A recent Ovum study showed that almost 60% of employees bring some type of mobile device into the workplace. There are a few names for this, Bring Your Own Device (BYOD), Bring Your Own PC (BYOPC), Bring Your Own Phone (BYOP), User Introduces Unsecure Device onto My Network and Then Loses My Secure Data (UIUDOMNTLMSD).

Alright, so I made that last one up, but that is how most information technology managers feel when the discussion is started about BYOD. An end user bringing a device to work is both a gift and a curse for any sized company. We see an increase in productivity but also the increased threat of data being lost or stolen. Having a strong Mobile Device Management (MDM) strategy can help companies reap the benefits of BYOD while limiting the consequences.

Let’s start by going over some numbers. By 2014, the number of mobile devices (mostly mobile phones) in the workplace is expected to reach 350 million globally. A remarkable 57% of full time employees are already using mobile devices for work related tasks. Out of that 57%, about half is unmonitored, unmanaged BYOD activity. Another study shows that in 2011, 78% of companies did NOT have a BYOD policy and only about 20% of employees actually sign a BYOD policy.

There are many reasons to justify a BYOD policy:

Productivity:  An employee who uses their personal device for both work and play is on average likely to work an extra 240 hours per year than those who do not. They can answer emails on the go, answer phone calls while on the road (using a hands-free device of course!) and receive that last minute meeting update.  Most employees won’t want to bring a work laptop home just to check emails after dinner or during downtime at home. Letting them receive pushed emails may empower them to write a quick mail back to a client in a different time zone rather than having to wait until the morning.

Cost: There also is a cost justification. Not having to provide every employee with a business-only device can save not only the cost of the device but the monthly service plan that goes along with it. The number of devices can be reduced as well. A mobile phone is a cheaper and sometimes more convenient alternative than a laptop with a 4G cell card. Employees can still stay connected when not physically at their desk.

User Experience: Tech-savvy employees tend to have strong preferences when it comes to the technology they choose to use. Forcing an Android user to use a BlackBerry device may not be an ideal situation. Giving employees the ability to choose their mobile operating system, screen size and other technical specifications may make them more likely to use the device rather than have it sit in a desk drawer unused.

However, it isn’t all sunshine and rainbows in the world of BYOD. As the use of mobile devices increase in the work place, so do the number of malicious attacks. According to the Ponemon Institute, six out of 10 security breaches were traced back to mobile devices. Apple and Google are constantly removing mobile malware from their app stores. And as always, attackers are trying to pick the low hanging fruit of the mobile community first. Businesses must have policies and security measures in place to protect their data. In 2009, the federal government enacted the Health Information Technology for Clinical Health Act that requires health care companies to notify patients if they have had their health records compromised. Similar acts were also put in place in the financial industry.

Constructing a comprehensive MDM policy is imperative when users are allowed to bring and use their own devices. As with many policies, the contents may vary greatly by company. However almost every company, from small businesses to enterprises, will need to focus on security and support.

Security:  A lost or stolen device is the most common type of security breach. A company must have measures in place to combat this. While an entire article can be written about mobile security, I will touch on some common features.  Both Android and Apple offer AES 256 – Bit encryption as a standard on their devices.  Lock screens, passwords and certificates all play a role in device management as well. Microsoft Active Sync and other software allow administrators to perform a remote wipe of a compromised device. This is a necessary requirement when employees have company data on their mobile phones.  Samsung has developed an enterprise suite called SAFE that allows the user to partition company data with personal data. It also gives administrators the ability to perform a complete or selective wipe, tracking of the device and local password enforcement.  Apple and other mobile providers are starting to or already have incorporated these features as well. If your company is using application virtualization, you may need to define new rules for allowing mobile devices. Users will also need a way to get a hold of someone 24/7 in the event of a lost or stolen device.

Support:  This may be a slippery slope for some. Most I.T. policies only allow for support of company devices. So who supports a personal device that is used for business? Depending on the size of your company, you may want to assign a dedicated resource from your I.T. Security team to manage your MDM policy. If you are an enterprise, you may need a small team to manage different aspects of the policy. Your help desk will need training on the various mobile operating systems and communications will need to be sent out to end users on how to stay on top of security. Documentation will need to be created on how to set up email, virtual private networks and passwords. Do you need to set up an approved device list or will you allow any manufacturer or mobile operating system on the network? A pilot group (usually I.T.) will need to be put in place to test your new systems and policies as well. Audits should be conducted to check for operating system, application and security updates.

In a growing mobile market and the on-demand nature of business today, I.T. management will need to be one step ahead of its users by developing a MDM policy. When developing an MDM strategy, you must take into account your business needs as well as infrastructure requirements. Like any new implementation, it is ideal to begin testing your technology and policies with a small subset of users and conducting a review process before rolling out corporate-wide. Doing so may limit mistakes while in a beta phase instead of having them on a mass scale. Focusing on security and support will allow for a comprehensive strategy that will allow employees to operate efficiently and productively but most importantly safely.  

Marcus LaFountain has worked in IT for the last 10 years as a PC Technician, Help Desk Analyst, and System Administrator. He is currently a consultant at MedSys Group, specializing in Cerner and HIM implementations.

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access