A Bring Your Own Device User Policy Checklist
If you’ve already developed a Bring Your Own Device strategy at your enterprise, the next step is crafting a user policy for your workforce. While you should customise the plan to address your specific business needs and concerns, a few checklist items will get you thinking about the “must-haves” to include.
Will your entire workforce be eligible for BYOD?
Consider if you will restrict access to certain groups, departments or positions or if certain users will only have access to specific applications. Will employees need approval from their managers to access certain corporate functions? BYOD is becoming the norm rather than the exception, so communication is a key part of wider acceptance for any organisation.
Can your employees bring in any device for which they are individually liable?
Outline a list of devices you will approve and include any support limitations that may emerge for certain devices. A decision on how you want your users to access your environment is a critical component of any BYOD strategy.
To which corporate applications will you grant access and what will be acceptable use?
You could put limits on certain services or use password protection for some applications. Include how you will monitor services such as social networking sites that may be used for work or personal reasons. Technologies such as Citrix XenDesktop or VMware View can give your users the best of both worlds: their desktop remains as is whilst the corporate desktop is provisioned into the device.
How much support will you give?
Will IT staff only be charged with connecting personal devices to the company network, including email and intranet, and then the employee maintains all other support needs, such as smartphone repairs? What also happens once that machine is off network – who will support the users’ home requirements so that they can continue to access the corporate environment, 24/7?
Will you give a stipend for use of company applications?
If yes, decide how much, how often and how you will handle employees who go over their usage limits.
How will you protect data integrity?
Plan password requirements – for instance, how many characters should they include and how often should they be reset? Will you lock a user out of corporate applications if they log in with the wrong password a certain number of times?
What are the ramifications for violating the user policy?
A series of warnings, restricted access or probationary periods are options to consider. For the more serious cases, a suspension of user rights and access times may also be appropriate.
How will you handle security breaches, malware attacks or the loss or theft of a device?
Datacom has seen enterprises use a variety of mobile device management software and endpoint security solutions to wipe all or only the corporate portions of a personal device. If an organisation chooses to use a data wiping procedure, ensure the users know what this means, as the loss of personal data (photographs or financial data) could be devastating. Remember to institute a reporting policy that tells employees how long they have to tell IT about a stolen or compromised device.
How will you decommission a device?
This includes circumstances such as an employee wanting to use a new personal device or employee termination. When using Citrix XenDesktop or VMware View remote access technologies, decommission can be as simple as disabling access for that client.
Julian Buckley is the Business Manager of Professional Services for Datacom in QLD. Julian leads a team of solution architects, project managers and consulting engineers that evangelise, design, scope, deliver and implement purpose-built, client-focused infrastructure and virtualisation solutions for our customers. His team in QLD focuses on long-term relationships with clients, building end-to-end enterprise ICT architecture for corporate, education and government clients across Microsoft, Citrix and VMware technology sets. A local leader in virtualisation in the QLD market, Julian's team can help all clients achieve greater return on investment, reliability and performance through best practice, industry-leading solutions.