Amongst the challenges before enterprises are:
Multi platform device support: The expected shift in mobile platforms further emphasize the fact that it is unlikely that a single device/ platform or operating system will be dominant. As the mobile stack grows, IT departments will be forced to adapt to and support multiple devices. This means budgets will have to grow, coverage solutions created, hidden communications costs will have to be addressed and security issues dealt with.
Corporate data security: Data security is directly linked to device security. While it is relatively easy to observe security protocols and processes for wired networks, it is complex for mobile devices. For example, if the user loses the device, data is at risk. Should an enterprise have the ability to lock such a device or delete its contents remotely? Would this be permissible for what is essentially a private device? There are additional risks – such as threats from virus attacks and lack of sufficient encryption. Network connectivity for these devices: Resource accessibility and network connectivity are perplexing issues for enterprises. Should personal mobile devices be allowed to access data, applications, mail and collaboration tools using the enterprise network, thereby posing a security risk? Should they be given access over a separate network? Bandwidth allocation and Quality of Service become critical, calling for new management tools. As an example, it is possible for IT to manually configure the wi-fi profile of a handful of mobile devices. Scaling this is difficult especially as employee numbers grow (and as employees exit) and types of devices grow. Enterprises adopting BYOD policies must think of the tools required to manage these technical challenges.
Device and usage monitoring: As the number of mobile devices that employees begin to use grows, enterprises will need to monitor device and usage. A user may have two or more devices logged into the network. Which one is personal? Which one is corporate? Device registration and monitoring using MDM tools becomes critical. In a BYOD scenario, it is important to clearly define reimbursable costs else telecom expenses could burgeon out of control.
Application access: How should BYOD users access the various applications? Should they be able to download applications on their devices or should they access applications using virtual desktops or terminal services? What is the impact on the user experience? It is therefore important to clearly segment the applications and user profiles and accordingly craft out the application access strategy.
Theft, loss, and separation policy: BYOD solutions are not just technical in nature. They involve multiple functions like HR, finance and legal. It is important to have well defined agreements with employees to address the issue of what happens to corporate data when an employee separates or loses the device.
Device break fix and level of support for users: For what types of issues should the user call the Help desk? What sort of loaner policy should the enterprise have to address downtime of these devices? What sort of warranty should these users have for their devices? What sort of informal support groups can be created in the enterprise? While the device is personal, loss of device can impact business and productivity. An enterprise must define the level of support it will offer BYOD users and the expectations that it has from the BYOD users.
Compliance expectations from users: It is difficult for an enterprise to draw the line for policies and processes around BYOD solutions. For the enterprise, productivity, real-time capabilities and security will be the main concerns; users will continue to question enterprise processes that appear to curtail personal freedom. For example, issues like how often should passwords be changed and what is a strong password will have different answers from an enterprise point of view and device owner point of view.
BYOD Adoption Best Practice
The benefits of implementing a BYOD solution outstrip the challenges. To leverage the benefits, planning a BYOD strategy and solution begins with five steps:
Establish Policies & Processes: Multiple departments are involved in the creation of policies and processes (see Figure 2). HR will need to create policies for procurement of device and reimbursement of expenses; Legal will have to ensure that there is a clear understanding with employees with regard to data wipe, compliance and data privacy; Security becomes key with device registration and the definition of baseline security policies (device certificate based authentication, encryption, secure mobile gateway, password policy etc); and the enterprise must define the devices that are covered by the BYOD policy
