If you have been following my blog posts, you will know that I am a huge proponent of BYOD policies being created by the enterprise and fully supported by the IT Organization. So I read with interests the BYOD article by Paul Simoneau on the Global Knowledge website called, 12 Steps to Bring Your Own Device (BYOD) Success.
As with every BYOD article, the #1 issue facing the IT Organization is Security. No surprise here. But I am always concerned by the companies that use the security issue as justification for not supporting BYOD. The bottom line, your users have smart phones and more and if you aren't supporting them, then you probably can't track or manage the devices either.
Of course, the best way to track BYOD is to have a comprehensive CMDB in place. The CMDB needs to have advanced capabilities to map and manage critical resources such as business services, hardware (including BYOD), software, users, documentation, and configuration within one federated database. Learn more about CMDBs by clicking on the free offer below.
Of his 12 steps, I really liked #7 - Compliance. It got me thinking. One area that I have yet to touch upon with regards to BYOD is compliance in the Highly Regulated Industries - financial services, insurance, healthcare, legal... Due to compliance, a company may need to track all communications, including those on smart phones, in order to remain within compliance. (Read, IT needs to facilitate this tracking.) So, you need to support BYOD and also control use - a double edged sword.
Many of the regulations relating to enterprise computing and networking came into effect before the rush of mobile devices occurred. The challenges are to follow those regulations without having control over all the BYOD communications. For example, complying with the Public Company Accounting Reform and Investor Protection Act or Sarbanes-Oxley Act's retention of email and instant messages leaves out the cellular Short Message Service (SMS) and the potential that social media engines such as Twitter brings.
The use of Social Media is risky business within the highly regulated industries. Posts require adherence to strict governmental and industry regulations. Content needs to be passed through legal, so how can a blog post be timely? Or more importantly, how can your user interact with potential clients via LinkedIn or Facebook on their smart phone? A colleague of mine is an Investment Advisor and his use of LinkedIn is restricted to creating a social gathering portal. No mention of investments, retirement, or anything to do with his job. He just arranges quarterly networking events with all proceeds donated to a local charity. No presentations, no product information, nothing that would be counter to the regulatory restrictions.
So if your IT Organization still needs to create a BYOD policy, there are many available resources. I mention a few in a previous post. Let me know if there are other BYOD considerations that you feel are not being discussed.
Flickr Image by peteoshea