BYOD Policies: Securing Corporate Data in Today's Mobile World

Outline the rights of the company to manage corporate data on employee-owned devices

When implementing a BYOD program, an end user license agreement (ELA) should clearly outline expectations with employees and promote their voluntary compliance with enterprise and security policies while protecting end-user privacy. The policy should clearly state if a business reserves the right to wipe company data and applications in appropriate situations.

Many companies seek a containerization solution to ensure clear separation between corporate and personal data, which meets the mobile user demand for privacy and the IT requirements for security of corporate data. In the event that a device is stolen/lost or the employee departs the company, only the corporate data will be wiped remotely, thus reducing the chance of sensitive data being compromised. Containerization enables IT to confidently promote the use of corporate information in mobile workflows on employee-owned devices or company-owned devices, knowing that the enterprise’s data is always kept safe. Employees get the additional assurance of knowing that their personal emails, photos and music cannot be accessed or wiped by IT, ensuring their privacy.

Consider split billing solutions

BYOD has recently become a divisive issue when it comes to who’s responsible for picking up the tab when the bill for mobile phone service comes in every month. For example, in 2014 the issue was raised in the California Supreme Court and Court of Appeal.

Split billing can make the enterprise mobility management (EMM) transition even easier for enterprises by eliminating complex stipends, reimbursements and credits. Instead of incurring work-related data charges against personal monthly plans, access to corporate provisioned apps can be directly billed to employers and partners, streamlining back-end reimbursement as well as HR and legal issues around liability for end-user content. This means there's no more filling out expense reports, no more paying hidden costs associated with processing expense reimbursements and no more dealing with tax issues connected to stipends.

By integrating a corporate data plan and split billing into BYOD policies, business leaders are accelerating the move to a mobile-centric workforce.

Managers should ensure input from employees

Despite having the best of intentions, sometimes legal and IT departments develop a BYOD strategy that is not user friendly. When developing and rolling out a BYOD policy, business leaders should engage with all departments, including HR, finance, legal, security, privacy and IT leaders. When doing so, they can guide these key stakeholders through a structured framework of best practices around BYOD to enable collaborative, accelerated decision-making.

“Meaningful BYOD policies ensures that all parties involved are on the same page from the start”

Mobility is an essential component in maintaining competitive advantage. Enabling employees to work on the devices of their choice can accelerate day-to-day activities for greater productivity and create greater employee satisfaction. When implementing comprehensive BYOD policies, business leaders must clearly outline concrete reasons for deploying a BYOD program and ensure clear rights for the company to manage corporate data on personal devices. They should also consider implementing a containerization solution to separate corporate data from personal data and examine split billing solutions to eliminate the complexities of stipends, liability for end-user content and auditing of employee expense reports.

Finally, as you are rolling out your BYOD policies and solution for your company, make it a collaborative effort among all departments. Create a proactive internal marketing campaign to mobile users that is easy to consume and understand, such as videos, posters, FAQs, BYOD Fairs at major locations and more. Clearly explain the benefits and how the BYOD policy and solution are managing risks to corporate data. The key to making BYOD work is to build the program to serve both sides: meet the employees' needs while strengthening enterprise data security.