Watch out for Bring Your Own Disaster
Think carefully before you let staff use their personal gadgets for work.
There was a time when people’s work-issued computers and mobile phones were far more powerful than anything they had at home. But not any more. If staff are enjoying the latest and greatest gadgets in their personal lives, it’s likely they’ll be frustrated if their workplace can’t keep up. Expect them to push for a Bring Your Own Device policy, but don’t rush into anything.
If your workplace is considering a BYOD policy, the first step is to assess which devices people want to bring to work and what they want to do with them. Chances are they’ll be keen on smartphones and tablets such as Apple’s iPhone and iPad, or perhaps Android alternatives like the Samsung Galaxy S III and Galaxy Tab.
There was a time when a BYOD policy was as simple as reimbursing staff for work calls made from their mobile phone. But these days they’ll probably want access to their work email, contacts and calendars, and perhaps even business documents and other sensitive data. Once you grant personal devices access to business resources then you obviously need to think about security.
If staff simply want to use an iPad to easily check their email, contacts and calendars then Microsoft’s Exchange and ActiveSync might be up to the task. Many businesses of all sizes run their email on Microsoft Exchange and you’ll find the latest Apple, Android and Windows Phone 7 devices should all talk to an Exchange server. Even RIM’s BlackBerry devices are starting to gain Exchange support. Meanwhile BlackBerry is adding support for Apple and Android devices with BlackBerry Mobile Fusion.
Microsoft’s Exchange and RIM’s don’t just make it easy for staff to access their email. They also make it easy for the business to manage and secure those devices. For example you can force staff to use passcodes to lock their devices, to keep the contents safe from prying eyes. Should a device be lost or stolen, it’s also easy to remotely lock it or even wipe it. This might be comforting in terms of your business security, but it’s little comfort to the staff member who just lost the family photos on their smartphone.
Other mobile security options tend to offer more flexibility, particularly if staff need access to sensitive business documents and IT systems from their handheld gadgets. Some security options create an encrypted “container” which holds documents as well as email, contacts and calendars. Should a problem arise, it’s easy to remotely wipe the secure container without wiping the entire device, so family photos aren’t lost.
The issue of remote wiping cuts to the heart of the BYOD challenge. Once staff use their own devices for work, their security problems become the business’ security problems and vice versa. This is why a successful BYOD program must rely as much on detailed policies as it does on technology. Everyone involved must agree on where the business’ responsibilities for personal devices start and end. Under what circumstances can a device be wiped? What
security precautions must staff take with their devices? Who foots the bill if a device is lost or damaged at work? How do staff keep doing their job if their personal devices are out of action?
These are the kinds of questions which you must address long before you let staff bring their personal gadgets to work, to ensure you don’t have a Bring Your Own Disaster on your hands.