The Benefits and Risks of a Bring Your Own Device (BYOD) Policy
In a world of heightened security, where any access to a company’s systems risks introducing security breaches or viruses, carefully evaluating and setting a policy for the authorized use of employee-owned devices isn’t a trivial exercise. A decision to allow personal devices triggers a series of additional decisions, including what systems or applications to make accessible, password format requirements, and helpdesk support that may be required when employees have problems with their personal devices.
One particularly complex issue related to BYOD policies is what will take place when an employee leaves the company, and you need to eliminate systems access capabilities and ensure the removal of sensitive company information. With company-issued devices, this is not a problem, since the company simply takes possession of the device. With employee-owned devices the employee retains possession, and changes to the device may be required prior to the employee leaving the company.
Recently, Peeriosity’s iPollingTM was used by the Vice President of Shared Services at one of our member companies to better understand the policies other companies have in place that cover employee-owned devices. Here’s the background information that was submitted when the poll was created: “Our organization is in the process of developing a BYOD policy to allow employee-owned devices to access company systems. We would find input from other companies very valuable in creating something that is flexible for the employees, but also ensures that our systems and data integrity are not put at risk.”
Once the poll was released by Peeriosity, responses were posted in real-time, with visibility to company responses available to all Peeriosity members, allowing for direct communication with peers using Peeriosity’s integrated Peer MailTM capabilities, including following up to ask about specific policy examples.
The first poll question asked about the status of developing a Bring Your Own Device (BYOD) policy for employee-owned smartphones, tablets, and other devices. Interestingly, 54% of responding companies indicated that they have implemented, with an additional 14% currently evaluating options for doing so. Only 11% of responding companies considered the opportunity and decided not to provide access, and, somewhat surprisingly, 21% haven’t yet evaluated the issue.
Here are the details:
For companies that do have a BYOD policy in place, a follow-up question examined the level of employees who would qualify under the policy. In 60% of companies with a current policy, all employees qualify, with 7% restricting the program to Directors and above, and 13% restricted to supervisory level and above. In another 13% of companies, the policy is administered based on the role of the employee, and not their job level.
Unlike traditional benchmarking, Peeriosity’s iPollingTM capabilities allow members to very quickly examine this issue in detail, providing a range of experiences and viewpoints that can be reviewed to develop an appropriate and workable answer. Tapping into the experience of peers eliminates guesswork and allows members to quickly access the collective experiences of a large community of users who are facing the same challenges.
Here are a few of the comments from responding companies:
- The BYOD policy applies to all employees that are eligible to be provided a company phone, with eligibility dependent on the job requirements and not necessarily the job level. The policy covers only phones, and there is a partial reimbursement for expenses.
- Our current policies are a bit fragmented both in terms of which businesses are included and the level of reimbursement. A bigger question might be whether we should be reimbursing at all and just expecting it as a part of what every employee pays for like the cost of getting to work. The reality is that everyone has a phone at virtually all job levels, so why provide a reimbursement or expense offset?
- Our policy supports BYOD for supervisors and above and, to some extent, exempt-level staff. It requires approval from their leader to have their device set up to do email, WebEx, Jabber IM, and VPN connection and any other work systems access from their mobile device.
Does your company currently have a BYOD policy for employee-owned smartphones, tablets, or other devices? For whom does the policy apply, and how do you identify and manage any related security risks?
Who are your peers and how are you collaborating with them?
“iPollingTM” is available exclusively to Peeriosity member company employees, with consultants or vendors prohibited from participating or accessing content. Members have full visibility to all respondents and their comments. Using Peeriosity’s integrated e-mail system, Peer MailTM, members can easily communicate at any time with others who participate in iPolling.
Peeriosity members are invited to log into www.peeriosity.com to join the discussion and connect with Peers. Membership is for practitioners only, with no consultants or vendors permitted. To learn more about Peeriosity, click here.