Transcript
BYOD Model
Q1. What is BYOD Model?
Ans. Bring your own device (BYOD)—also called bring your own technology (BYOT), bring
your own phone (BYOP), and bring your own PC (BYOPC)—refers to the policy of permitting
employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their
workplace, and to use those devices to access privileged company information and applications.
The phenomenon is commonly referred to as IT consumerization. The term is also used to
describe the same practice applied to students using personally owned devices in education
settings.
Q2.
What are the benefits of BYOD Model for employees and organizations?
Ans. A major driver of BYOD is the productivity advantage resulting from improved
employee satisfaction and worker mobility, as well as lower costs of technology adoption and
refresh. Other benefits include:
Increased productivity and employee satisfaction: BYOD provides the flexibility
that employees seek to respond instantly to work requests outside of work hours, thus
reducing process times and improving operational efficiency. In addition, employees
report higher satisfaction levels with such flexible work arrangements and the freedom
to use their devices of choice.
Attracting, retaining and supporting new talent: Expected to soon become the
largest segment of the workforce, many millennials openly seek environments that
allow them the freedom to use tools and technologies native to their upbringing and
customized to their work and life preferences.
Lower IT procurement, support costs: BYOD promises considerable cost savings if
employees are willing to bear the cost of purchasing, maintaining and upgrading the
devices they use for work. Though BYOD necessitates a one-time, upfront investment
to create the support infrastructure, it can result in lower total cost of ownership in the
long run.
Improved collaboration: Employee-owned devices equipped with enhanced mobile
services allow employees to collaborate in real time and finish their tasks efficiently by
responding quickly. With virtualization, ubiquitous connectivity, anywhere access to
corporate data, and innovative mobile apps, the opportunities for collaborative ways of
working have grown immensely.
Transforming the workplace: The combination of managed personal devices and
cloud computing with desktop and application virtualization can help organizations
enable secure access to key corporate resources anytime and anywhere for their
employees. The confluence of cloud, virtualization and mobility is transforming the
way employees work today, allowing them to be creative and innovative in ways
previously unobtainable.
Q3.
What are the implementation challenges of BYOD Model?
Ans. Without a doubt, the proliferation of myriad smart mobile devices createscomplexities
that are overwhelming many organizations. With limited control over and vast choice of mobility
devices, today’s organizations face considerablechallenges in protecting data, ensuring security,
providing support, meetingcompliance regulations and lowering IT costs to manage a BYOD
environment.
Protecting Data: Compared with most corporate hardware resources, employee-owned
devices are more prone to theft and loss because of their size, perceived value and
portability. For organizations, tracking lost personal devices and wiping sensitive
corporate data stored on them is a major challenge.
Security: The heterogeneity in the device landscape makes it challenging to develop and
implement appropriate security measures. In addition, their advanced features — such as
high-resolution cameras, recording functions and large storage capacity — can
circumvent many traditional IT security measures. The possibility of employees
inadvertently exposing their devices to malicious attacks while using them outside work
is a serious risk. For organizations operating in regulated environments bound by
compliance mandates, ensuring security for corporate resources while allowing BYOD
can be a tightrope walk.
Support: Providing support for the numerous devices used by employees — while
offering the potential for significant reductions in overall support costs — is a major
implementation challenge. IT departments may be overwhelmed if they lack the
appropriate resources to implement the changes necessary to support BYOD.
BYOD costs: The potential to save money depends on how well organizations
understand and manage the required expenditure. Companies run the risk of unnecessary
BYOD outlays, such as reimbursing employees’ mobile expenses, processing related
expense reports, investing in solutions to support heterogeneous devices and customizing
apps to run on those platforms.
Compliance requirements: Compliance mandates such as HIPAA,3 PCI DSS4 and
GLBA5 are particular about safeguarding data, regardless of the device on which data is
stored. Organizations are subject to heavy fines in the event of data breaches. Given
device heterogeneity and the scant regard today’s workforce seems to have for IT
policies, the cost of staying compliant, addressing risk and establishing proper
governance can be daunting.
Q4.
How can the BYOD Barriers overcome?
Ans. Yet the benefits afforded by BYOD make it worth proactively pursuing. To support the
myriad devices, configurations and applications, organizations need to have a robust and scalable
infrastructure. Additionally, it requires support staff, especially IT expertise, to acquire the
appropriate skills to manage this new environment and infrastructure.
A platform- and OS-agnostic BYOD infrastructure will provide controls to limit security
breaches, as well as minimize organization support and management of employee-owned
devices. By deploying the right combination of MDM, MAM and MADP solutions,
organizations can secure and quickly update business apps on employee devices, as well as
perform compliance reporting. It can also provide IT departments some degree of visibility and
control over the devices and apps used by employees.
Q5.
What Infrastructure Provisioning required for implementing BYOD Model?
Ans. Managing the complexity of a BYOD environment requires organizations to intelligently
provision the infrastructure and access to corporate resources.
Virtualization: Providing access to corporate data and enterprise applications from a
centralized location gives IT greater control over safeguarding enterprise resources
regardless of the devices in use. In this way, virtualization accommodates the diverse
devices used at work and eliminates the IT and business costs of customizing apps and
creating access mechanisms.
Containerization: This approach separates corporate data into secure “container”
structures on devices and allows organizations full control over them. By using either a
self-contained, secured application and data construct or a completely separate mobile OS
via a hypervisor, organizations can isolate or contain corporate data on personal devices.
With the hypervisor, multiple instances of an operating system can be run on a single
device, essentially creating virtual devices. This way, organizations can completely
isolate the OS and partition the portion used for corporate applications and data from the
one used for personal purposes. With the self-contained construct, applications and data
are run in a separate memory space on the device. Access to this information is secured
via additional authentications and can be selectively removed in the case of device loss or
employee retirement.
These containerization methods allow IT departments to manage and monitor the
corporate applications and data effectively and securely without impinging on the
personal data on employees’ devices.
Encryption: This provides a strong layer of security for devices, applications and data. It
also makes it difficult for anyone to view and obtain data from lost devices without the
encryption key.
BYOD in phases: Embracing a limited BYOD model is key to handling the complexity
that personal devices introduce. Carefully evaluating the requirements of employees
based on their roles and limiting device support will help IT departments gain some
control over management and security challenges. Allowing only secure and compliant
personal devices for work can help organizations alleviate their concerns over security,
support issues and costs so they can create an infrastructure to accommodate them.
Q6. Explain about the complete strategy required to implement BYOD Model in an
organization? Also suggest an effective policy required for the implementation of this
Model.
Ans. Deciding on a BYOD implementation path can be challenging for many organizations.
The BYOD journey should begin with the understanding that the strategy needs to be allinclusive and balance the risks and rewards for employees and employers.
Strategy
Essential to the formulation of a BYOD strategy is understanding employee roles and how they
relate to the use of mobile devices at work. Organizations should group users into broad
categories that consider the kind of work they do on a daily basis and the necessary IT
requirements to support them. Ideally, BYOD should be rolled out only to qualifying employees.
The strategy should factor in the nature of thebusiness and industry in which an organization
operates to identify how it can stay compliant, especially on data security/privacy and usage
mandates. It should alsospecify the kind of device configurations, preferred vendors and brands
thatsupport the organization’s business needs.
An important consideration is balancing enablement with control. This will require organizations
to decide on the proper application of MDM, MAM and MADP solutions and whether these
should be managed in-house or contracted out to vendors. The transition to BYOD should start
only after an organization assesses the net benefits it expects to realize from the initiative.
Another key element is the cost BYOD entails in setting up new infrastructure and ensuring
support for diverse technologies in a non-standard environment. Organizations should also
determine the liability they are willing to assume, as well as the tax and legal implications of
allowing BYOD, especially when reimbursing employee expenses.
To support BYOD, organizations also need to prepare enterprise applications to work with the
allowed set of personal devices, which entails customizing, developing and updating applications
to work with personal devices. Support is another critical aspect, as employees need anytime,
anywhere access to either live agents or self-help tools. A mix of sourcing, automation and
strong technical customer support is essential to a robust BYOD support model. A successful
strategy will ensure that IT and the business units agree on how to approach the BYOD program.
Companies should consider a middle path between the two extremes of the complete freedom
that employees desire and the full control that organizations seek over personal device work
usage. A flexible and scalable strategy will better accommodate the growing demand for BYOD,
given the rapidly evolving device technology landscape.
Policy
Implementing the BYOD strategy is only possible with a comprehensive policy. To develop an
effective policy, organizations need to define and understand factors such as:
Which devices and operating systems to support.
Security requirements based on employee role and designation.
The level of risk they are willing to tolerate.
Employee privacy concerns.
Employee demand for freedom in how they work and use technology has serious ramifications
for IT environments. This demand is altering IT departments’ traditional structure and scope of
control. Understanding this altered environment will give organizations a better idea of what to
consider while drafting BYOD policies.
BYOD Policy Framework
A comprehensive BYOD policy is an essential component of a successful BYOD program. An
effective policy should include the following:
1. Devices
» Scalability of devices: Flexible guidelines need to determine which devices are
evaluated on an ongoing basis, particularly as new devices, platforms and operating
systems emerge and employee expectations evolve.
» Device criteria: Comprehensive evaluation criteria need to specify which devices are
allowed and how employees will be notified that their devices satisfy that criteria.
» Supported configurations and platforms: Customized user agreements should account
for the varied combinations of devices, the platforms they run and the regulatory
requirements specific to the region(s)/industry(s) in which the organization operates.
» Device certification: A methodology is needed to evaluate and certify a device. The
policy should provide a list of compliant and preferred vendors for sourcing devices and
licensing for core applications required.
» Device support: A clear statement needs to detail how employee-owned devices will be
configured, which applications will be supported and the type of support that will be
provided. If the company wants to encourage a “self-support” culture, it should provide
self-help/support tools to users.
» Security: The organization needs to define its stance on how corporate data will be
retrieved and wiped in case of device loss or theft, as well as the rights it reserves for
dealing with corporate data and applications. It should outline restrictions on usage of
device features such as cameras, storage and recording functions and should stipulate the
use of anti-virus and malware software and the frequency of updates.
2. Users
» Eligibility: Eligibility requirements need to be created, as well as the criteria used to
establish eligibility. Role-based restrictions regarding access to certain applications and
data should also be clearly stated. Organizations should describe the procedure for
obtaining approval for using personal devices.
» Acceptable usage: Employees should be required to understand their responsibilities
with regard to acceptable use and minimum device connectivity requirements. The policy
should encourage employees to prioritize business-related use when they are at work.
» Compliance and governance: Communicate non-compliance to users and outline the
remedial actions they can take to be compliant. Organizations should get executive buyin for the BYOD policy and involve all related departments, such as HR, finance, legal
and operations, apart from IT.
» Ownership and liability: Guidelines must be clarified on who owns the device and the
data. These should define liabilities related to loss of corporate data stored on personal
devices, as well as the liability the organization is willing to accept for affecting personal
data due to the management of corporate data and apps.
» Reimbursement considerations: The organization needs to define its stance on
reimbursement. The extent of reimbursement (full, partial), the limits (allowed expenses,
maximum amount), the frequency (one-time, monthly, yearly) and eligibility (based on
role) will help guide the organization when formulating its stance.
» Policy violations: The company needs to prescribe actions in the event of violations of
policy guidelines.
Implementing BYOD Policy
A clear policy on the types of devices allowed as part of a BYOD program helps organizations
attain a certain level of standardization and allocate the necessary infrastructure to support the
devices. Customized policies mapped to the roles of users and their dependence on the devices
will be an effective way of limiting risk. Segregating users into broad categories such as mobile
workers, office knowledge workers and task workers will help organizations better understand
their needs and provision the appropriate IT requirements accordingly. The policy should
consider the role, the kind of work performed and the mobility needed to determine the
capabilities required of a personal device. For example, a senior executive is more likely to use a
tablet to review and approve work, while a designer or an engineer will prefer a desktop or a
laptop. Organizations can derive insights from the BYOD implementations of early movers and
absorb the best practices into their policies.
Q7.
What are the future perspectives of BYOD Model?
Ans. BYOD introduces a multitude of challenges; however, organizations should treat this as
an opportunity that can yield significant benefits, both tangible and intangible. The key is to
approach BYOD in a holistic fashion to address employee expectations, while ensuring business
requirements are met related to security, compliance and risk minimization. The need for agility
and speed will more rapidly transform the role of IT from a support function to a strategic,
business-enabling function.
Successful organizations will take a proactive approach to embracing and molding BYOD for
competitive advantage and the agility to outmaneuver the competition. Creating obstacles to
BYOD will be futile as empowered employees are provisioning their own technology anyway.
Younger employees and those with a millennial mindset find it hard to draw the line between
their personal and professional lives and seek the flexibility and ease-of-use that their personal
devices provide. Implemented with the right strategy, BYOD can:
Empower employees to improve their productivity through their choice of devices and
collaboration styles.
Ensure security of corporate data while complying with corporate mandates on
compliance, risk management and privacy.
Deliver cost savings with minimal IT support for employee-owned devices.
Simplify IT by running any app, anywhere, on any device.