It's a trying time to be an IT director tasked with navigating a company's move from corporate-liable devices to a BYOD (Bring your own Device) program. Ryan Faas of CITEworld said the recent CITE Conference and Expo had many professionals saying that BYOD could be considered more of a "people problem" than a strictly technical concern. Many users simply ignore policies that are put in place or work around them to make things better for themselves. Faas said his view that IT needs the help of HR and other corporate stakeholders to have a reasonable BYOD program has really come to light.
"In the organizations that have succeeded with consumerization initiatives, the key lesson offered during the various sessions and workshops was almost universal — IT needs to spend time with users, and understand their jobs and processes and the tools that they are choosing to use," he wrote. "IT must explain why it's deploying new tools in language that users can understand (and increasingly, users can understand many of the technical explanations in IT's own language and jargon)."
IT professionals also need to understand not only which tools are being used and desired but why they are important. There must be more collaboration between HR and IT leaders to ensure that all employees are following the correct protocol in using their devices as securely as possible.
InfoWorld's Dan Tynan wrote that those who want to use their own devices will likely do so with or without managerial consent, so proactive BYOD security steps should be taken. Tsion Gonen, chief strategy officer for security firm SafeNet, said the policy shouldn't be too complex. Start the guide out by saying is approved for office use as long as it is not jailbroken or rootkeyed, but after that the policy should just state basics. Encryption, enforcing passwords and remote wipes should all be written in and clearly communicated with employees who wish to use their own devices.
HR Daily Advisor spoke with attorney Brian Jackson, who said organizations must review (and likely update) their electronic monitoring policy. Businesses must also always figure out who will be paying for what in a BYOD system, stress that employees must welcome security controls on their devices and have penalties in place for misuse of BYOD to avoid any data leaks.
Consumerization News from SimplySecurity.com by Trend Micro.