Small and medium-sized businesses – i.e., your customers – have largely embraced the concept of Bring Your Own Device (BYOD). They love the upside of having their team connected 24/7, the agility it brings to their business and the flexibility it gives their employees. However, they also know that with those rewards come some risks. Those risks make it imperative that SMBs have clear guidelines around the use of employee-owned devices, including the extent to which the company will support and manage them.
That’s much easier said than done. A lot of SMBs are struggling with creating a BYOD policy that works in the ever-changing real world, and that provides a balance between flexibility and security. In case you aren’t sure that your customers are interested in BYOD, consider this tidbit of data from an InformationWeek survey earlier this year: 68 percent of IT managers involved in mobile device management and/or security support BYOD in some form; another 20 percent are working to develop BYOD policies.
Organizations must do more than just bless the concept; they must proactively establish policies that tell users what they can and cannot do, and that describe the role IT will and will not play. And this is an opportunity for Interconnects and MSPs – if you can remove the friction from embracing BYOD for your clients, you can help them move forward and A) help their business and B) purchase your services.
With that in mind, here’s a recommended framework for your customers to craft their BYOD policy:
1. Articulate Clear Goals. It’s very helpful if your customer states why they want to deploy a BYOD strategy. This will frame the discussion and give purpose to the policy drafting.
2. Build on Existing Policy. Existing mobile and acceptable device use policy is a good starting point, but this should not be where the discussion ends.
3. Identify Eligible Users. Who’s eligible to bring their own device? Everyone? Only field teams? Lock this down.
4. Don’t Just Ask IT. BYOD is all about enabling employees to work more efficiently. So ask what will work best for them. It doesn’t mean they’ll get their way, but it’s important to have input from multiple angles to create a policy that works for everyone.
5. Don't Support Everything. Embracing BYOD doesn’t mean creating a Wild West technology environment. It should not be a case of anything goes. Counsel your customers to create boundaries around the devices they’ll support.
6. Establish Minimum Security Requirements. Employees who want to use their own devices for work should not automatically become security gaps. The employer – your customer – should establish what security and management software they will place on individual devices.
7. Determine Level of Support. This should state clearly that IT will help with any work-related issues on individual’s devices, but won’t (for example) help employees organize their music in iTunes.
8. Provide Training. Yes, every one of their employees knows how to use his phone. But that doesn’t mean he necessarily understand how to use it within the corporate environment. Training is a must.
9. Tell Them They’re Going to Have to Update the Policy. You may have noticed that things are changing. Almost assuredly, a company’s BYOD policy established in 2013 won’t be fully useful in 2015; they should know this going in.
A BYOD policy requires input from the company’s legal team, HR and IT, among others, but asking smart questions and helping to frame the conversation can be invaluable to your customers.