Best Practices for Implementing a Bring Your Own Device (BYOD) Program


Published on

Everyone is talking about Bring Your Own Device (BYOD). This webinar explores how enterprises can embrace BYOD with the confidence offered by mobile device management solutions.

Learn more:

Published in: Technology
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Today we are going to discuss best practices to implementing a bring your own device program in your company. We have outlines 10 steps that will make your byod program successful. It looks hard right now but as we work through you will see its quite simple to follow and will serve as a guidebook for your internal processes.
  • First lets start with a few statics about byod.. We ask this survey question a lot during our webinars and here is some data regarding companies that currently are supporting a byod program.. The majority have a byod program in place or are planning to so in the next 6 to 12 months and of those that have a program, 72% do not reimburse employees for their data usage cost.
  • Following on with some forrester data, where end users were surveyed, you can see that 70% of smartphones are being selected by the user and 65% of tablets. A much smaller group are selecting it for a list or having a corporate list to select from.
  • Also to support the statistic of reimbursement, the forrester end user data also shows that 70% of users are paying for their own devices, a bit less than tables but still the majority.
  • There are a number of items to consider when creating a policy. The policy should enforce your corporate standards while allowing some flexibility for the employees personal devices. Some items to consider are:-Who should pay for the device and the service plan? Do you implement a stipend as a carrot to get people to opt into your policy or make the user pay for everything or offer a discount.-Will you have an acceptable use policy? Should the user be able to accept this your corporate usage policy during the enrollment?-What devices will you support? The fragmentation issue still exist for Android and the device selection may lie heavily on your security requirements?-Speaking of, what will you enforce? Passcode? Encrypted device? This may rule out some models of devices in terms of your BYOD Program-Of our surveyed participants from previous webinars 83% believe that active sync alone is not adequate to support all the devices, both from a policy and a management capability.-You will find you need to leverage a MDM solution to help manage the devices. Our data shows that exchange is not enough for sufficient management. From our MaaS360 data, we should 22% of all devices are tagged as personal and 86% of those are iOS.
  • Its important to understand your existing mobile footprint. You probably know roughly how many blackberries you are managing via the BES, but if you have opened up Active Sync in your environment like the 45% of our surveyed participants do, chances are you do not know. Once the active sync details are given to one user, they are known to many and once one device is allowed any device can come in. MaaS360 does have a tool to allow you to measure your mobile footprint and identify these devices in the system. As part of our MDM solution, you can also start blocking any new devices from coming into your environment. Our best practice to our customers is to first always identify the number of devices already connected, start blocking and then clean up the data to get a good understanding of who needs to be managed. The contacts we work with at our customers area always amazed at the number of devices when given visibility.
  • Once you identify the devices that need to be enrolled, having a simple enrollment process will encourage users to opt into your BYOD program. The enrollment process should be simple and secure and should configure the device at the same time. MDM providers allow the user to receive an email or text message with a short url to start the enrollment process. Some may or may not require an agent to complete the enrollment process. Instructions should be provided to existing users to identify steps they need to take to opt into the BYOD program. We do recommend existing users clear their active sync accounts so you can isolate and manage the corporate data on the device. New devices would just start fresh. After the enrollment is completed, the device can automatically be configures with your security settings. The three common items our customers are configuring are pushing the active sync settings to the device, requiring a passcode on the device and settings various device restrictions. We find that many customers just want to mimmick their blackberry policy and late adjust based on what they find.
  • Although not for every one, self service capabilities can be a big win for both the end user and the IT team. The end user can log into an end user portal and see a list of all of their devices. They can do simple everyday tasks like locking their device, resetting a forgotten password, locating a lost device and even wiping it. The user can also leverage the end user portal to understand why they may be out of compliance as compared to your security policy.
  • Personally Identifiable Information (PII)is information that can be used to identify, contact, or locate a person. Some privacy laws prevent corporations from being allowed to collect or view this data. Another item to consider is the users personal safety in the world today. PII could be exploited to plan criminal activities or even identify if a person is seeking help for a problem they may not want the world to know about. You need to understand what restrictions your business has and plan accordingly. Then consult with your MDM provider to know if you can identify a device as corporate versus personal and apply a policy to hide the location and software information.
  • Corporations are concerned about the ability to isolate and manage corporate data on the devices. If you are going to support byod, you need to be able to remove settings that you push that configure corporate data. This is known as a selective wipe, which allows you to pull settings and data off the device. This includes email, contacts and calendars, wireless settings, vpn configurations, as well as any enterprise applications or documents that were pushed to the device. If we look at some of the data from MaaS360, 86% of all wipes are done via a selective wipe.
  • After users enroll their devices, you do need to monitor the state of the device. Is the device still enrolled? Is the device compliant with your security policy? What apps are the users installing? Do you need to make any adjustments based on the data you are seeing. From here, you can analyze the data and start understanding what additional policies or compliance rules to create. Compliance rules allow you to take automated actions based on the state of the device. For example, if the user decides to jailbreak their device, you can detect that and then take an automated action. The action could be as simple as a notification to a full wipe of the device. When the user is back in compliance, the settings would automatically be restored. Its also important to have a flexible solution where you can set up custom watchlists or device groups to track important data quickly.
  • If you are paying for the mobile data plan you may want a way to track this data. If you are not paying, you may want to help the users help themselves by providing an easy way for them to track and be alerted on their current data usage. You can set roaming and in-network megabit limits and even customize the billing day and create threshold notifications based on percentage used. We also recommend educating the users on the benefits is using wi-fi when available.
  • Our last step is to track the return on investment of your byod program. You can consider some of the following comparisons, device purchase cost, data plans, it time and labor. The other item to consider is the productivity gains as your employees will be connected all the time and be inclined to do more work. Byod also often means the use of app-rich phones that can allow you to develop and manage apps for every day tasks.That concludes our 10 step process to help make your byod program a success. I think you can see its much simpler than you may have thought. Im now going to show a demo of MaaS360’s Mobile Device Management Platform to show how we can help with this using our fast and simple platform.
  • The Judges:More than 170 independent analysts, journalists, academics and subject matter experts and 16 representatives from mobile operators throughout the world participated in the judging of the 2012 awards.Judges comment:"This [MaaS360] demonstrates genuine understanding of enterprise user issues, and enables straightforward and cost-effective mobile device management.“
  • Joe to cover
  • Best Practices for Implementing a Bring Your Own Device (BYOD) Program

    1. 1. Best Practices for Implementing a BringYour Own Device (BYOD) Program Presented by Val Hetrick 1
    2. 2. Tweet about today’s webinar!@MaaS360 [Share comments, continue Q&A, suggest future topics] #MaaS360Webinar Click the link in the chat window to tweet about today’s webinar @MaaS360
    3. 3. 10 Steps to BYOD Success 1. Creating a comprehensive BYOD policy 2. Measuring your mobile footprint 3. Simplify user enrollment 4. Configure policies over the air 5. Provide self service capabilities 6. Protect personal information (PII) 7. Isolate corporate data 8. Continuously monitor automated actions 9. Manage data usage 10.Track the ROI of BYOD 3
    4. 4. Poll Question • Does your organization have a BYOD policy? – Yes – No – In progress 4
    5. 5. Some BYOD Program StatsDoes your company support a BYOD Program? Yes 32% 40% Next 6 months Next 12 months Unsure 4% No; corporate only 11% 13% If you have a BYOD plan in place, do you reimburse your employees for data usage cost? 28% Yes No 72% 5
    6. 6. Poll Question • How are BYOD costs reimbursed at your company? – Employees receive stipend – Employees submit expense reports – We do not reimburse 6
    7. 7. What are users saying about BYOD? 7
    8. 8. What are users saying about BYOD? 8
    9. 9. Poll Question • How are you managing employee-owned devices today? – Mobile device management (MDM) solution – Native email platform controls – No controls in place 9
    10. 10. Creating a Comprehensive BYOD Policy • Who’s buying? • Opt in/Acceptable Usage Policy • Which devices will you support? – What’s important? • Carrier/manufacturer? • Passcode? • Encryption (device/email)? • Email setting deployment? • Apps? • What are you security requirements? – External regulations, HIPAA – Industry vertical • Will you leverage a MDM solution to help manage these devices? – In MaaS360, 22% of all devices are tagged as personal devices – 86% of those are iOS 10
    11. 11. Poll Question • What are your biggest concerns with BYOD support? (Select all that apply) – Having visibility into all devices used for work – Securing corporate data on the device – Potential employee privacy issues – Inability to blacklist applications – Additional helpdesk support – Requests to support new device 11
    12. 12. Measuring your Mobile Footprint • Do you have ActiveSync enabled today? • Do you know how many devices are connecting today? – No ActiveSync reporting – PowerShell guru – No access to look 15% – No device level block1% ActiveSync is open (mobile devices are automatically enabled by end-user) 3% • Knowing will help 45% ActiveSync is closed (admin manually enables mobile devices) identify who needs to Auto-quarantine is enabled in Exchange be enrolled to the 2010 Use of a custom tool or PowerShell program and old device 35% Script cleaned up. We dont allow mobile devices to access Exchange 12
    13. 13. Simplify Enrollment and Configure the Device • Keep the enrollment simple and fast – Simple URL • Corporate credentials vs. passcode? – Over the Air – Notification when complete • Configure the Device – Push ActiveSync settings – Require a passcode – Set device restrictions 13
    14. 14. Provide Self Service Capabilities • An End User Portal will help cut down on the number of calls to your IT teams • Allow the user to do basic items – Lock – Reset password – Locate – Wipe • View information about compliance state – Remediate issues 14
    15. 15. Protect Personal Information (PII) • Personally Identifiable Information is a hot topic as of late – Privacy laws – Personal safety • Are you allowed or should you be allowed to?? – View location history Information – Locate a personal device – View a list of software installed for personal use 15
    16. 16. Isolate Corporate Data • Isolating and managing corporate data is the probably the biggest concern of allowing personal devices to the network – ActiveSync account – Wireless settings – VPN configuration – Enterprise apps – Documents • Selective Wipe solves this problem – Today we know that of all “wipes” of personal devices in MaaS360, 86% are selective wipes 16
    17. 17. Continuous Monitoring • It is important to monitor the state of your devices – Are they enrolled? – Are they compliant? – What apps are users installing? – Have they read the document you pushed? • Take automated actions based on state – Stay enrolled – Version control – App compliance – Encryption status – Jailbreak/root detection • Notify, Block, Selective Wipe, Full Wipe 17
    18. 18. Manage Data Usage • Help users help themselves – Provide an easy way for them to track and be alerted to their current data usage • Usage policies based on different segments – Set roaming and in-network megabit limits – Create threshold notifications – Enable/disable roaming via policy • Help them understand the benefits of using Wi- Fi where available • Reporting and trending • And, of course, proactively manage any corporate provisioned devices as well 18
    19. 19. Track the ROI of BYOD• Calculate and present on cost differential of BYOD program and IT’s impact on the bottom line – Corporate-owned model: • Device purchase cost • The cost of a fully subsidized data plan • The cost of recycling the device every few years • Warranty plans • IT time and labor managing the program – BYOD • The cost of a partially subsidized data plan (if applicable) • The cost of a management platform • Subtract eliminated costs • Increased productivity 19
    20. 20. Let’s continue the conversation!@MaaS360 [Share comments, continue Q&A, suggest future topics] #MaaS360Webinar Click the link in the chat window to tweet about today’s webinar @MaaS360
    21. 21. 2012 Global Mobile Award “Best Enterprise Mobile Service” Judged on introducing the most Who we beat: innovative mobile tools to help • MobileIron corporate users work smarter • Good Technology and do business better on • Virtela Technology the move. Other Category Winners 21
    22. 22. Questions or follow-up?Wrap-up• Upcoming Webinars ( – April 12 – Ten Mysteries of Android• Past Webinars ( – The new iPad Goes to Work – Best Practices for Testing Mobile Applications – What’s New in Ice Cream Sandwich• Plus lots of How-To content on our website – Mobile Device Management Best Practices • – Mobile Device Management Glossary •• The Q&A Continues… – Got more questions? Find us after the webinar on the MaaSters Center! • 22
    23. 23. Q&A 23