BYOD Best Practices for CIOs
Bring Your Own Devices (BYOD) is exploding all over corporations. CIOs are in the cross hairs and need to follow best practices into to manage this activity. If they do not, then they will be in the same position as CIO who stood in the way of the movement from the corporate desk top to the PC and the sharing of information on the Internet.
The world class best practices that Janco Associates proposes are:
- Implement a BYOD policy with the key users before they just do it on their own – Policies need to be more than IT rules. Rather they have to take into account issues associated with HR (employee terminations), Legal (compliance), and Security (sensitive information personal and corporate). Included in the policy should be:
- Which devices will be supported
- Data plans and expense re-imbursement
- Compliance for records management and retention
- Disaster recovery business continuity considerations
- Security for devices hacked, lost, and stolen
- Authorized and un authorized applications
- Acceptable use agreement that each user must physically sign
- Privacy of personal data and separation of corporate data
- Inventory the types of personal devices key users. If majority of the users are using Android devices instead of Apple or Microsoft support those devices first
- Have a process in place to let users enroll in your BYOD program easily. The Acceptable Use Agreement signing process should be simple with no hurdles that put too much effort on the users. The purpose of the process is so that you know what devices are being used and by whom.
- Develop internet enabled configuration which can work in a secure Wi-Fi environment. Basic configuration should include company email, contacts, and calendar(all segregated from personal one) that is configured on-line and controlled by the BYOD policy
- Let users control their own destiny within set BYOD guidelines. This should include users ability reset passwords and rules for how devices can be wiped remotely.
- Segregate corporate data from personal user data. Users should not be able to alter core corporate applications and when remote wipes occur only corporate data should be eliminated.
- Implement a secure information environment and maintain privacy rule for users’ personal information. Administrators should not be able to see personal data.
- Monitor data usage by user and device. Assuming that some of these costs are covered by the company this is a necessary step to validate authorized use only is occurring.
- Report and modify applications based on data and application usage. Validate that users are only doing what they are authorized to do with the corporate assets that they have.
- Manage your investment to meet ROI objectives. At $300 to $600 per smart phone and tablet plus the monthly access charges this is a major area of cost exposure that the CIO or responsible business manager need to manage.