BYOD Policy Setting Matrix

Bring Your Own DeviceBYOD Policy Matrix is the basis for a customized policy

BYOD (Bring Your Own Device) - is no longer the exception. Now it is the norm.

In establsihing a policy there are eight (8) factors to consider:

  1. Device Choice
  2. User Experience and Provacy
  3. Trust Model
  4. Application Design and Goveernance
  5. Liability
  6. Economics
  7. Sustainability
  8. Internal Marketing

The process for creating a BYOD Policy that works in a customized environment is driven by the Matrix below

Device Choice

User Experience and Privacy

  • Analyzing employee preference and understanding which devices they have already bought
  • Defining an acceptable baseline of what security and supportability features a bring-your-own-device program should support
  • Understanding the operating system, hardware, and regional variances around that baseline
  • Developing a light-touch certification plan for evaluation of future devices
  • Establishing clear communication to users about which devices are allowed or not, and why
  • Ensuring the IT team has the bandwidth to stay up-to-date

  • Identifying the activities and data IT will monitor
  • Clarifying the actions IT will take and under which circumstances
  • Defining the BYOD privacy policy
  • Critically assessing security policies and restrictions for sustainability
  • Deploying core services (email, critical apps, WLAN access) to the employee
  • Preserving the native experience
  • Communicating compliance issues clearly to the employee

Trust Model

App Design and Governance

  • Identifying and assessing risk for common security posture issues on personal devices
  • Defining remediation options (notification, access control, quarantine, selective wipe)
  • Setting tiered policy
  • Establishing the identity of user and device
  • Lending a critical eye to the sustainability of the security policy being instituted
  • Designing mobile apps to match the trust level of personal devices
  • Modifying app catalog availability based on device ownership
  • Committing to the resource investment of building apps with personal devices in mind
  • Updating app acceptable-use policies
  • Defining enforcement levels for app violations (notification, access control, quarantine, or selective wipe

Liability

Economics

  • Defining the elements of baseline protection for enterprise data on BYOD devices
  • Assessing liability for personal web and app usage
  • Assessing liability for usage onsite vs. offsite, and inside work hours vs. outside work hours
  • Evaluating whether the nature of BYOD reimbursement affects liability (partial stipend vs. full payment of service costs)
  • Quantifying the monitoring, enforcement and audit costs of the BYOD compliance policy
  • Assessing the risk and resulting liability of accessing and damaging personal data (for example, doing a full instead of selective wipe by mistake)
  • Shifting the cost of device hardware to the user and moving to a stipend model
  • Controlling excess service charges through more responsible usage
  • Establishing appropriate service plans, realizing some negotiating leverage might be lost
  • Assessing the productivity impact of users being able to use their desired platforms
  • Changing the help desk model (with BYOD, employees use the help desk as the last resort instead of a first resort)
  • Reducing compliance and audit costs, if the legal assessment shows lower liability with personal devices)
  • Assessing tax Implications

Sustainability

Internal Marketing

  • Securing corporate data
  • Minimizing the cost of implementation and enforcement
  • Preserving the native user experience
  • Staying up-to-date with user preferences and technology innovations
  • Communicating why the company is moving to BYOD
  • Understanding BYOD is an HR initiative as much as an IT initiative
  • Defining IT's "brand"
  • Supporting the brand message with appropriate action

Read on BYOD Policy Order BYOD Policy Download Selected Pages