Welcome!

Open Web Authors: Esmeralda Swartz, CloudCommons 2012, Matthew Lobas, Elizabeth White, Liz McMillan

Related Topics: SOA & WOA, Wireless, Web 2.0, Open Web, Security

SOA & WOA: Blog Feed Post

BYOD Policy for SMB

What things should you address?

In today’s economy, many businesses are looking at employees using their own mobile devices at work as a way to cut expenses.

One reason for the growing BYOD (Bring Your Own Device) trend is because many companies can’t afford to keep up with the latest updates in mobile technologies.  The devices employees own are frequently more advanced than what is available at work.  And they have taken the time to personalize the functionality of devices in a way that works best for them.  It’s no wonder that they want to use them at work.  They have become a part of who they are.

BYOD offers many benefits, but there are also many challenges and companies have to be prepared on how to handle them.   Despite the fact that most of the literature about developing BYOD policies is geared towards large corporations and enterprises, that doesn’t mean that small and mid sized businesses don’t need to have policies in place too, especially if you are giving your employees access to the company network and/or sensitive data.

Bigger companies tend to have large IT departments, so they are already “geared” up for dealing with many of the issues associated with employees using their own devices at work, and there is a lot that SMB’s can learn from them.

Who Pays for What?
It is easy to separate personal and business calls by looking at the monthly billing statement, but when it comes to data usage, it is not so easy.  We all want to trust our employees, but it is not always to tell whether data usage during business hours is for downloading work documents or for the latest Angry Birds update.

Suggestion – if an employee wants to use his personal device for work, ask to see a data usage history for the previous six months or so.  This will give you a baseline.  If you have employees who are using company mobile devices for similar job role, you can also use this as a baseline.   Establish monthly reimbursement of fees in advance so there is no confusion later.

Damage to Devices during Work
What happens if an employee’s mobile device is damaged during the course of a work related activity?  Will you be responsible for replacement?  And if you are, what happens if the employee’s device was “more advanced” than what was needed for the job and the replacement value is well over the cost of what it would have been if he were using a company device?

Considering the fact that most vendors offer volume discounts when they buy multiple phones for their employees, this is a very likely scenario that you will need to be prepared to handle.   Set a cap in advance for reimbursement and have the employee sign off on it, stating that he has made decision to use his own phone at work and accepts responsibility for additional costs.

Whatever you decide works best for you, make sure you address the issues of cost sharing and reimbursement before a problem arises. Your BYOD policy should explain exactly what charges the organization will and won’t reimburse.

Data Storage
There are several things to consider with regards to data storage, the first of which is making sure that there is a system in place for employees to keep business and personal data, documents and information stored separately on their phones.  Many models allow users to create completely separate profiles.  Talk to employees about how you want to handle this and have a plan to monitor it from time to time.

In addition to separate storage locations, you also need to have a plan in place for automatic back-up and storage of data outside of the actual device.   There are many Cloud-Based applications and data storage services to choose from.

Make sure that you have a plan for how you will handle what you will do in the event that a device that contains sensitive data is lost or stolen.  Will you wipe the entire device? Or just the “business” part?  What happens if there is cross-over?  Discuss this with your employees before it happens.

Technical Support
When your employees are using company mobile devices, you are responsible for providing in house support through your own IT department or through your chosen service provider.   Both of these scenarios give you control of making sure that troubleshooting and problem solving are handled quickly and efficiently.

How will you handle the issue of technical support if you allow employees to BYOD?  What happens if there is a problem with an employee’s phone that affects his ability to perform his duties?  Have a plan in advance before work time is lost.

Security Issues
Addressing the security issues of allowing your employees to have access to your company network with their mobile devices goes well beyond the scope of this article, but it is critical that you deal with this ahead of time.   Most people do not password-protect their devices and do not do their due diligence when they download applications.

If you do not have an in-house IT team, hire a consultant who specializes in mobile technologies to help you understand the potential security risks you face with BYOD and how you can minimize them.

As the expression goes, being forewarned is being forearmed.

For more information, you may want to check out the Bring-Your-Own-Device (BYOD) Toolkit, which was recently released by the U.S. Chief Information Officer and the Federal CIO Council.  It provides guidelines, case studies and sample polices that you can adapt to your business.

Read the original blog entry...

More Stories By Hovhannes Avoyan

Hovhannes Avoyan is the CEO of Monitis, Inc., a provider of on-demand systems management and monitoring software to 50,000 users spanning small businesses and Fortune 500 companies.

Prior to Monitis, he served as General Manager and Director of Development at prominent web portal Lycos Europe, where he grew the Lycos Armenia group from 30 people to over 200, making it the company's largest development center. Prior to Lycos, Avoyan was VP of Technology at Brience, Inc. (based in San Francisco and acquired by Syniverse), which delivered mobile internet content solutions to companies like Cisco, Ingram Micro, Washington Mutual, Wyndham Hotels , T-Mobile , and CNN. Prior to that, he served as the founder and CEO of CEDIT ltd., which was acquired by Brience. A 24 year veteran of the software industry, he also runs Sourcio cjsc, an IT consulting company and startup incubator specializing in web 2.0 products and open-source technologies.

Hovhannes is a senior lecturer at the American Univeristy of Armenia and has been a visiting lecturer at San Francisco State University. He is a graduate of Bertelsmann University.