Over the past few years, I have had opportunity to meet with many organizations that are considering a strategy that will allow their employees to “Bring Your Own Device” (BYOD). Personally I think the opportunity should be “Use Any Device” – but that will be for a future discussion. Many reasons are often cited for introducing BYOD into the organization – lower Total Cost of Ownership by having employees provide their own compute device, ability to attract new talent from Universities, frustration of the never ending investment to perform upgrades and the continual testing.
More recently, the topic of BYOD has moved from the Executive suite to IT Departments. Unfortunately, most IT Departments look at BYOD as a “technology” play that will defer some expenses away from their budget to the employee. Figure 1 shows what I call “Caution” areas (Risk Management, Human Resources, Legal, Applications and Services) to consider before launching a BYOD project.
As figure 1 indicates, BYOD is a “team” effort not an IT project. Other teams in the organization need to be involved to effective address the need for new or updated policies for a successful implementation. When presenting to customers and at conferences I have started to ask the participants three simple questions.
- Who in the room is from risk management?
- Who is from Human Resources?
- Who is from the Legal Department?
Occasionally, there might be a token person from Risk Management (usually to one side of the room as IT team members are fearful they will say “No” before the question is asked). However, I have yet to present where someone from Human Resources or the Legal Department was in attendance - Yet BYOD impacts policy more than the technology!
Consider a simple question – what happens when an employee bumps a table and a notebook, owned by another employee, falls to the floor disabling the unit? The organization needs to have a set of policies so employees know precisely how to address the matter – verbal threats and fist fights are usually not acceptable! In this simple case there is a need for at least four policies
- How will the organization back up their data on an employee owned device?
- Who is responsible for replacing the unit?
- How will the user complete their assigned tasks until the notebook is replaced?
- Does organization have the right to verify credit of the employee periodically to determine if they have financial resources to purchase a device?
Of those four policies only one is really an “IT” question – how will an organization backup their data on user owned devices. The others are policies that need input from Risk Management (keep the business running), Human Resources (expected behavior in office and terms of employment) and Legal (what are the laws governing the business and employees).
I will be writing about other caution points that should be considered to effectively implement a BYOD strategy within the organization. However, I would like to hear from you (follow me on twitter @jimccooper or post a comment) based on your experiences what it takes to launch a successful BYOD program.