We found this article on NetworkWorld.com:
Like it or not, IT departments are accepting the fact that employees are bringing smartphones, tablets, and personal laptops to work – and that they will use these devices while on the job.
To cope with this reality, savvy Fortune 500 corporations have implemented their own BYOD governance policies to ensure corporate network/data security. Although practices vary from company to company, some trends have emerged.
For instance, Fortune 500 companies who shared their BYOD policies with Network World say they made sure to put secure access procedures in place prior to allowing iPhones/iPads, Androids, and BlackBerrys onto their LANs. For example, in order to gain access, BYOD users have to install corporate-approved anti-virus software on their devices.
IT administrators must also be able to access employee BYODs for security reasons; for example, to conduct remote wipes in the event the device is lost or stolen, or to scan for security threats. As well, some companies require employees to use PIN locks on their devices.
The good news for employees is that if they use their BYODs for corporate reasons, they may be eligible for reimbursements from the company, or even company-paid devices as part of their work equipment.
Those are the broad themes that have emerged from our interviews with Gannett, NCR Corporation, The Western Union Company and Western Digital.
First things first: Which devices are allowed across the corporate threshold?
At The Western Union Company, “employees can generally bring any personal electronic device into the office,” says Kathy Bell, the company’s manager of corporate communications.
“With regard to our BYOM (Bring Your Own Mobile) program, we support all Apple iOS and Android devices.” Western Union also enables corporately owned iPhones, iPads and BlackBerrys, she adds.
NCR Corporation also offers multi-device support. “At NCR, we cover 90% of the platform market, supporting most Android, iOS, Windows Phone and Symbian devices,” says NCR CIO Bill VanCuren.
He adds, “Through the use of ActiveSync technology, we are able to expand our coverage while maintaining sufficient policy controls on the devices for the services provided. We also enable BlackBerry devices through both ActiveSync and our corporate BlackBerry Enterprise Services infrastructure.”
Gannett has a similar BYOD policy: The company Allows its employees to bring in any devices “that are supported by ActiveSync or BlackBerry,” says Gannett spokesperson Steve Kidera.
And Western Digital takes a wide-open approach to BYOD, supporting “iOS, Android, Blackberry, and Microsoft,” says spokesperson Steve Shattuck. He adds, “Windows phones/tablets have not been encouraged because our management tools only recently works with Windows Phone 8 and Windows tablets.”
BYOD Rules and Regs
The biggest fear associated with BYOD is that the devices expose the corporation to serious security threats.
Gannett manages these issues by using the security systems associated with ActiveSync and BlackBerry, Kidera says.
At Western Digital, “The device must have WD’s anti-virus protection and IT has administrative privileges on the device in the case of notebooks,” Shattuck says.
There are no exceptions. “WD’s mobile device management application must be loaded in the case of phone, tablets, and phablets (phone tablets). If the employee declines, they are denied access,” Shattuck says.
Western Union takes an ever stricter approach. “Employees must have a ‘PIN lock’ enabled to protect access to their devices,” Bell says. “If employees leave the company, we remove all email, calendar, and contacts associated with their Western Union account.”
NCR appears to have the most indepth approach to BYOD security. “Our mission is to protect the confidentiality, integrity and availability of NCR information resources,” VanCuren says. “To do this, we’ve made sure that our BYOD policies and rules are comprehensive, including restrictions like prohibiting use of personal email accounts for business purposes.”
NCR also prohibits the storage of business material or information at Internet or cloud sites unless expressly authorized by the company’s IT Services group. “The guidelines also cover PIN policies, encryption and other means of protecting data, including performing a remote wipe if a device is lost, stolen or exchanged for repair,” he adds.
IT threat management tools are an essential aspect of secure BYOD usage. In addition to ActiveSync and BES, NCR also uses data loss prevention services and SSL protocols “to analyze and protect the data during transit,” VanCuren says. “We plan to extend our BYOD device controls with more advanced mobile device management solutions later this year.”
Western Digital protects itself from BYOD vulnerabilities by employing “standard antivirus and malware solutions from Symantec, TrendMicro and others,” Stattuck says. WD also uses ZenMobile mobile device management applications for phones/phablets/tablets, a VPN for remote access to keep the data on premises and Symantec’s DLP to control the flow of confidential/proprietary data.
Western Union “utilizes two-factor authentication including a certificate and mobile device management software,” adds Bell. “This is installed on both corporate and personally owned devices to track and protect devices and data.”
By definition, a BYOD device belongs to an employee, who pays for its purchase and airtime usage. That’s a position that sits well with The Western Union Company: “Our employees pay for their own devices,” Bell says. At the same time, Western Union is actively supporting employee BYOD Web access.
“Our Bring Your Own Mobile (BYOM) program helps address these needs by enabling them to easily access their work email, calendar, and contacts from their personal smartphone or tablet,” she says.
Western Digital (WD) takes the same approach: “For BYOD, the employee pays for the device and related services,” says Shattuck. That said, “WD also issues phones to employees who need the devices as part of their job.”
WD isn’t the only Fortune 500 company that sees mobile technology as mission-critical for some employees, and thus worthy of corporate support. At Gannett, “If a position warrants a company-paid device, either Gannett pays for the device and the service or an employee can buy their own device and service and be compensated,” Kidera says.
NCR pays to provide some of its customer service personnel with mobile technology, in an effort to boost productivity. It does this knowing that employees will invariably use these business tools for personal reasons: “As a contemporary technology company, we understand that mobile devices have transitioned from a primary business tool to more of a consumer/personal productivity tool,” VanCuren says.
Nevertheless, the money saved by making customer service staff more accessible justifies the risk, he says. “Our goal is to take these savings and reinvest them in the company.”
In those situations where corporations pay a portion of their employees’ BYOD monthly expenses, managing payments can be a headache. So how do these Fortune 500 companies minimize the pain?
“There is no monthly billing under the NCR BYOD model,” VanCuren says. “We empower our employees to manage their own service providers, plans and usage by negotiating excellent discounts with cell phone providers around the world. These discounts can apply to family plans as well — giving our employees discounts across multiple devices and other family members.”
At Western Union, “employees who use a smartphone for business reasons can elect to use their personal device for work and will receive a monthly reimbursement through our normal payroll process,” Bell says. “The monthly reimbursement covers the average monthly cost of business usage.”
Gannett makes a payment distinction between mobile devices that are corporately owned, and those that are employee BYODs. “Company-liable devices are managed through a telephone expense management system portal,” Kidera says. “Employee-liable devices are paid by the employee and if the position warrants, reimbursed by the company.”
Careless is a freelance writer in Ottawa, Canada. He can be reached at email@example.com.