3 Steps to Creating a Winning BYOD Policy

written by bethburgee on May 17, 2013 in Guest Blog and Startups and Under The Radar with no comments
11 Flares Twitter 0 Facebook 5 Google+ 5 LinkedIn 1 Email -- Email to a friend StumbleUpon 0 11 Flares ×

BYODGuest Blog Post by Domingo Guerra, co-founder and president, Appthority

As employees begin using their own mobile devices for work purposes (known as “bring your own device” or BYOD), they’re unknowingly mixing personal with business data. This is a global phenomenon across all industry verticals. Gartner predicts that 90 percent of businesses will have corporate apps running on employee-owned devices as early as 2014. This movement has presented unique challenges for how IT manages mobile devices in the workplace.

On average, most employees have between 50-250 apps on their smartphone or tablet. But did you know that nearly 80 percent of the top 50 free iOS and Android apps are associated with risky behaviors or privacy issues? How are IT departments expected to cope with any number of downloaded apps entering the workplace, which often track location or have access to address books, calendar details and other files? How can you build a mobile app policy if you don’t know what apps do?

Appthority provides the industry’s first fully automated App Risk Management service that employs static and dynamic analysis to uncover the true behavior and measure the total risk of apps within minutes. Bringing trust to the app ecosystem, the company has built the world’s largest database of analyzed public and private apps.

Here are our top three steps to building a winning BYOD program at your company while keeping apps top-of-mind:

1. Identify the needs of your company and its employees.
What apps are your employees already using? Are they using tablets, smartphones or other devices for work and play? Your BYOD policy should speak to the direct needs of both your company and its employees. Ask employees to show you what mobile devices and apps they’re using at work. Whether you’re looking to make employees more productive or streamline costs, IT should be involved in BYOD issues from the start and help oversee the program.

2. Determine your company’s policy and what apps to allow.
There is no “one-size-fits-all” answer for BYOD. Find out what apps are absolutely essential at your company and what types of data sharing is considered too risky. Is location tracking of executives ok? Do all apps need to communicate with encryption? Should the corporate address book be shared with 3rd party ad networks? Are apps with adult content still approved? CISOs, CEOs, legal and communications departments should all be involved in making this decision. Create a clear and acceptable use policy for every department to agree on. You may need different policies for different departments, as an app that is safe for an engineer might not be safe for the VP of finance.

3. Write a BYOD privacy policy and educate employees about app risk.
Try to address a number of “what if” scenarios when sitting down to write a BYOD privacy policy. For instance, what about employees that leave voluntarily or are let go? What will happen to the company apps or data on the mobile devices that they personally own? Be sure to stay consistent within other company policies. Once finalized, be sure to set up training sessions to educate employees on the new policy. Telling an executive that they can’t use “Angry Birds Space – Free” while at work will not be as effective as telling them why the app is risky. (In case you are wondering, “Angry Birds Space – Free” for iOS can track the executive’s location, access the corporate address book and calendar, and then share unencrypted data with more than six ad networks.)