7 Policy Decisions that are Key to the Success of your BYOD Initiative
While you plan the technology infrastructure and apps for your enterprise mobility rollout, it’s also essential to define the right policies to ensure data security, employee privacy and good governance.
Here’s a list of the key policy questions that you should consider
1. What are the acceptable uses of the mobile device and what are the consequences of violation?
2. If the employee will be purchasing devices, mobile connections, data services etc, and then getting reimbursed by the company, it is necessary to define reimbursement policies. Approval process, authority and limits, and how these apply to personal and corporate usage.
3. Onboarding a new employee will now need to include provisioning of enterprise mobility systems, and exit formalities will probably mandate cleaning up and removal of corporate data from employees’ devices.
4. Security policies will usually be based on the employee’s role, group and location. Security policies needs to consider various scenarios, viz. what happens if an employee doesn’t accept the use policy, or what if a device is lost or stolen. There should be guidelines about how quickly employees should alert the company about the loss. Security policies also mandate how frequently compliances should be checked and severity levels of violations.
5. Protecting privacy of employees’ personal data, media and apps needs to be considered. There is a need to balance the level of privacy protection with the need for keeping corporate data secure. For example, a government department may need full access to devices and data; employee may not have any privacy here. As remotely wiping data is a basic data loss prevention strategy, it is important to define what data administrators are able to wipe; corporate only or personal too.
6. User training is very important. They need to know what’s valuable on their devices as well as what are the vulnerabilities. Though employees may be using the latest devices, don’t assume they are all tech savvy and know about things like threats through insecure networks, unintentional leaking of data, unencrypted data storage, threats through social media, malware and many other risks.
7. Explain policies and consequences of violations and have the end user license (EULA) signed by each employee before they can get enrolled into the system to start using corporate network and corporate assets.
A lot of scenarios need to be thought through while defining these policies, and once they are in place, your Enterprise Mobility Management system needs to ensure compliance to them.