile expense management, software can help organizations manage devices and service plans, track monthly expenses, budget for new devices, and see real-time updates of mobile expenses, said DeLorenzo. And, according to a white paper  by MobileIron, when employees have personal visibility into their usage, they're more apt to be aware of expenses and become more responsible. "They use the device more sparingly when roaming, and they are less likely to lose it," the white paper read. "BYOD drives personal responsibility." The report added that the hidden economics of a BYOD program center not only on increased productivity, but also "managing the cost of complexity and realizing the value of more responsible employee usage."
2. Keep device choice in mind. Personal preference is the "primary catalyst" for BYOD, read the white paper, so it's important to both analyze employee preferences and take inventory of what devices they already have. "A BYOD program that doesn't support current and intended purchases will have limited appeal," said the white paper. In addition, it's essential to define a baseline of what security features a BYOD device should support, since the goal is to "include all employees' desired mobile platforms on the program, without creating security gaps or support headaches." Among other requirements, the white paper emphasized establishing clear communication to users regarding which devices are allowed or not, and why. "Going BYOD without this clarity results in users purchasing unsupported devices or becoming frustrated that the service levels they expected from IT are not available to them," it read.
3. Know that not all providers and plans will be the right fit for every organization. "Healthcare institutions should do the necessary research to understand all the various providers and plans," said DeLorenzo. "[They should] choose the one that will best support their organization's specific needs." Not to mention, he added, wireless companies are constantly changing their data and phone plans. "Plans should be reviewed on a regular basis to ensure organizations are not paying for unused services and are fully maximizing their mobile spending." According to the white paper, some organizations opt to continue paying for full service, while others move to a fixed monthly stipend for the user. "[This is] many times based on seniority level and function within the organization," it read. "However, negotiating leverage with the wireless operator can be lost if the billing model doesn't provide any consolidation."
Continued on the next page.
4. Establish a trust model. Employees use personal devices differently than corporate devices, according to the report. "For example, they download more apps. So with BYOD, devices may fall out of compliance with corporate policy more frequently, or for different reasons." Consider setting a tiered policy, the white paper advised, since ownership is now a "key dimension along which to set policy." And as a result, personal and corporate devices will each have different sets of policies for security, privacy and app distribution. Your trust model should also include defining remediation options – including notification, access control, quarantine, selective wipe – and keeping a constant eye on the security policy being instituted. "What is the impact on user experience? Will users accept that tradeoff over the long term? If the trust level of the personal device is so low that security requires extensive usage restrictions, the employee's personal mobile experience will be damaged, and neither the policy nor the BYOD program will be sustainable."
5. Anticipate future technology needs. "Companies should plan for the increase in future technology expenses, like new versions of tablets and smartphones, to ensure they stay within budget," said DeLorenzo. The Mobile Iron white paper added since an organization's device list is strongly influenced by user demand, it could change rapidly. In turn, this could require someone becoming an "expert" on device and operating system evolution, or else the program could become obsolete. "This is especially important when the program moves beyond iOS and Blackberry to operating systems with more variants." Additionally, consider developing a "light-touch certification plan" for the evaluation of future devices. "Most organizations invest in upfront certification when launching their BYOD programs," read the white paper. "However, new devices are introduced into the market every 3-6 months, so the certification process must be ongoing and continually evolving. If the process is too heavy, it will become expensive and eventually fall behind, so speed and efficiency of certification is essential."
6. Note the changes a BYOD program has with regard to corporate liability. According to the white paper, BYOD introduces a new consideration to any organization's employee actions and liability. "The device on which these actions may take place isn't the property of the company. So, the question is 'Does moving device ownership from company to employee increase or decrease corporate liability?'" It added some things to consider are defining the elements of baseline protection for enterprise data on BYOD devices, and assessing liability for personal web and app usage. "The employee's expectation is they can use their personal device however they wish," it read. "Is inappropriate use still a liability for the company, even if it doesn't affect enterprise data?"
Follow Michelle McNickle on Twitter, @Michelle_writes