Over two thirds of Americans have a smartphone and almost half have a tablet. With so many devices already in hand, many companies are implementing BYO programs. However, there are many things for a company to consider before electing to go BYO.
First, there needs to be a thorough understanding of the BYO approaches and their implications. The four types of programs companies can choose when dealing with devices and employees:
- BYOD (Bring Your Own Device)
- CYOD (Choose Your Own Device)
- CLEO (Corporate Liable Employee Owned)
- COPE (Corporate Owned Personally Enabled)
To select the appropriate program, consider questions such as: Who owns the device? Who will maintain the device? Who owns the data? Who is paying for the bills and accessories? And who owns the phone number associated with the device? Each of the four BYO programs has a different combination of answers. For example, in a traditional BYOD program, the customer owns the device and number, but what about the company data? What if the phone is lost or the employee no longer works at the company?
Understanding the implications of each program is paramount in choosing the right one for a company. Before choosing a program, there are five areas of considerations that should be thoroughly examined:
- Risk assessment
- IT security
This is where most programs need to start because there must be procedural protocols in place to protect both the employee and employer by defining the terms and limits of the program. It should specify the rules surrounding the level of support for company or employee-owned smartphones, tablets and laptops. The policies will also define the parameters of data security, who owns the data regardless of who owns the phone, how deployment and maintenance will be handled, and also the security protocols during emergencies. Who will pay for the phone, what which budget from which department, and who will be responsible for maintaining and upgrading the phones should also be established in the company policies. Setting up this foundation at the beginning cuts down on company legal fees. Company policy should be the first step in considering which BYO program may be right for a company and will affect the other four topics of consideration as well.
Risk assessment requires looking at the components in an organization's infrastructure to identify potential vulnerabilities and how to manage them as they apply to a BYO program. It is important to understand the risks associated with each type of program before deciding which plan to use as each program has a different pros and cons that will impact the company and the level of risk that is acceptable. For instance, with BYOD, where each employee brings their own device, other family members may might use that device, or there may be applications that compromise sensitive company or client information. That level of risk seriously impacts any business, especially in the medical or financial industries that have stringent privacy regulations. For information that is highly sensitive, and industries with more robust data security requirements, a COPE program mitigates much of this risk. Companies will need to determine the risk tolerance not just across an enterprise, but for their perspective industry, as some industries have stricter guidelines to protect data and client information.
A large part of implementing any BYO program will is IT and security. This goes hand in hand with risk assessment. It is important to understand how to navigate the vulnerabilities and limitations of a company’s infrastructure when choosing a BYO program. Each of the four programs has different security and data risks. Bring Your Own Device has many different risks associated with it because of the numerous devices that could be brought in and even more applications that must be addressed and secured. CYOD (Choose Your Own Device), where a company limits the devices that can be used, has fewer IT security issues because there will are fewer devices in action. A more secure option is a CLEO (Corporate Liable Employee Owned) program, where the company places its own applications to on an employee-owned phones. Those applications are secure, but since the employee still owns the phone, there are still risks of breaches is data security. For businesses and industries that need the highest level of security, COPE (Corporate Owned Personally Enabled) is the best because it allows a company to have complete control over what applications and information is on the phone and what type of access will be granted per phone. In a COPE scenario, a company can limit which applications can be downloaded, and can wipe the phone should it be lost or if the employee leaves the company without returning the device.
Deployment can be costly and time intensive, burning through budgets if not properly planned and carefully implemented. Which phones, tablet or computers are compatible with the networks and infrastructure? What applications need to be used, and what if any, are the memory or other requirements of the devices that are to be connected? If many different devices are allowed into a BYOD program, then IT may be spending time with connectivity issues and old devices that aren’t compatible.
If not properly thought out and implemented, supporting a BYO program can prove very costly and cumbersome. BYOD may be one of the most popular programs, but it requires a lot of support because of the wide variety of devices that are used and connected into the company. It is not just an issue of Android or Apple, it’s important to have an IT department that understands the limitation and capabilities of each type of device and how those relate to the company infrastructure and network. Support and trouble shooting are more manageable with a Choose Your Own Device or a Corporate Owned Personally Enabled program. The latter makes support easier because of the limited devices, and passes on savings to the employee, giving them a device at a discounted rate.
As with any business decision, choosing a BYO program needs to be well thought out and managed. With the proper planning, the rollout, deployment, and support will be smooth and efficient.