SlideShare une entreprise Scribd logo
1  sur  4
Télécharger pour lire hors ligne
No BYOD Policy? Time to grasp the nettle

Chris Gabriel considers why it is that so few organisations have a BYOD policy in
place, despite allowing employees to use their own devices for corporate purposes –
and highlights a series of issues that an effective BYOD policy must take into
account.


A research whitepaper published in November by Ovum and commissioned by
Logicalis, revealed a great many interesting BYOD trends – many of which were
highlighted in a recent CXO post (BYOD Research) by Ian Cook. Perhaps the most
startling, however, was the very low proportion of ‘BYOD-ers’ who have signed
corporate BYOD policies.




                             78% of firms have no BYOD Policy




The research found that, globally, almost 60% of full-time employees partake in
some form of BYOD, but only 20% of them have signed a BYOD policy. Is that a
result of employees simply failing to sign a policy? Apparently not. A separate piece
of research recently found that 78% of firms whose employees BYOD do not have a
policy at all.
If I might indulge in the art of understatement, that seems a bit of an oversight and
something of a risk. Without a policy in place, how can an organisation exercise any
control over the blurring of lines between personal and corporate, and protect both
parties against the BYOD risks that are so well documented? Quite simply, they
can’t.


Given that the number of consumer devices in the workplace is predicted to double
by 2014, reaching 350 million, I’d suggest that correcting that oversight will, or
should, be a priority for a great many.


However, and maybe this explains why so few firms have tackled the issue to date,
putting together a BOYD policy is not necessarily straightforward. Indeed, the task
almost certainly requires collaboration between a number of business functions –
human resources, legal and, given the technical nature of the risks, IT.


In fact, I’d argue that IT has a key role to play, given that the way BYOD is enabled
will shape the risks. That is, the starting point for any BYOD policy must be quantify
what the organisation’s BYOD infrastructure enables employees to do with their own
devices when and where, how information security is protected and what can be
done if something goes wrong. That input will form a vital framework against which
legal and HR teams can shape policies according to risks, regulations and corporate
governance.


No small task, and the outcome will differ from firm to firm, industry to industry,
region to region. There are, however, a few common themes that most policies will
have in common. They include:


 1. The ‘Right to Wipe’. What happens when a device is lost, stolen or misused,
     putting the security of sensitive data at risk? A policy may stipulate that devices
     must be password protected, encrypted and locked, but may also give the
     employer the to remotely delete data when a device is compromised. Any policy
     setting out a ‘right to wipe’ should be very clear as to how much data can be
     wiped from the device and, depending on the specific BYOD approach, makes
     employees aware that personal data may be lost.
2. Employee Responsibilities. There cannot be any wriggle room when it comes
    to employee responsibilities, for instance making sure devices are compliant
    and security software is kept up-to-date. Depending on the exact approach to
    BYOD enablement, it may also be necessary to restrict BYOD access to a pre-
    defined set of smartphones or tablets – for instance those supporting corporate
    access apps or specific security protocols.
 3. Employer Responsibilities. Any effective policy must also make clear where
    the employer’s responsibilities begin and end. If an employee owned device
    malfunctions, who covers the cost of support or repair? Does the company
    wash its hands of support, or could that compromise security? Alternatively,
    some policies set out a sliding scale of support depending on job function – for
    instance, it makes sense to offer support where the helpdesk cost is outweighed
    by the potential for lost productivity.
 4. What’s allowed? This is really the crux of the matter and where the company
    can limit that blurring between ‘consumer’ device behaviour and BYOD. The
    starting point is to work out what employees should be allowed to do with their
    won devices, what data they can access, and what they cannot do – within the
    limits set out by BYOD infrastructure and security. Obvious limits will be on ‘jail-
    breaking’ devices, downloading corporate data and accessing certain websites,
    or types of websites. But there is a balance to strike, because setting too many
    limits risks putting employees off, which means missing out on the productivity
    and collaboration benefits that BYOD can deliver.

There are, of course, a whole host of other considerations. Who pays for any
additional data allowance that might be needed, and who covers device insurance?
What does the ability to access and store corporate email, files and data on personal
devices mean for processes like eDiscovery, Legal Hold and Purge?


The point is, an effective BYOD policy must be comprehensive in protecting
businesses and employees, but no so restrictive as to make BYOD practically
useless. Getting it right is a complex and time consuming task, requiring
collaboration across functions that may have conflicting views.


Maybe that explains why so many firms have yet to grasp the BYOD Policy nettle.
To see more blogs written by IT leaders, visit www.cxounplugged.com

CXO Unplugged is written by IT leaders specifically for C-level executives in the IT community, highlighting the
latest news, trends and topics in the industry. We encourage all readers to join in the conversation, sharing
opinions and experiences. With so much information vying for readers’ attention on the Web today, we know that
C-level executives need a source to filter out the news that affects them, and their peers, on a daily basis.

Contenu connexe

Tendances

A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise Security
Транслируем.бел
 
Signacure Brochure
Signacure BrochureSignacure Brochure
Signacure Brochure
Dave Lloyd
 
OC CIO Roundtable BYOD
OC CIO Roundtable BYODOC CIO Roundtable BYOD
OC CIO Roundtable BYOD
Jim Sutter
 
Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...
Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...
Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...
Tania Mushtaq
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYOD
K Singh
 
Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...
Louise Spiteri
 

Tendances (19)

[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
[Webinar Slides] Data Privacy – Learn What It Takes to Protect Your Information
 
A Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise SecurityA Business-Driven Approach to Mobile Enterprise Security
A Business-Driven Approach to Mobile Enterprise Security
 
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
IT vs. Users? How Law Firms Can Maximize Security While Granting Access to th...
 
1 p 14-0714 wearable technology part 2 blue paper
1 p 14-0714 wearable technology part 2 blue paper1 p 14-0714 wearable technology part 2 blue paper
1 p 14-0714 wearable technology part 2 blue paper
 
Signacure Brochure
Signacure BrochureSignacure Brochure
Signacure Brochure
 
OC CIO Roundtable BYOD
OC CIO Roundtable BYODOC CIO Roundtable BYOD
OC CIO Roundtable BYOD
 
Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...
Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...
Banking Law Bulletin - 3 tips for banking lawyers to avoid the stormy cloud (...
 
Ten Commandments of BYOD
Ten Commandments of BYODTen Commandments of BYOD
Ten Commandments of BYOD
 
Storage Made Easy solution to fragmented data
Storage Made Easy solution to fragmented dataStorage Made Easy solution to fragmented data
Storage Made Easy solution to fragmented data
 
The Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t knowThe Evolution of Data Privacy: 3 things you didn’t know
The Evolution of Data Privacy: 3 things you didn’t know
 
Cookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspectiveCookies and Data Protection - a Practitioner's perspective
Cookies and Data Protection - a Practitioner's perspective
 
Trustable Technology Mark: Public Launch
Trustable Technology Mark: Public LaunchTrustable Technology Mark: Public Launch
Trustable Technology Mark: Public Launch
 
Identity, Security and Healthcare
Identity, Security and HealthcareIdentity, Security and Healthcare
Identity, Security and Healthcare
 
Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)Bring Your Own Device (BYOD)
Bring Your Own Device (BYOD)
 
IAM
IAMIAM
IAM
 
Personalised Technology Stimulates Innovation in the Workplace
Personalised Technology Stimulates Innovation in the WorkplacePersonalised Technology Stimulates Innovation in the Workplace
Personalised Technology Stimulates Innovation in the Workplace
 
tibbr: Enterprise Social Redefined
tibbr: Enterprise Social Redefinedtibbr: Enterprise Social Redefined
tibbr: Enterprise Social Redefined
 
Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...Managing social software applications in the corporate and public sector envi...
Managing social software applications in the corporate and public sector envi...
 
Online terms & conditions
Online terms & conditionsOnline terms & conditions
Online terms & conditions
 

En vedette

Mp copenhagen 2012
Mp copenhagen 2012Mp copenhagen 2012
Mp copenhagen 2012
mpuech
 
Hitachi solution-profile-achieving-decisions-faster-in-oil-and-gas
Hitachi solution-profile-achieving-decisions-faster-in-oil-and-gasHitachi solution-profile-achieving-decisions-faster-in-oil-and-gas
Hitachi solution-profile-achieving-decisions-faster-in-oil-and-gas
Hitachi Vantara
 
Accellion Secure Mobile Printing
Accellion Secure Mobile PrintingAccellion Secure Mobile Printing
Accellion Secure Mobile Printing
Proofpoint
 
Hitachi high-performance-accelerates-life-sciences-research
Hitachi high-performance-accelerates-life-sciences-researchHitachi high-performance-accelerates-life-sciences-research
Hitachi high-performance-accelerates-life-sciences-research
Hitachi Vantara
 
AuthBridge Newsletter Issue 9
AuthBridge Newsletter Issue 9AuthBridge Newsletter Issue 9
AuthBridge Newsletter Issue 9
AuthBridge
 
Internet of Things Software SIG
Internet of Things Software SIGInternet of Things Software SIG
Internet of Things Software SIG
Mohammad Khatib
 

En vedette (18)

HDS Cloud Solutions Infographic
HDS Cloud Solutions Infographic HDS Cloud Solutions Infographic
HDS Cloud Solutions Infographic
 
Mp copenhagen 2012
Mp copenhagen 2012Mp copenhagen 2012
Mp copenhagen 2012
 
Hitachi solution-profile-achieving-decisions-faster-in-oil-and-gas
Hitachi solution-profile-achieving-decisions-faster-in-oil-and-gasHitachi solution-profile-achieving-decisions-faster-in-oil-and-gas
Hitachi solution-profile-achieving-decisions-faster-in-oil-and-gas
 
Accellion Secure Mobile Printing
Accellion Secure Mobile PrintingAccellion Secure Mobile Printing
Accellion Secure Mobile Printing
 
Cosac 2013 Legal Aspects of Byod
Cosac 2013 Legal Aspects of ByodCosac 2013 Legal Aspects of Byod
Cosac 2013 Legal Aspects of Byod
 
Tappaako tabletti painetun lehden?
Tappaako tabletti painetun lehden?Tappaako tabletti painetun lehden?
Tappaako tabletti painetun lehden?
 
Hitachi high-performance-accelerates-life-sciences-research
Hitachi high-performance-accelerates-life-sciences-researchHitachi high-performance-accelerates-life-sciences-research
Hitachi high-performance-accelerates-life-sciences-research
 
Neets v08-amplifiers
Neets v08-amplifiersNeets v08-amplifiers
Neets v08-amplifiers
 
Collective and participative experiences in real-world and online communities
Collective and participative experiences in real-world and online communitiesCollective and participative experiences in real-world and online communities
Collective and participative experiences in real-world and online communities
 
Gearing for Growth
Gearing for GrowthGearing for Growth
Gearing for Growth
 
Omistaja 1/2012: "Voittoa, muttei hinnalla millä hyvänsä"
Omistaja 1/2012: "Voittoa, muttei hinnalla millä hyvänsä"Omistaja 1/2012: "Voittoa, muttei hinnalla millä hyvänsä"
Omistaja 1/2012: "Voittoa, muttei hinnalla millä hyvänsä"
 
Power the Creation of Great Work Solution Profile
Power the Creation of Great Work Solution ProfilePower the Creation of Great Work Solution Profile
Power the Creation of Great Work Solution Profile
 
Step 2: Back Up Less Datasheet
Step 2: Back Up Less DatasheetStep 2: Back Up Less Datasheet
Step 2: Back Up Less Datasheet
 
AuthBridge Newsletter Issue 9
AuthBridge Newsletter Issue 9AuthBridge Newsletter Issue 9
AuthBridge Newsletter Issue 9
 
Citizen Sensor - Lift@Home Toronto - Democamp 2019
Citizen Sensor - Lift@Home Toronto - Democamp 2019Citizen Sensor - Lift@Home Toronto - Democamp 2019
Citizen Sensor - Lift@Home Toronto - Democamp 2019
 
Internet of Things Software SIG
Internet of Things Software SIGInternet of Things Software SIG
Internet of Things Software SIG
 
The need for IT to get in front of the BYOD (Bring Your Own Device) problem
The need for IT to get in front of the BYOD (Bring Your Own Device) problemThe need for IT to get in front of the BYOD (Bring Your Own Device) problem
The need for IT to get in front of the BYOD (Bring Your Own Device) problem
 
Using social technologies to engage and empower the workforce
Using social technologies to engage and empower the workforceUsing social technologies to engage and empower the workforce
Using social technologies to engage and empower the workforce
 

Similaire à No byod policy? Time to grasp the nettle

BYOD- A Productivity Catalyst
BYOD- A Productivity CatalystBYOD- A Productivity Catalyst
BYOD- A Productivity Catalyst
Packet One
 
Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]
IBM Software India
 

Similaire à No byod policy? Time to grasp the nettle (20)

BYOD- A Productivity Catalyst
BYOD- A Productivity CatalystBYOD- A Productivity Catalyst
BYOD- A Productivity Catalyst
 
Leveraging byod
Leveraging byodLeveraging byod
Leveraging byod
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for Success
 
BYOD - Highlights of "Consumerization"
BYOD - Highlights of "Consumerization"BYOD - Highlights of "Consumerization"
BYOD - Highlights of "Consumerization"
 
BYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in PakistanBYOD SCOPE: A Study of Corporate Policies in Pakistan
BYOD SCOPE: A Study of Corporate Policies in Pakistan
 
BYOD Blue Paper
BYOD Blue PaperBYOD Blue Paper
BYOD Blue Paper
 
BYOD
BYODBYOD
BYOD
 
Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidance
 
Managing BYOD in Corporate Environments
Managing BYOD in Corporate EnvironmentsManaging BYOD in Corporate Environments
Managing BYOD in Corporate Environments
 
Phil Cracknell, Head of Security & Privacy Services at Company85 - BYO A good...
Phil Cracknell, Head of Security & Privacy Services at Company85 - BYO A good...Phil Cracknell, Head of Security & Privacy Services at Company85 - BYO A good...
Phil Cracknell, Head of Security & Privacy Services at Company85 - BYO A good...
 
Ravi Namboori Equinix on BYOD Security Risks
Ravi Namboori Equinix on BYOD Security RisksRavi Namboori Equinix on BYOD Security Risks
Ravi Namboori Equinix on BYOD Security Risks
 
Navigating the new world ushered in overnight by COVID-19
Navigating the new world ushered in overnight by COVID-19Navigating the new world ushered in overnight by COVID-19
Navigating the new world ushered in overnight by COVID-19
 
Five strategies for gdpr compliance
Five strategies for gdpr complianceFive strategies for gdpr compliance
Five strategies for gdpr compliance
 
OC CIO BYOD
OC CIO BYODOC CIO BYOD
OC CIO BYOD
 
Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]Maa s360 10command_ebook-bangalore[1]
Maa s360 10command_ebook-bangalore[1]
 
Executive Summary: Considering a BYOD Infrastructure
 Executive Summary: Considering a BYOD Infrastructure Executive Summary: Considering a BYOD Infrastructure
Executive Summary: Considering a BYOD Infrastructure
 
Finding the value in byod capgemini consulting - digital transformation
Finding the value in byod   capgemini consulting - digital transformationFinding the value in byod   capgemini consulting - digital transformation
Finding the value in byod capgemini consulting - digital transformation
 
The Essential BYOD Handbook
The Essential BYOD HandbookThe Essential BYOD Handbook
The Essential BYOD Handbook
 
08 pdf show-239
08   pdf show-23908   pdf show-239
08 pdf show-239
 
BYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And BenefitsBYOD (Bring Your Own Device) Risks And Benefits
BYOD (Bring Your Own Device) Risks And Benefits
 

Plus de Logicalis

Logicalis Case Study - Verna Group Ltd.
Logicalis Case Study - Verna Group Ltd.Logicalis Case Study - Verna Group Ltd.
Logicalis Case Study - Verna Group Ltd.
Logicalis
 
Logicalis Case Study - Gamesys
Logicalis Case Study - GamesysLogicalis Case Study - Gamesys
Logicalis Case Study - Gamesys
Logicalis
 
Logicalis Annual Review2012
Logicalis Annual Review2012Logicalis Annual Review2012
Logicalis Annual Review2012
Logicalis
 
Virtualisation Overview
Virtualisation OverviewVirtualisation Overview
Virtualisation Overview
Logicalis
 
Unified Communications Overview
Unified Communications OverviewUnified Communications Overview
Unified Communications Overview
Logicalis
 
Logicalis Case Study AMEC
Logicalis Case Study AMECLogicalis Case Study AMEC
Logicalis Case Study AMEC
Logicalis
 
Data Centre Overview
Data Centre OverviewData Centre Overview
Data Centre Overview
Logicalis
 
Cloud Computing Overview
Cloud Computing OverviewCloud Computing Overview
Cloud Computing Overview
Logicalis
 
Case Study Cathay Bank
Case Study Cathay BankCase Study Cathay Bank
Case Study Cathay Bank
Logicalis
 
Case study Crown
Case study CrownCase study Crown
Case study Crown
Logicalis
 

Plus de Logicalis (20)

Logicalis Corporate Responsibility
Logicalis Corporate ResponsibilityLogicalis Corporate Responsibility
Logicalis Corporate Responsibility
 
Logicalis annual review 2013
Logicalis annual review 2013Logicalis annual review 2013
Logicalis annual review 2013
 
Hobbs case study
Hobbs case studyHobbs case study
Hobbs case study
 
Fenmarc case study
Fenmarc case studyFenmarc case study
Fenmarc case study
 
The BYOD Divide
The BYOD DivideThe BYOD Divide
The BYOD Divide
 
Logicalis Case Study - Verna Group Ltd.
Logicalis Case Study - Verna Group Ltd.Logicalis Case Study - Verna Group Ltd.
Logicalis Case Study - Verna Group Ltd.
 
Logicalis Case Study - Gamesys
Logicalis Case Study - GamesysLogicalis Case Study - Gamesys
Logicalis Case Study - Gamesys
 
Business Collaboration Conducting the Virtual Choir
Business Collaboration Conducting the Virtual ChoirBusiness Collaboration Conducting the Virtual Choir
Business Collaboration Conducting the Virtual Choir
 
Logicalis Annual Review2012
Logicalis Annual Review2012Logicalis Annual Review2012
Logicalis Annual Review2012
 
Virtualisation Overview
Virtualisation OverviewVirtualisation Overview
Virtualisation Overview
 
Unified Communications Overview
Unified Communications OverviewUnified Communications Overview
Unified Communications Overview
 
Case Study Regal Entertainment Group
Case Study Regal Entertainment GroupCase Study Regal Entertainment Group
Case Study Regal Entertainment Group
 
Case Study Mercury Marine
Case Study Mercury MarineCase Study Mercury Marine
Case Study Mercury Marine
 
Logicalis International Managed Services Capabilities
Logicalis International Managed Services CapabilitiesLogicalis International Managed Services Capabilities
Logicalis International Managed Services Capabilities
 
Logicalis Case Study American Foods Group
Logicalis Case Study American Foods GroupLogicalis Case Study American Foods Group
Logicalis Case Study American Foods Group
 
Logicalis Case Study AMEC
Logicalis Case Study AMECLogicalis Case Study AMEC
Logicalis Case Study AMEC
 
Data Centre Overview
Data Centre OverviewData Centre Overview
Data Centre Overview
 
Cloud Computing Overview
Cloud Computing OverviewCloud Computing Overview
Cloud Computing Overview
 
Case Study Cathay Bank
Case Study Cathay BankCase Study Cathay Bank
Case Study Cathay Bank
 
Case study Crown
Case study CrownCase study Crown
Case study Crown
 

Dernier

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
Enterprise Knowledge
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
Joaquim Jorge
 

Dernier (20)

Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
🐬 The future of MySQL is Postgres 🐘
🐬  The future of MySQL is Postgres   🐘🐬  The future of MySQL is Postgres   🐘
🐬 The future of MySQL is Postgres 🐘
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 

No byod policy? Time to grasp the nettle

  • 1. No BYOD Policy? Time to grasp the nettle Chris Gabriel considers why it is that so few organisations have a BYOD policy in place, despite allowing employees to use their own devices for corporate purposes – and highlights a series of issues that an effective BYOD policy must take into account. A research whitepaper published in November by Ovum and commissioned by Logicalis, revealed a great many interesting BYOD trends – many of which were highlighted in a recent CXO post (BYOD Research) by Ian Cook. Perhaps the most startling, however, was the very low proportion of ‘BYOD-ers’ who have signed corporate BYOD policies. 78% of firms have no BYOD Policy The research found that, globally, almost 60% of full-time employees partake in some form of BYOD, but only 20% of them have signed a BYOD policy. Is that a result of employees simply failing to sign a policy? Apparently not. A separate piece of research recently found that 78% of firms whose employees BYOD do not have a policy at all.
  • 2. If I might indulge in the art of understatement, that seems a bit of an oversight and something of a risk. Without a policy in place, how can an organisation exercise any control over the blurring of lines between personal and corporate, and protect both parties against the BYOD risks that are so well documented? Quite simply, they can’t. Given that the number of consumer devices in the workplace is predicted to double by 2014, reaching 350 million, I’d suggest that correcting that oversight will, or should, be a priority for a great many. However, and maybe this explains why so few firms have tackled the issue to date, putting together a BOYD policy is not necessarily straightforward. Indeed, the task almost certainly requires collaboration between a number of business functions – human resources, legal and, given the technical nature of the risks, IT. In fact, I’d argue that IT has a key role to play, given that the way BYOD is enabled will shape the risks. That is, the starting point for any BYOD policy must be quantify what the organisation’s BYOD infrastructure enables employees to do with their own devices when and where, how information security is protected and what can be done if something goes wrong. That input will form a vital framework against which legal and HR teams can shape policies according to risks, regulations and corporate governance. No small task, and the outcome will differ from firm to firm, industry to industry, region to region. There are, however, a few common themes that most policies will have in common. They include: 1. The ‘Right to Wipe’. What happens when a device is lost, stolen or misused, putting the security of sensitive data at risk? A policy may stipulate that devices must be password protected, encrypted and locked, but may also give the employer the to remotely delete data when a device is compromised. Any policy setting out a ‘right to wipe’ should be very clear as to how much data can be wiped from the device and, depending on the specific BYOD approach, makes employees aware that personal data may be lost.
  • 3. 2. Employee Responsibilities. There cannot be any wriggle room when it comes to employee responsibilities, for instance making sure devices are compliant and security software is kept up-to-date. Depending on the exact approach to BYOD enablement, it may also be necessary to restrict BYOD access to a pre- defined set of smartphones or tablets – for instance those supporting corporate access apps or specific security protocols. 3. Employer Responsibilities. Any effective policy must also make clear where the employer’s responsibilities begin and end. If an employee owned device malfunctions, who covers the cost of support or repair? Does the company wash its hands of support, or could that compromise security? Alternatively, some policies set out a sliding scale of support depending on job function – for instance, it makes sense to offer support where the helpdesk cost is outweighed by the potential for lost productivity. 4. What’s allowed? This is really the crux of the matter and where the company can limit that blurring between ‘consumer’ device behaviour and BYOD. The starting point is to work out what employees should be allowed to do with their won devices, what data they can access, and what they cannot do – within the limits set out by BYOD infrastructure and security. Obvious limits will be on ‘jail- breaking’ devices, downloading corporate data and accessing certain websites, or types of websites. But there is a balance to strike, because setting too many limits risks putting employees off, which means missing out on the productivity and collaboration benefits that BYOD can deliver. There are, of course, a whole host of other considerations. Who pays for any additional data allowance that might be needed, and who covers device insurance? What does the ability to access and store corporate email, files and data on personal devices mean for processes like eDiscovery, Legal Hold and Purge? The point is, an effective BYOD policy must be comprehensive in protecting businesses and employees, but no so restrictive as to make BYOD practically useless. Getting it right is a complex and time consuming task, requiring collaboration across functions that may have conflicting views. Maybe that explains why so many firms have yet to grasp the BYOD Policy nettle.
  • 4. To see more blogs written by IT leaders, visit www.cxounplugged.com CXO Unplugged is written by IT leaders specifically for C-level executives in the IT community, highlighting the latest news, trends and topics in the industry. We encourage all readers to join in the conversation, sharing opinions and experiences. With so much information vying for readers’ attention on the Web today, we know that C-level executives need a source to filter out the news that affects them, and their peers, on a daily basis.