Despite the major security risk that accompanies employees using their own mobile devices for work, being too restrictive with their use won't help keep a business's critical data secure.
Recent research from Gartner revealed that by 2016, 20 percent of enterprise BYOD programs will fail due to deployment of mobile device management measures that are too restrictive. Israel Lifshitz, CEO of remote workspace provider Nubo, said creating balanced BYOD policies that ensure an organization's data security is no small feat.
"If your policies are too restrictive, no one will participate," Lifshitz said."You need to think outside of the security box."
To help small businesses, Lifshitz offers five tips for ensuring the proper BYOD balance.
- Define policies that employees can live with: Heed the lessons of previous BYOD experiments. Your users will never agree to handing over their mobile devices so you can disable screenshots. Unless you run a spy agency, you don't need geo-tracking on your employees' devices. You also don't need access to any of their personal apps. Focus on what you absolutely need in order to secure enterprise data. If you don't, your employees will not participate in your BYOD program.
- BYOD is about freedom of choice: BYOD is a consumer-led revolution; IT definitely didn't invent it. Keep in mind that BYOD is about freedom of choice. I am appalled when I see BYOD rules that dictate which device models employees can work on. When it comes to apps, offer a few choices for each type of app that your employees will be using. Additionally, add a few email, calendar and document editing apps to your enterprise app store.
- Make a clear separation between work and personal lives on the device: Almost every BYOD solution includes email, a calendar and a contact list. Make sure your employees know not to use their work apps for personal use. If and when they leave your company, those apps will be deleted from their device. Make it clear to your employees where IT has rights (on the work apps) and that they should never forward work emails to their personal email account. Good fences make for good BYOD policies.
- Select BYOD options that don't leave data on the device: Choose apps that do not store data on the device. When app data is stored in the cloud, there is much less potential for data leaks. IT will need fewer policies and it will make the employee's life easier.
- Communicate and use common sense: Communicate your BYOD policies to your employees, both on paper and in person. Instead of sending a dry email full of technical terms that non-IT personnel will never understand, convene a BYOD workshop and give everyone a chance to ask questions. Make it crystal clear what IT will do with the administrative rights they have on your employees' devices. Let them know that you will never use the "nuclear option" to wipe the entire device of its data. It is important that they are aware that the worst-case scenario is waking up and finding their work apps and work data cleared out. In the post-Snowden revelations era, mobile users want to know that you will never look at their private data nor will you perform backups.
Since mistakes are bound to occur, Lifshitz said it's critical to not install a regime of fear.
"Isn't it better when employees feel free to approach IT and say, 'I think I made a mistake with our app. How do I fix it,' Lifshitz said.