BYOD a reality that all CIOs need to address in order to implement best practices


With the advent of user owned devices and the ever increasing mandated requirements for record retention and security CIOs are challenged to manage in an ever more complex and changing environment.  
Before the CIO and enterprise can start the process of implementing BYOD policies they needs to ensure that what is created meets the an enterprise's compliance, culture and operational requirements.  This requires defining the scope and objectives of the policy:

  • Cost - Who will pay for the data plan? What rewards will be provided to get people to buy in?
  • Agree to Acceptable Use - What terms will be included in the Acceptable Usage Policy, and how will the enterprise ensure its employees understand and agree to it?
  • Mandated requirements : the enterprise will have to account for factors such as open source variables for Android implementations for different devices and any security or regulatory requirements that relate to your industry (i.e. Healthcare HIPAA compliance)
  • Security: Will the policy state how the passwords be enforced? Encryption? Will the enterprise blacklist any applications?
  • Management: how will the enterprise manage the devices connected to your network?
Order BYOD PolicyDownload Selected Pages

The steps to do this are well defined in Janco's BYOD Policy template which includes a detail best practices that:

Implement remote wipe from the enterprise 

As the number of personal devices used increases, the greater the chance that one of them will be lost or stolen.  Given that a remote wipe that can be generated from the enterprise  with all of its implications should be implemented.

Provide simple workable solutions that even novices can use

Solutions should allow users to log-on to the user interface and access a list of their enrolled devices. From there, they can locate their device, lock it, reset its password, or wipe it. The user interface should be able to self-audit the device and report compliance issues.

Build a facility to deal with terminated employees

Even before an employee is leaves the enterprise they are a security risk. That risk is magnified once the process of termination begins - either voluntarily or involuntarily.

Protect sensitive and personal information

Personal devices are full of personal information, documents, and applications that are on the device for non-work purposes. There should be a way to identify your personal vs. corporate owned devices, and apply a particular policy to hide the personal information from IT administrators.

Implement a records management policy for business records

Records management is a critical compliance requirement and should be controlled by the enterprise and not left to the individual user.  A clear definition of what is a business record and how it should be saved and archived should be defined.  (See Record Management, Retention, and Destruction Policy)

Isolate corporate data

When supporting BYOD, you need to be able to isolate corporate data on the phone, which includes, but is not limited to:

  • Mandated records management requirements for archive and revival
  • Disaster recovery and business continuity implications
  • e-Mail Accounts
  • VPN and Wireless settings
  • Enterprise applications that have been pushed down
  • Documents

Continuously monitor automated actions

The enterprise should have the ability to monitor the state of each device accessing the network wither it is approved or not

  • Is the device enrolled?
  • Is it in compliance?
  • Does it have any new applications? Answering these questions will allow the enterprise to make adjustments based on the data you're seeing. This information will tell you if you need to make new policies or compliance rules.

Options that you can take include, but should not be limited to:

  • Send a notification to the user with steps to be taken
  • Block the device from accessing the corporate network and/or email
  • Wipe the device (full wipe or selective wipe)
Order BYOD PolicyDownload Selected Pages

Other Infrastructure Tools for CIOs

The policies have just been updated to comply with all mandated requirements and include electronic forms that can be Emailed, filled out completely on the computer, routed and stored electronically -- a total solution.

We have just completed a major update of most of the individual polices and almost all of the electronic forms.