Business Practices

Gift, Curse or Both?

Managing your district's BYOD program.

• By Marcus LaFountain
• 01/01/14

Almost 60 percent of employees bring in and use their own mobile devices in the workplace, according to a recent Ovum study (www.ovum.com). An end-user bringing his or her own device to work is both a gift and a curse for any size organization. We see an increase in productivity, but also the increased threat of data being lost or stolen. Having a strong Mobile Device Management (MDM) strategy can help school districts reap the benefits of BYOD while limiting the consequences.

Productivity: Employees who use a personal device for work and play are likely to work an extra 240 hours per year compared to those who do not. They can answer emails and phone calls while out of the office and receive that last-minute meeting update.

Cost: By not providing every employee with a business-only device, you can save not only the cost of the device, but the monthly service plan that goes along with it. A mobile phone is a cheaper and sometimes more convenient alternative to a laptop with a 4G cell card.

User Experience: Tech-savvy employees tend to have strong preferences regarding the technology they use. Letting employees choose their mobile operating system, screen size and other technical specs may make them more likely to use the device rather leave it sitting unused in a desk drawer.

Security: Like businesses, school districts must have policies and security measures in place to protect their data. As with many policies, the contents may vary by district. However, every organization must focus on security and support.

A lost or stolen device is the most common type of security breach. Both Android and Apple offer AES 256–Bit encryption as a standard on their devices. Lock screens, passwords and certificates all play a role in device management as well. Microsoft Active Sync and other software also allow administrators to perform a remote wipe of a compromised device. This is important when employees have confidential data on their mobile phones.

Samsung developed an Enterprise suite called SAFE that allows the user to partition work data with personal data. It also gives administrators the ability to perform a complete or selective wipe, track the device and enforce local password protection. Apple and other mobile providers are starting to, or already have, incorporated these features as well. If your district is using application virtualization, you may need to define new rules for allowing mobile devices. Users will also need a way to get hold of someone 24/7 in the event of a lost or stolen device.

Support: This may be a slippery slope for some. Most IT policies only allow for support of the organization’s devices. So who supports a personal device that is used for business? Depending on the size of your organization, you may want to assign a dedicated resource from your IT security team to manage your MDM policy. Your IT help desk will need training on the various mobile operating systems and communication will need to be sent out to end users on how to stay on top of security. You’ll need to create documentation about how to set up email, VPNs, and passwords. Do you need to setup an approved device list or will you allow any manufacturer or mobile OS on the network? A pilot group (usually IT) will need to be put in place to test your new systems and policies as well. Audits should also be enabled to check for OS updates, application updates, and security updates.

Needs analysis

In a growing mobile market and the on demand nature of workplaces today, IT management will need to be one step ahead of its users by developing a MDM policy. When developing an MDM strategy, you must take into account your organization’s needs as well as infrastructure requirements. Like any new implementation it is ideal to begin testing your technology and policies with a small subset of users and conducting a review process before rolling out corporate wide. Doing so may limit mistakes while in a beta phase instead of having them on a mass scale. Focusing on security and support will allow for a comprehensive strategy that will allow employees to operate efficiently and productively but most importantly safely.