Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

BYOD 6 Essentials for Success


Published on

With more than 500,000 devices under management, DMI is tackling BYOD challenges for some of the world's largest and most successful companies.

And our services deliver real ROI--saving many of our clients 20% compared to internal management and support costs.

Now we've distilled 9 years of BYOD best practices into a white paper you can download. The paper lays out the critical policy, technology, security and governance issues you need to consider if you’re going to securely manage employee-owned devices.

We offer a full line of Managed Mobility Services: BYOD, MDM, Mobile Helpdesk, Mobile App Development, Mobile Strategy, Security and much more. Please let us know if you'd like to learn more about them on the download form.

Published in: Technology
  • Be the first to comment

BYOD 6 Essentials for Success

  1. 1. BYOD:SIX ESSENTIALSFOR SUCCESSThe BYOD (Bring Your Own Device) consumerization of IT is here to stay. The allure of incrediblypowerful, easy-to-use handheld devices, constant global connectivity, and an app for everythinghave given rise to a stunning consumer-driven transformation of the IT landscape. According toIDC, 56% of the business smartphones shipped in 2013 will be employee-owned.1 By 2016, up to85% of enterprise employees worldwide will be using smartphones or tablets—as high as 95% atmany large corporations.2But as thousands of unmanaged devices connect to networks, CIOs are losing sleep, and ITorganizations are struggling to catch up. In the “old world” of laptop PCs, it was already difficult forIT to safeguard networks, keep track of corporate data and protect it from loss or theft—even withnear total control of procurement, provisioning and security for PCs. With the BYOD phenomenon,employees are making their own purchasing and provisioning decisions without concern for securityor support. Without enhanced protection, these devices are less secure than PCs, and their smallform factor makes them particularly susceptible to loss and theft.This paper outlines 6 essential factors that must be considered to create a successful enterprise-wide BYOD strategy and policy. It outlines several key issues that must be addressed to arrive atsecure, usable, manageable mobile solutions. This is much more than a technology challenge.Business policy, legal policy, management and governance are all involved, along with technologyselection and deployment. BYOD solutions will vary widely from organization to organization, butthe issues that all enterprises must address are outlined here.1 IDC Research, November 20112 ABI Research, “Enterprise Mobility Management Services for Smartphones and Media Tablets,” October 2011DMI WHITE PAPER 1
  2. 2. BYOD: Six Essentials for SuccessEssential 1:Understand Your Current Environment andBusiness RequirementsSuccessful execution of a BYOD strategy requires the development of a comprehensive frameworkof policies to cover the business, legal, technical and governance issues that arise when integratingemployee-owned devices into the enterprise. But these policies cannot be developed without aclear assessment of the current environment and a roadmap for future requirements. Gatheringinformation from management and directly surveying users will help build a meaningful picture ofthe current environment and guide the development of BYOD and broader mobile device policies.A few key questions include: What is a company’s goal for implementing a BYOD policy? It is employee satisfaction, flexibility, cost savings, or some other objective? What distinct segments of mobile users can be identified in the organization? What information and applications need to be accessed by each of those segments? What levels of security will need to be applied to this information? What are the data usage requirements of each user segment? What travel requirements and other environmental factors need to be considered?These questions only scratch the surface of the information needed to develop a usefulunderstanding of the current environment, but they offer a glance at the sort of picture that needsto be painted in order to develop policies that map to real business requirements.Once an understanding of the current environment and future requirements is developed, it’s timeto draft the policies that will govern the introduction and use of employee-owned devices withinthe organization.DMI WHITE PAPER 2
  3. 3. BYOD: Six Essentials for SuccessEssential 2:Build a Business Policy FrameworkArmed with an understanding of user and security requirements, a policy framework can be draftedto address the following business policy questions:SOURCING: Can employees purchase devices anywhere or just from preferred vendors? Thispolicy may well vary based on user segment and location, with varying data usage needs, travel,environmental, security and other requirements factored in. Executives might be encouraged orrequired to purchase from one set of devices, sales from different set, and mobile service personnelfrom yet another.SUPPORTING DEVICES: This is one of the most important but often overlooked aspects of a BYODpolicy. It’s unrealistic to expect your IT team to support every device that could be purchasedby employees. IT will need to determine which devices it is willing to support. It may be that atiered structure is called for—no support for “not-allowed” devices, limited support for “alloweddevices,” and a higher level of support for “recommended” devices.GEO-FENCING: It may be that security or data use requirements necessitate policies to governdevice use within predefined geographical areas. Everything might be allowable in your nativeregion, but in other areas restrictions might apply that govern data usage levels, data access levels,or both.BANDWIDTH THROTTLING: For corporate-sponsored data plans, will bandwidth be limited to apredetermined level for various user segments? What happens when limits are met? Is data cut off?Is the employee required to secure special approval or to pay for data use beyond a certain limit?Which policies apply to which user segments? There could be exceptions to policies, for examplepolicies for employees who are travelling internationally might be different from domestic policies.BUSINESS SUPPORT VS. PERSONAL SUPPORT: For an employee-owned device that accessespersonal data and applications as well as business data and applications, how far will IT supportextend? Will the organization support all calls from the employee about the device? Whatconstitutes a personal support issue vs. a corporate support issue? Does the policy vary by usersegment?DEVICE LOSS: If an employee-owned device is lost, stolen or broken while being used for business,what’s the policy? Can data be wiped from the device? How much control does IT have? Can theytry to locate the device? How do you tread the fine line between privacy and security? And foremployee-owned devices, what’s the policy for replacement or repair? Many companies view BYODas a cost-saving initiative but based on how these questions are answered it may actually increasecosts.REIMBURSEMENT: How will employees be reimbursed for devices and/or data plans? A broadrange of options exist, from total coverage of devices and unlimited data, to reimbursingemployees for data expenses up to a certain preset level. Do employees submit a reimbursementfor their expenses or do they get a fixed amount/allowance? What happens when employeesexceed the data plan? Once again, different policies are likely to apply to different user segments.DMI WHITE PAPER 3
  4. 4. BYOD: Six Essentials for SuccessEssential 3:Build a Legal Policy FrameworkThe introduction of employee-owned devices into the enterprise environment, and the presenceof enterprise data on personal devices, will immediately give rise to legal issues. Policies must beoutlined in advance to avoid costly mistakes.RESPONSIBILITIES: Does an employee using a device with corporate apps and data have a certainresponsibility to protect the device? What if reasonable or required precautions are not taken toprotect the device? What if they are but information is still compromised?RIGHTS: What rights does the employee have to protect his/her private data? What rights doesthe organization have to protect its data? What if a disgruntled employee leaves the company witha device that contains—or may contain—sensitive corporate information? What actions can thecompany take to protect itself? Can an organization delete information and applications housedwithin a secure corporate container at any time without notice? The legal rights of employeesand organizations differ from country to country and have to be customized to meet applicableregulatory and privacy requirements.LIABILITY: Is the company liable if some action on its part results in exposure or loss of privatedata? Is the employee liable if corporate information is lost? What if the employee is followingthe required security policy, like password protecting the device? Does that remove liability? Ina different vein, is the company liable if the employee uses his/her device for illegal/unethicalpractices in personal time?DMI WHITE PAPER 4
  5. 5. BYOD: Six Essentials for SuccessEssential 4:Build a Security and Technical Policy FrameworkTechnical issues abound for BYOD implementations. As is the case for business and legal policies,no single approach is best for all organizations, environments and users. Regardless of your specificbusiness characteristics, the following issues should be considered in light of user segmentationand business and security requirements.DEVICE ACQUISITION: When employees purchase new devices, technical considerations mayinfluence policy for device acquisition. Specific hardware or operating system requirements mayfavor the purchase of particular devices, may influence the selection of a particular vendor, ormay require a particular vendor to supply devices that have already been provisioned to yourorganization’s specifications.SECURITY: One of the most challenging technical issues in BYOD is balancing security and risk.A successful IT strategy for BYOD security might involve applying different security policies andtechnologies to different user segments. IT security requirements for a typical employee accessinge-mail could reasonably be lower than those for an executive accessing sensitive enterprise data.Applying the same security policy to both user segments could be unwieldy and expensive. At thesame time, however, applying multiple policies and technologies can be complicated and must becarefully coordinated by IT.A broad range of security technologies can be applied as needed: physical device security; securecontainers and sandboxes to isolate sensitive data and applications; solutions to protect data atrest and data in transit; solutions to safeguard network connectivity. An in-depth discussion of thesetechnologies is beyond the scope of this white paper. The point is that these technologies andsolutions will need to be mapped to specific user segment security requirements.SPECTRUM OF MOBILE DEVICE SECURITY OPTIONS SECURITY REQUIREMENTS BY SEGMENTThis concept is represented in the accompanyingspider chart. Each user segment is likely to have adistinct security requirements map. One segmentmay have a high requirement for secure email andproductivity tools while another may need secureaccess to a set of custom apps. All might need a certainlevel of security applied to the mobile device itself.Technologies deployed—and associated costs—willapply accordingly.DMI WHITE PAPER 5
  6. 6. BYOD: Six Essentials for SuccessDEVICE PARTITIONS: This user segment-based approach maps well to the use of device partitionsand personas to support flexible application of security privileges. A growing number of devicesare designed to support multiple user personas. Secure containers can also be used to isolatethe data and applications associated with each persona, simplifying the assignment and ongoingmaintenance of user access controls.APPLICATION MANAGEMENT AND DEVELOPMENT STANDARDS: Management policies needto be established to ensure the right level of control on each app based on its sensitivity and use.Access to certain apps and data could be blocked if they are not relevant to a certain role. Perhapsan individual app should be geo-fenced rather that the device? What about time-fencing apps sothey are not used outside business hours?To support the user segmentation-based security andprovisioning model, application development standards willneed to be developed. Securing email is relatively easy. Butto secure mobile apps and data at rest and in transit, appsshould be developed to fit into a more scalable and secureapp model.One approach is to create a container on the user’s devicewhich functions as a shield around the data and apps whichreside within it. A composite app resides in that container,and a set of granular apps sit inside the composite app.When a user is provisioned, they are granted access to theappropriate container(s) and composite app(s) based on theuser’s persona. If the container is secure, the apps and dataare secure. The standards and architecture implementedwill impact app distribution, employee-owned devicemanagement and security management.This container/composite app model can greatly simplify app provisioning and maintenance. Butthe standards for app development need to be established up front to ensure that the full range ofenterprise apps is consistent with the model.DATA ACCESS: Data access policies will also need to be established. This is true for both company-owned and employee-owned devices, but employee ownership introduces an added layer ofcomplexity and need for governance. Key questions that will need to be addressed are: Will thecompany offer corporate WiFi access to supplement the broadband access being purchasedfrom a telco? While this may be practical for many organizations, physical layouts, geographicaldistribution and building structural issues may drive different decisions. What level of broadbandaccess is the company willing to pay for, and what are the bandwidth requirements of the differentuser segments? Is 3G adequate? Is 4G necessary? For which users?DMI WHITE PAPER 6
  7. 7. BYOD: Six Essentials for SuccessEssential 5:Build a Plan for Successful Policy ImplementationEmployee ownership of devices introduces a unique set of challenges and requirements when itcomes to policy implementation:SELF-PROVISIONING: The most obvious challenge with employee-owned devices is that thecompany doesn’t typically have access to the device. So, mechanisms must be set up to enableemployee-owned phones, tablets and other devices to be provisioned by the users themselves.USER PROFILES: A solution must be in place to link individual employees with their user profiles—probably based on an AD/LDAP access control system and set of policies around individualmembership in groups and group access to various data and apps.AUTO-CERTIFICATION: With employees connecting to the network and provisioning their owndevices, the technology and process for automatically certifying that the device has a containerneeds to be established. Further, the company needs to be able to ascertain that the device isconnected through the container.EMPLOYEE SELF SERVICE: Since organizations cannot typically take possession of employee-owned devices, it is essential that employees can provision and service devices through a “singleself-service window.” Device and data plan management, usage tracking, and access to corporateapplications that are authorized for individual personas all should be included. Without simple,integrated, single-window service, employees may wind up frustrated and unhappy, while IT isbogged down in an overwhelming stream of support calls.TELEWORKING: An organization’s virtual desktop and unified communication strategy shouldextend to mobile devices. In fact, mobile devices, particularly those with larger form factors,provide a logical setting for enabling teleworking. A comprehensive BYOD strategy and policyshould encompass teleworking as well.Essential 6:Provide for Ongoing Governance to Maintain andEvolve Your BYOD PolicyAs with any new initiative of this magnitude, a BYOD policy must evolve as new factors andconsiderations emerge. To do so, a governance model is necessary – one that measures andmonitors key factors such as cost, security breaches, lost phones, jailbreaks, etc. The definitionof a BYOD governance model is beyond the scope of this paper, but suffice it to say that a BYODstrategy and policy is only as effective as the measures that are implemented through agovernance model.DMI WHITE PAPER 7
  8. 8. BYOD: Six Essentials for SuccessConclusionHarnessing the power of employee-owned devices can deliver tremendous advantages to theorganizations that do it successfully. Keys to success include establishing a solid foundationalunderstanding of the current environment; developing a clear set of business, legal, and technicalpolicies; executing a well-defined implementation plan; and providing for ongoing governanceand evolution of policies. Experienced enterprise mobility management service providers who havesuccessfully guided organizations through the creation of BYOD programs can offer vital assistancein the process, anticipating challenges and opportunities, and avoiding costly missteps. The BYODopportunity is here. The right partner and planning can help you seize it.DMI and Successful BYOD ManagementDMI is the world’s leading provider of enterprise mobility services and solutions. We have beenproviding Managed Mobility Services for the past 9 years to a growing set of commercial andgovernment customers.Our comprehensive Managed Mobility Services portfolio includes: Mobile Strategy Consulting 24 x 7 Mobile Help Desk 24 x 7 Mobile Device and Solution Management Service Mobile Device Logistics MDM Solution Implementation, Upgrades, Health checks and Assessments Mobility Solution TrainingWe partner with the leading software and hardware vendors in the industry. Our partnershipsinclude MDM vendors such as MobileIron, AirWatch, Fixmo, Good Platform, BlackBerry UDS/BDS/BES, as well as platform and hardware vendors such as Apple, Samsung, Google and Microsoft.We also build enterprise class mobile solutions that generate results for the world’s top brandsand businesses. Our mobile solutions combine the award-winning user experience design that hasmade us one of the top creators of consumer apps, with the deep middleware and engineeringexpertise that we’ve used to build and manage enterprise applications for the most demandingIT departments in the world. DMI mobility solutions improve business processes, tap new revenuestreams, build customer loyalty, and increase employee productivity.DMI WHITE PAPER 8
  9. 9. BYOD: Six Essentials for SuccessThe Proof: We have 500,000 devices under management for more than 100 clients, including many Fortune 500 companies—like BP, Johnson & Johnson, Sears, The Associated Press, Allergan, and more. At BP, we’re deploying 1,000 managed mobile devices each day. We provide 24 x 7 x 365 mobile service support for more than 500,000 users. DMI is the one call our customers need to make to resolve any issue—devices, apps, infrastructure, and even carrier problems. We offer a full range of security options that include Federal-grade hardware-based security, two-factor authentication, secure container, and sophisticated encryption solutions. With our expertise and economies of scale, we can provide mobility management at a higher service level and on average 20% lower cost than most companies can do on their own. Pervasive excellence is our commitment to quality service. We’ve built more than 400 mobile apps—in the past 12 months alone—for more than 150 leading organizations—like Disney, Coca-Cola, Toyota, Vodafone, P&G, The National Guard, and Universal Studios. We offer brilliant creative and user experience: Our mobile app development group was named the Best Branded App Developer at the 2012 Mobile Entertainment Awards. We are a Google Platform partner and Apple Consultant. DMI is one of only a handful of companies that is CMMI L3 appraised for both application development and services, as well as ISO 9001:2008, ISO 27001:2005, and ISO 20000-1:2011 certified. Our average D&B Open Ratings performance score from our clients is 94/100.Contact DMI today to learn how our Managed Mobility Services can deliverworry-free security, easy management, and reduced costs for your enterprise.DMI DMI Sales TeamOne Rock Spring Plaza U.S. Sales: 855.963.20996550 Rock Spring Dr Intn’l Sales: 240.200.5848Bethesda, MD 20817©2013 Digital Management, Inc. All right reserved.DMI WHITE PAPER 9