Are You Using "Bring Your Own Device" (BYOD)

Control. More specifically loss of control is rippling through IT departments everywhere. With tightening belts more companies are looking towards Bring Your Own Device (BYOD) as a way to cut costs. BYOD is allowing employees to use their personally owned devices to connect to and access internal corporate resources such as email, documents, databases, and intranets.

This can mean that the company no longer needs to buy corporate cellphones or laptops for each employee and assume the cost of the associated monthly voice/data plan. BYOD devices are more up-to-date as individuals typically like to have the latest and greatest devices. Another benefit is that employees tend to be happier using their own devices and not have to carry around the "corporate cellphone".

On the flip-side the strict IT and corporate acceptable use and security policies will need to be adjusted for BYOD. This will probably need to include several conversations with your general council on how it will affect compliance with PCI, HIPPA, GLBA, FINRA, etc. There may be changes to HR procedures. What needs to change when you fire an employee or when they quit? How and when do your revoke their access on their personal devices? How to you retrieve corporate information that may be stored on those devices?

Key things to remember when approaching BYOD

  1. Establish sane policies for devices accessing corporate resources
  2. Perform a Cost / Benefit / Risk Analysis
  3. Set security requirements and set minimums for access, revocation, and data retrieval
  4. Perform a limited trial

The consumerization of IT is a trend that is not going away. Establish sane policies that fit within your corporate and regulatory structure now or face the consequences. Will you be a BYOD beneficiary or victim?