Don't be too restrictive with your BYOD policy

by Sohini Bagchi    Sep 17, 2013


With Bring your own device (BYOD) already underway, a formal BYOD policy is becoming inevitable for businesses. However, a BYOD policy that restricts employees and do not respect their privacy can have disastrous consequences on the business. This often leaves the IT department in a state of confusion, not knowing how to make their BYOD program a success.

Leif-Olof Wallin, research vice president at Gartner points out that a restrictive BYOD policy may simply not be enforceable, as consumerization of IT is growing expeditiously. Therefore, he believes that businesses should focus on involving key stakeholders, respect employee privacy, assess and review policy, while at the same time have proactive approach in formulating a secure policy.

Involving stakeholders

The starting point for any BYOD program is properly engaging stakeholders and understanding best practices should be, as Wallin says, “It is imperative that all stakeholders agree on the key criteria for a successful BYOD policy.”

S K Jha, MD & CEO, AGC Networks believes that before fully embracing BYOD, there needs to be extensive foresight, and this includes inviting a wide segment of stakeholders to the table when discussing how to implement enterprise BYOD policies and standards. Some of the often overlooked elements must be considered while framing standards, for example, decision makers must understand how their employees will handle information on a personally owned device during a legal case. For this, businesses may involve the corporate council to look into the review, he says. 

Experts also opine that businesses should include stakeholders from HR and the compliance department in order to ensure a flexible and logical BYOD policy.

A strategic assessment

The organization needs to assess what types of devices it needs to include in the program. Is it only smartphones and tablets, or should the program be extended to also include Windows PCs and/or Macs? “Most organizations will need to define what platforms they support, and these minimum requirements may change over time,” says Wallin.

He believes without considering the fundamentals of eligibility, devices, apps and data, support, legal and financial issues, it is difficult to implement a comprehensive policy.

Ensuring data privacy

Privacy plays a critical role when it comes to BYOD. A recent survey conducted by Harris Interactive found that 82% of users are extremely concerned about employers tracking their online activity, and 86% are similarly cautious about their managers deleting their data. These potentially stringent measures often lead to BYOD failure. 

The CIO or IT leader should ensure that any time he accesses information on an employee’s device, it is done with the employee’s knowledge and agreement. 


Allowing flexibility and agility to workers, involves a greater challenge for the IT department. For allowing secure access over any kind of network, location or device, CIOs can allow use of a limited set of devices and let employees choose from this list. Often termed as the CYOD (Choose Your Own Device) approach, this narrowed version of BYOD is much easier to administer as a policy.

According to analysts, IT leaders may choose to adopt CYOD or BYOD depending on their organization’s capabilities and business requirements, even though, the challenge here lies in creating such a list with the ‘right kind of devices’ and keeping it up to date.