Tactical Advice

3 Steps to Building a BYOD Plan

Take these steps to protect company data and employees.
This story appears in the Summer 2012 issue of BizTech Magazine.

Sometimes it seems as if “bring your own device” (BYOD) is all anyone at the intersection of business and technology can talk about these days. Understanding how CIOs are responding to the infiltration of personal devices into the enterprise depends on whom you ask. Some will tell you they are welcoming BYOD with open arms. Others claim CIOs are still resisting the invasion. The reality lies somewhere in the middle.

While there are evangelists and holdouts on opposite ends of the spectrum, most CIOs have begun to embrace the benefits of BYOD and to brace for the changes. After all, who doesn’t want to empower employees to manage their own technology so they don’t have to rely on the IT department? Unfortunately, the elation that this new freedom brings easily morphs into alarm when you dig deeper into the security issues that can arise in a BYOD environment.

For IT, the notion of employees leaving their data-laden devices in a coffee shop or on a plane is a nightmare. Another major concern is that staffers will bring more than their personal devices to work. Malware and other attack vectors can hitch a ride and wreak havoc on corporate networks, including exposing sensitive information.

Most companies are still grappling with exactly how to reap the rewards of BYOD while reducing the risks. Only 43 percent of companies have rolled out a BYOD security strategy, according to PwC’s 2012 Global State of Information Security survey. Following are three steps that businesses can take to transition to a BYOD workplace:

1. Pick a Platform First

The first thing that IT leaders should do is address the software issue. The enterprise is at least two or three years behind consumer devices. Things are moving so fast that hardware is unimportant. Before doing anything, decide which platform — software, software development kit or integrated development environment — makes sense for the organization. The emerging development platform is HTML5, but select a platform that’s the right tool for your business needs.

2. Build a BYOD-Ready Infrastructure

If software is first, then security, authentication and user entitlements come second. It’s about controlling the device with mobile-device management (MDM) software, encryption and strong authentication; and appropriately limiting network access for those devices to select services that are rolled out over time. Deploying strong authentication and the security features of MDM can be challenging. A firewall can help, but solutions such as app portals, virtual private networks, MDM and certificate-based authentication are all needed for BYOD. The other challenge is device diversity. The various configurations for iOS and Android are needed. You might not be ready to bring in any device, but limiting platform diversity is the trend.

3. Develop a Reasonable BYOD Usage Policy

If you’re installing MDM software onto employees’ personal devices so you can remotely wipe the data in the event the device is lost or hacked, clearly communicate to employees exactly what can happen if they don’t back up their files. Imagine the heartbreak when an employee loses pictures of his or her children, for example.

Work in coordination with human resources and legal counterparts to keep your policies palatable to employees and enforceable for risk managers. Require employees to take the necessary precautions to protect themselves and the business, but don’t go too far in dictating what employees can and cannot do with their own equipment.

BYOD is blurring the business and personal lives of employees like never before. It’s essential that CIOs manage both the technical and the people policies surrounding BYOD with great care as they approach these uncharted waters. Wade through all the issues completely and phase in this new approach slowly and methodically while continuing to provision desktops, notebooks and other mobile devices. Then you’ll find the right balance that works for your employees, IT and the business.

Sign up for our e-newsletter

About the Author

Chris Curran

Chris Curran is a principal at PricewaterhouseCoppers (PwC) who leads the advisory practice’s investments in new products and technology innovation. Follow him on Twitter @cbcurran.


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.