The Importance of BYOD Policies – Lessons from Capitol Hill

By IAITAM

BYOD is a commonly understood abbreviation for a business practice known by most organizations around the world. Even in an organization where the practice has not been implemented, BYOD costs and benefits have been compared to determine if the practice fits with the organization’s goals.

The US State Department seems to be the exception where no determination was made. Former Secretary of State Hillary Clinton was using her personal email address to conduct State Department work on personal devices. These devices even included a private server. In light of recent events on Capitol Hill and in the media, and without any political bias, there are lessons to be learned from the actions of Mrs. Clinton as well as the State Department. These lessons shine a spot light on BYOD best practices and why they are important.

Lesson 1: BYOD policies and the use of personal devices should be clearly defined by the organization and communicated.

It may seem simple to create a clear policy for BYOD policy within an organization, but the importance of that precision cannot be understated. The policy needs to plainly and explicitly detail the role or lack of role for personal devices with organizational data. Policies are the controls to behavior for employees and the language has to reduce the risk of confusion and misunderstanding.

Of course, a well-written policy that no knows about is not going to control employee behavior. Communicating the policy and its importance to the organization are absolutely essential actions.

Lesson 2: Remember why BYOD became a trend in the first place.

With end users becoming more comfortable and reliant on technology, they develop preferences that influence how they wish to interact with work data. These preferences ignited organizational executives with the idea of potential savings on technology while increasing end user productivity at the same time by allowing employees to utilize their own technology. The BYOD trend grew based on this set of goals.

However, some implementations have lost the spirit of those goals. For instance, if rules and standards are too limiting, end users will either abandon the idea entirely or find ways around the current BYOD policy. The rules designed to improve data security may actually create a chaotic, uncontrolled environment. The lesson to learn is to ensure that the BYOD program makes it easy for end users to work and access organization data while maintaining data security and integrity.

Lesson 3: Personal and organization data must be kept separate.

This final point touches on the single largest concern of end users which is privacy. By allowing their personal devices to become a part of the BYOD program, they relinquish some control over who has access and what they have access to. BYOD strategies that keep personal and organizational data separate protect end user privacy and respect personal data. At the same time, employees can still access and modify or delete any organizational data. This approach generally leads to a higher adoption rate for the BYOD program and ensures that there are fewer instances where noncompliance becomes an issue.

Reference:

“3 BYOD mistakes Hillary Clinton made, and how your BYOD policy can avoid them,” Bradley, Tony. 13 March, 2015, http://www.pcworld.com/article/2896106/3-byod-mistakes-hillary-clinton-made-and-how-your-byod-policy-can-avoid-them.html#tk.rss_all

About the Author

The International Association of IT Asset Managers (IAITAM) is the largest organization providing education, certification and thought leadership to the management of IT as a business. IT Asset Management is the management of hardware, software, mobile and other technology to maximize the value to the organization.