BYOD is an idea that management sees as a savings opportunity: the mobility budget can potentially be removed altogether, taking ownership and liability away from the company and placing it on the user.

Ideally what would happen is the user would pay for their own device and plan, but that almost never happens because if employees feel that if they are expected to use the device for work then the company should pay for it.  Instead, stipend or reimbursement programs are setup.  Stipends are determined based on what’s reasonable to cover the user’s costs.  The problem is: who determines what’s reasonable and who enforces it?  Also, individual user costs are almost always higher than when spend is aggregated, leveraged and optimized as part of a group plan, so costs net neutral or stipends can become even more expensive than company liable plans.  In addition, a certain level of control may be sacrificed because monitoring compliance with reasonable stipends, appropriate plans, features, and usage can become far more difficult to manage than when users are under a corporate liable plan.  Further, support does not go away and can be even more cumbersome to manage if the BYOD program allows for significant variety in devices and plans.

BYOD can only be an effective way to reduce costs if it’s implemented carefully under a strict policy that is managed closely and carefully.  There is also potential to reduce future costs by eliminating device purchases from the corporate budget.  While reaping the potential financial benefits of BYOD, the company can also leverage the policy to mitigate liability for what users do with their phones for personal use, whether it involve harassment or accidents related to inappropriate use.

Tips include:

·         Stipend capping:  identify a reasonable monthly stipend that will cover all users or a stipend that will accommodate various tiers of users.  For example, sales may need a larger stipend because they are on the road and consume more voice and data.  Employees who travel internationally may need a different stipend than administrative employees may need, etc.

·         Device restriction: If the company is paying for devices, restrictions may be placed on company supported and reimbursed devices.  Or, stipends may be capped to a dollar value and a given interval (once per year or every two years).

·         Support structure:  A decision needs to be made about who gets support and what level of support they get before deploying BYOD.  Various user groups may get different levels of support depending on their role in the organization. 

·         Access and security: In order to effectively onboard users, a security and access policy must be implemented that suits the culture of the organization.  Selecting to require users to password protect their entire device may not be as acceptable to the user base as using applications that allow the user to have a separate virtual device for personal and company use.  In the same way, read only access may be ok for some organizations, but others will require the ability to manipulate and upload files from their mobile device.

·         Compliance:  Management is key to rolling out BYOD.  Creating the policy is the first step, but the user base should be audited at least twice a year to ensure compliance from a device, plan, and stipend standpoint.  Mobile Device Management (MDM) will assist organizations in tracking their policies and users.
Share To:

David Pastore

Post A Comment:

1 comments so far,Add yours

  1. As a Symantec employee, I found the comment above about requiring password protection on mobile devices not always being acceptable to the user base a bit misguided. Not only should organizations require corporate-connected devices to be password protected, but all smartphone users should be password protecting their devices. We recently did an experiment in which we intentionally lost control of 50 smartphones that were not password protected and then monitored them to see what happened as they were found by strangers. The results were startling. Here’s just a sampling (the full report can be read here http://bit.ly/KgXvli):

    - Attempts to violate either personal or business information happened on 96 percent of the phones.
    - Nearly half of those who found the phones tried to access the owner’s mobile banking app.
    - Attempts to access a corporate email client occurred on 45 percent of the devices.
    - Obviously sensitive business-related information, such as files names “HR salaries” and “HR Cases,” were accessed on approximately half the devices.
    - A “Saved Passwords” file was accessed on 57 percent of the phones.

    The moral of the story? Password protecting mobile devices, whether they are solely personal or also corporate-connected, should be a standard practice.

    Spencer Parkinson
    Symantec

    ReplyDelete