The consumerization of IT is a reality and with that comes the phenomenon movement called BYOD – “Bring Your Own Device“. This means that employees are using tablets and smartphones in their daily lives and want to bring them to their work environments.
The BYOD frees employees to use the devices for the more pleasing performance of their professional tasks. As end users are now ahead of the technological forefront, companies have realized that it is much more advantageous to embrace this idea than banning. After all, they cannot close their eyes to this trend, according to market analysts, it is impossible to block.
How to react to this new scenario? The IT sector is no longer the owner of the technological environment of the users. The traditional paradigm of approval and by definition of what IT can and cannot allow to enter the company no longer worth more. How to face this tsunami? Lately, panels have debated this issue extensively. I summarize here some points discussed at such times and in hallway conversations, which always happens in such events. I think it will be interesting to share this information.
It was clear to all that the definition of the strategy is the first step. The fact that more and more users purchase their smartphones does not mean that the company must stand still, hoping they bring them and connect to the corporate network. In practice, we can think of two extremes. One would be, everything is forbidden, and no smartphone joins the company. Impossible to control. At the other extreme, it is released. The risks are immense.
What the company needs is to define at what point between the extremes it wants to go, and where it should start. The IT department must lead the way, but involving other sectors such as risk management, human resources and legal, as legal and labor will be involved.
To define the strategy and policy of use, confirm whether there are legal restrictions and implications on aspects related to the remuneration of officials, and obtain approval of the audit and risk management area. A global company needs to understand that a single policy can not always be applied, since the laws and cultures are different between the countries in which it operates.
It should also be clear who will bear the costs of connections and if the alternative will be BYOD mandatory. How to pay the bonds, many companies reimburse employees who use their own device in professional activities, by paying the cost of mobile calls and data access. Others cover half of the expenses, upon presentation of report of expenditures.
And what to do in case of employees who do not wish to enter the program? To these, the company will acquire smartphones? And if yes, this acquisition can be seen as distinct benefit to those who bought their own. A problem?
The ownership issue is among the other items being considered. We can think of three different approaches. The first is to establish that corporate resources are accessed via a personal device, the company has the right to control and lock the device. To put this policy into practice, you must create written standards and responsibilities for both parties. The employee must sign the document.
In the second model, the company buys the device and allows its use for private purposes, and obviously professional activities. Employees who do not like the experience on such devices are free to use other equipments, however, no corporate access. Very common today among BlackBerry users, who also use an iPhone or Android.
The third model is the legal transfer device for the employee, which may be, in some cases permanently. But there is also the situation where the organization buys the device by a symbolic value and gives the professional the right to use it for personal purposes, pledging to sell it back for the same price when the employee leaves the company.
It is also important to consider whether the current application portfolio will be impacted by new devices entering the enterprise. For example, for years the company may have adjusted their applications to interfacing with the BlackBerry, but they may not be prepared for iPhones and Androids. What is the time and cost of compliance?
An important point: educate employees about the policy, restrictions and risks. It should also be clearly defined program objectives and justify their business case. What are the benefits to be obtained? Are there intangibles such as image enhancement? Or it may be measured as increased productivity?
Another aspect of the strategy is to define the scope of the program BYOD (all employees or only a portion specifies), identifying who will be your sponsor. The strategy should also define the procedures that will be done when the employee leaves the company and what are their responsibilities regarding the misuse of the applications installed on your smartphone.
And who will pay the bill implementing the BYOD policy? For example, not buying more smartphones reduces the costs for the company. But on the other hand, expanding the network to support higher data traffic, and help desk, to meet new demands, increase costs. Although reducing the CAPEX, companies are increasing OPEX with mobile devices, which are maintenance costs. The help desk expenses tend to increase. They need support for different operating systems. It is also necessary to evaluate the cost of acquiring new technology for managing mobile devices. It is essential to balance the pros and cons as well so that the business case makes sense.
The next step is to group employees for their usage demands for these devices. Professional activities in a company are very different and therefore their usage demands tend to be quite different. A good tool is to help build an array of functions performed versus demands of applications and uses. For example, a CRM system should be accessed by the sales staff, but not by the engineering team. Consider also the security risks for each type of access and identify the technological gap to cover these security holes.
The third step is to plan the implementation process. This means acquire and put into operation the necessary technologies, as tools for device management, any increase in network capacity expansion and the help desk. The help desk is an important point. Although generally smartphones are supported by individual manufacturers themselves (a company like Apple, for example, does not support corporate), the help desk staff must fill in technical questions regarding the use of equipment and mainly on installation and operation of the applications installed in the store within the company. The app store is another challenging issue.
If the environment tends to be heterogeneous, there is likely a shop for each type of smartphone operating system, since they are different. This leads to setting up strategic enterprise applications which will be based on HTML5 or native technologies. Using indigenous technologies, each application must have a version (and do not forget to manage and update) for each operating system, either iOS, Android or Windows.
Finally, start putting the BYOD project into practice. This involves a detailed plan of the steps to be met: the process of education, the creation and formalization of usage policy, training and operation of the new activities of the help desk staff, and the purchase and installation of technology required to process management. Test everything on a pilot, proof of concept, in a controlled environment and then adjust and refine procedures. After that, start spreading on the BYOD for the company. It is the stage of the rollout.
And it’s always good to constantly monitor the process, because new technologies are constantly emerging, and with them, new usage habits begin to be acquired. Remember we are talking about technologies like smartphones and tablets, which are very recent.