Getting Started with Bring Your Own Device (BYOD) BYOD-‐in-‐a-‐Box Toolkit
Bring Your Own Device (BYOD) Best Practice Approach Many organizations are considering allowing personally-‐owned mobile devices for business applications in order to drive employee satisfaction and productivity while reducing their mobile expenses. MobileIron customers have taken a broad spectrum of approaches to BYOD, from allowing a small set of executives or technical staff to use their own devices to opening BYOD up to the entire employee base. In talking with these customers, MobileIron has identified four key best practices for creating a successful BYOD program that address the challenges most likely to reduce the program’s impact or derail it entirely: ü Balance security, compliance, legal liability, and cost concerns with a positive user experience to create a program employees want to participate in. ü Engage stakeholders early and keep them involved throughout the project so that decisions can be made in a timely fashion allowing the program to advance. ü Acquire and thoroughly test all devices you are considering and only allow those that meet your requirements; it is easier to add devices to an existing program than to tell employees that their device will no longer be supported. ü Measure and demonstrate the results and value of the BYOD program to the business and on the bottom line. With these best practices in mind, MobileIron designed an approach to BYOD and a toolkit of materials (the BYOD Toolkit) to help companies better plan, develop, and execute successful BYOD programs. Our approach is broken into four phases, outlined in the graphic above, with the key activities under each phase. This paper describes that approach, focusing on Phase 1, Prepare. The BYOD Toolkit materials for each phase, available via the MobileIron Support Portal, are listed at the end of this paper. Future papers will cover the additional phases in more depth.
Phase 1: Prepare Determine your BYOD Risk Tolerance Understanding your organization’s risk tolerance will give you a sense of the “flavor” of BYOD that will work in your organization, and will help streamline decision-‐making. MobileIron has developed a BYOD Risk Tolerance Assessment based on analyst group Gartner’s four-‐point scale for assessing CIO’s attitudes toward IT consumerization (defensive, reluctant, opportunistic, aggressive). Your level of risk tolerance will provide a starting point for designing your program. The graphic on the next page illustrates some of the elements that will be impacted by your risk tolerance level.
© 2012 MobileIron, licensed under Creative Commons Attribution 3.0 Unported License http://creativecommons.org/licenses/by/3.0/
P a g e | 1
Getting Started with BYOD BYOD-‐in-‐a-‐Box Toolkit After completing the Risk Tolerance Assessment, you may have found that your company's risk tolerance profile is lower than you hoped it would be. That doesn’t mean that you can’t develop an innovative program. Many companies in highly regulated and risk-‐averse industries such as government, financial services, insurance, healthcare, and pharmaceuticals, have successfully implemented BYOD programs. Developing and executing these programs required the organization to accept a greater degree of risk than they were accustomed to in order to realize the benefits of mobility – improved employee productivity and satisfaction, and decreased costs. These companies realized that the trade-‐off was worthwhile, and carefully planned their program to minimize security, compliance, and liability risk. The red shaded areas in the Risk Tolerance Results tab of the assessment will help you identify the areas to focus on to make your program successful.
Engage Stakeholders and Define the BYOD Program Goals Most BYOD programs are driven by IT Operations or IT Security, but require involvement across the organization. Executive-‐level sponsorship is key to developing a successful program to ensure adequate funding, resources, stakeholder involvement, and ultimate approval of the program. Other key stakeholders include Legal, Human Resources, and Finance. Your corporate Help Desk or support organization must be involved as well, since BYOD necessitates changes in their role. Depending on your organization, Risk Management and Privacy stakeholders could also be involved. Please see Stakeholder Involvement and Objection Handling in the BYOD Toolkit for tips on inviting stakeholder involvement and support. MobileIron recommends including all key stakeholders in the project kick-‐off meeting to define the overall program goals and set expectations about time commitment and decision-‐making. Typical program goals include: • • • • •
Attracting top quality talent Increasing employee productivity Improving employee satisfaction Decreasing support costs Decreasing operational costs
• •
Reallocating IT resources/staff Redefining IT’s role in the organization
Prioritized and documented program goals can serve as guidelines for decision-‐making as the program evolves and help keep stakeholders with diverse perspectives focused on the same goals.
© 2012 MobileIron
P a g e | 2
Getting Started with BYOD BYOD-‐in-‐a-‐Box Toolkit Understand End User Preferences A successful BYOD program needs to balance the needs of the company with the needs of the employee. If a program is too restrictive, employees will not participate in it. If a program is too permissive, it may place the company at risk. The greater your risk tolerance, the more important it is to understand end user preferences, as you will have the flexibility to tailor your program to user preferences. MobileIron recommends surveying employees to understand: • • • • • • •
Which OS/devices they currently own What they are considering purchasing in the future Which factors would encourage participation in a BYOD program Which factors would discourage participating in a BYOD program Which corporate apps would be most valuable to them Their comfort level with self-‐service support The impact of BYOD on their company perception/work life/productivity
Survey employees only after you have assessed your risk tolerance and met with stakeholders so that you can tailor your questions to gather information about the kind of program you are likely to develop based on that initial input. Starting with a wide-‐open survey may give employees the wrong impression about the kind of program you eventually enact and erode the trust necessary for a successful program.
Assess your Organizational Capability Now that you understand your organization’s risk tolerance level and end user preferences, and have engaged the key stakeholders, next you will want to identify the gaps in your organization’s capability to develop and implement the program. Below are some of the key considerations for people, process, and technology:
© 2012 MobileIron
P a g e | 3
Getting Started with BYOD BYOD-‐in-‐a-‐Box Toolkit MobileIron has developed a BYOD Capability Assessment to help you determine where the gaps are and identify which will be most critical for you to address to ensure program success.
Start Building your BYOD Program Now that you have the data (risk tolerance level, end user preferences) and people you need, and have addressed the critical capability gaps, it’s time to start making some decisions. Review the MobileIron Building Bring-‐You-‐Own-‐Device (BYOD) Strategies white paper to better understand the eight essential components of a successful BYOD strategy. The graphic to the left indicates how the eight components are interconnected and dependent on each other, with the Trust Model forming the core. The Trust Model refers to building a framework for how and when a device might fall out of compliance, the resulting remediation actions, and the degree to which these are acceptable to the user. The Trust Model is a key element of Sustainability, which underlies the entire strategy, and refers to the inherent balance between user experience and corporate protection. Subsequent papers will explore how these strategies play into building, rolling-‐out, and sustaining a comprehensive BYOD Program.
BYOD Toolkit The graphic below depicts the tools in the BYOD Toolkit, organized according to program development phase. Items in blue are currently available via the MobileIron Support site in the Best Practices section.
© 2012 MobileIron
P a g e | 4
Getting Started with BYOD BYOD-‐in-‐a-‐Box Toolkit
© 2012 MobileIron
P a g e | 5