“Give real life examples like how some malicious apps can take control/read all the user’s SMS text messages, see password information entered into a bank app, etc. People care most when they can understand it and can potentially impact their lives beyond just their job,” Vanderpool says.
Not everyone’s a believer
But many CIOs remain skeptics when it comes to supporting BYOD, fearing that the probable risks still outweigh the possible benefits. One of them is Jim Motes, vice president and CIO at Rockwell Automation.
“I'm not really a fan of BYOD phones,” Motes says. “I believe the privacy constraints will be at odds with protecting and controlling corporate intellectual property.”
“The smartphone is not just communication technology, it's a social lifeline, diary, and entertainment system,” Motes continues. “People have too much personal information stored on these systems and should be very careful about how much access they want to give their employers. Employers should avoid them completely to limit their liability should that personal information be breached and exposed.”
So how does an organization resolve these two competing forces: security and privacy concerns on one hand, versus user demand for convenience on the other?
Our sources offered the following combined tips on how to get BYOD right:
Have a thoughtful strategy
As noted, security remains a top concern for IT leaders when it comes to BYOD. It is therefore important to involve the IT security team in establishing a program from the outset. But the approach should be for the CSO to help find a solution, not reasons to not support it. The focus should be on how to best secure the data first and foremost, then the devices.
Take stock of the situation
Once you’ve set your strategy, begin with assessments of the network capacity and the security status. Issues to consider include how much vulnerability does the network have? Who is connecting to it? What devices and applications are they using?
Have a clear set of policies and expectations
You need a set policy of guidelines on what is allowed and what is not and to guide behavior of employees and users. Policies should be simple and easy to understand. Toward that end, have your employees help draft the policies to get their understanding and support up-front.
Some devices are a ‘go’ and some are a ‘no’
Third, identify the devices you wouldn’t be able to support. The program probably can’t be all things to all employees. Create an approved list of devices that IT will support, providing the employee has a valid business reason for using it. Purchase the devices at a reduced cost for employees, and put necessary safeguards on those devices. Let employees know up front to what degree you will support a particular device purchase.
Sign up for CIO Asia eNewsletters.