When IT managers consider mobile device strategies, they often consider Bring Your Own Device (BYOD), where end users simply use whatever smartphone they’ve already got, with a “hands-off” strategy. That’s in contrast to Choose Your Own Device (CYOD) or Company-Owned/Personally Enabled (COPE) programs, where enterprise IT takes full responsibility for managing things.
The reason BYOD is hands-off is simple: IT managers don’t want to take on the bewilderingly unpredictable responsibility of support and configuration for every possible smartphone that might show up in the workplace. And that’s a pretty reasonable concern. But it also might be looking at the problem backward. If an employee insists on using a smartphone that is so old, unusual or incompatible that you can’t support it — maybe they shouldn’t be handling sensitive enterprise information with that device in the first place.
Now take this one step further: If a device can’t be supported, that doesn’t mean that you’re not going to get support calls. If a device is completely out-of-date, it’s likely got a user who wants to get work done, but can’t, because they’re fiddling around with a smartphone that simply isn’t capable of what they need. That ultimately creates considerably more work for you and for them.
The Case For MDM: Minimum Device Management
An alternative to completely unsupervised, potentially time-wasting BYOD failures is to consider Mobile Device Management (MDM) as a minimum bar for participation in your BYOD program. In other words, if a device can’t be connected to a basic MDM system, it’s probably not a good idea to bring that device into the BYOD ecosystem. Remember that BYOD exists for a reason: It allows people to be productive in a more mobile and flexible environment than sitting down at their desk in the office, or their laptop everywhere else. If you’re not delivering that productivity and convenience, then your BYOD program is not meeting its goals.
MDM compatibility as a basic requirement for BYOD isn’t a particularly difficult standard to set. Most enterprises will be using some variation on Microsoft Exchange, which enables an agent that includes basic MDM features when the smartphone or tablet is connected. And if you have a more full-featured MDM or Enterprise Mobility Management (EMM) tool, even better.
Having MDM as a requirement for linking a smartphone ensures that operating systems are of recent vintage, which helps with security, and that the smartphone can handle the enterprise applications used in BYOD. That usually includes (at least) basic office communication tools such as email, calendar and contacts, as well as some type of audio or video conferencing application.
If the device is current enough to run modern applications, the user experience is going to be better all the way around. It’s not just the BYOD user that matters. BYOD enables collaboration, so a bad BYOD user experience contaminates everyone else. You don’t want to have one user on an outdated or incompatible device causing issues with other staff members as they try to participate in a video conference or missing meetings because their calendar is not updating properly.
By setting MDM compatibility as a basic requirement, though, you do much more than establish that the device is mainstream enough and modern enough to be connected to critical enterprise applications. You get some basic and important controls: minimum password lengths and lock times, application store restrictions, and remote wipe and lock capability.
The Basics Remain Necessities
Using MDM as a basic gateway to BYOD enrollment also saves time. When a user links their BYOD smartphone to enterprise MDM, you’ve got instant control of the operating system and application features you consider vital to basic enterprise security. There’s no need for the user to bring the device in to have someone at the help desk puzzle over settings and try to catch everything, because the MDM tool handles that quickly and generally in a manner independent of operating system or version.
Users who have devices that can’t match up with enterprise MDM or who don’t want to adhere to minimum security policies will always be there, but these types of issues are ones you can solve at the moment of BYOD enrollment. That’s arguably the most efficient time to resolve a problem: before someone heads to the field with an incompatible or unreliable device, or before a failure to adhere to required security controls turns into a data breach.
Creating a document that tells BYOD users some basic security features to set and policies to follow is a good first step, but these documents are also easily ignored or forgotten by busy, disinterested end users. MDM lets you take those basic settings and actually enforce them, which will accelerate deployment, facilitate audits and promote best practice security hygiene all at the same time.
Learn more about setting BYOD policies with this free top-to-bottom guide and template.