A few weeks ago we published an article called 13 IT Projects to Include in Your Plans for 2013. In that post, we suggested thirteen great IT projects for you to consider, since as the New Year approaches, many IT departments start lining up their wish lists for the following year. We got several requests either in comments or through email asking for tips to help “jumpstart” some of these projects, and since we’re all about our readers, we decided to publish some follow-up articles to help do just that.

Our first project suggestion was patch management; in this second project suggestion we’ll be discussing BYOD (Bring Your Own Device) and MDM (Mobile Device Management). Here’s what is said in the initial post:

BYOD is one of those inevitable things that you can either get on board with, or get rolled over by. Tablets, smartphones, convertibles and more are all growing in popularity, and if your users want to spend their own money on devices to make them more productive, who are you to object? You want them secure and manageable, and having good policies and MDM solutions in place are the first key steps towards making BYOD good for all concerned.

With that in mind, here are some tips to help you jump start this project:

Decide what is acceptable

BYOD does not have to be a free for all. Determine what devices you want to support, and what services you want to provide. Will they connect to the internal network or the guest network? Are all apps up for consideration or only core services that lend themselves well to BYOD, like email and messaging?

Decide what is not

BYOD can present certain security risks if it is not handled appropriately. Part of mitigating those risks is determining what is not acceptable. You might be okay with users accessing the guest wireless network with their tablets, but not connecting their personally owned laptops to the corporate Ethernet. You might be okay with employees using their BYOD hardware to access email, but not with them saving confidential information on their device’s local storage.

Ultimately your team needs to decide what is not acceptable, but here’s a tip that works for me. If they could do something from home on their personal device, like check their email, log onto the company web portal, etc. then it should be okay for them to do so with BYOD. If all unmanaged devices are kept on the guest network, then they present no more real risk than they did coming over the Internet. Start there, and work your way up as you get more comfortable and can better evaluate your apps.

Determine where the support boundaries are

The Y in BYOD may imply that it is not company property, but your support desk is going to get questions. How do I set up my email? How can I access the Intranet? Why can’t I get on the Wi-Fi network? Can’t I install that app? And the myriad of platforms out there will make it very challenging to provide support, since even different Android devices can have radically different ways to do trivial tasks like setting up email or configuring the wireless client. As a team, decide what you are comfortable with and make sure you set clear expectations with your users before you open the floodgates.

Create and publicize the device policy

And here is where you make that clear. Create and publicize a policy that clearly lists the devices that will be supported, the apps that are permissible, and just how far the support desk can go before the user is on his/her own to figure out how to make his/her personal device work.

Create and publicize the Acceptable Use Policy

Here is where you need to be really clear with your users, so this is a policy that you want to spend time on to be sure that it is clear and written so that end users can understand it. You don’t want users to abuse the privilege of BYOD, and you don’t want to negatively impact productivity. Making it clear to users what is and is not acceptable is key here, since they will often think that corporate policies don’t apply to their personal devices.

Account for security

The last thing anyone wants is for BYOD to result in a security incident, so make sure you talk about that at the beginning and not at the end. Users of Exchange (on-premises or Office 365) can use Exchange ActiveSync policies to lock down devices with passwords, screen locks, etc., and can remotely wipe a lost device. Not all devices support hardware encryption though, so you need to decide whether or not to require that, and if you do, how you will address all those users whose BYOD devices won’t be permitted. You will also want to make sure that your policy covers remote wipe and that users know they are responsible for their own backups, since BYOD devices will have personal content on them.

Evaluate and select your solution

If you want to use a Mobile Device Management solution, you are going to have to do an in-house evaluation to make sure you like the product and it works in your environment. Plan on a month to six week test drive for each MDM solution you want to evaluate, and make it clear to the sales team that you have to test drive it before you buy it. You need to be sure any MDM will do what you need, across all the devices you plan to support. You cannot determine that from a website or online demo.


Most, if not all, of your IT team probably already owns devices that could be used for BYOD. Conduct a pilot, with phase one being your IT team, and phase two being a limited number of business users. You want to be comfortable with all the aspects of BYOD before you open the flood gates and let everyone in.


When you are ready, deploy. MDM solutions can make this very easy, by pushing configs to users when they visit a website using a link you can send out in an email. If you are not using MDM, send out instructions for how to set up the most common devices, and be ready at the support desk for those you missed and for users who either don’t read, or have challenges with the do-it-yourself part of BYOD. And you really need to plan for and offer at least some level of best effort support for your users – it’s the right thing to do.

Wash, rinse and repeat

BYOD and MDM are not fire and forget solutions. They will need constant evaluation to determine what works, what needs to be changed and what needs to be dumped. Set the expectation amongst the team that you will formally evaluate at least twice a year, and that the project is open to requested or required changes as needed to ensure that the solution is working for both users and the company.

So now you have some tips to help you get started on BYOD as a project, along with some of the key things to be sure you include to make this project a success. Management sponsorship, project management and consensus are all as important as the more technical parts, even if they aren’t quite as sexy. BYOD can offer significant benefits to the business and can make a big impact on user morale too, so it’s in the best interests of the entire company to make sure this is a success. With the tips above, you are in a much better position to make sure it is a success.

Like our posts? Subscribe to our RSS feed or email feed (on the right hand side) now, and be the first to get them!


Get your free 30-day GFI LanGuard trial

Get immediate results. Identify where you’re vulnerable with your first scan on your first day of a 30-day trial. Take the necessary steps to fix all issues.