• No results found

Bring Your Own Device and Expense Management

N/A
N/A
Protected

Academic year: 2021

Share "Bring Your Own Device and Expense Management"

Copied!
12
0
0

Loading.... (view fulltext now)

Full text

(1)

A Telesoft Whitepaper

Bring Your Own Device and

Expense Management

(2)

Table of Contents

About this Whitepaper ... 3

Essential Elements for BYOD Policy ... 4

Capabilities Needed to Manage BYOD and Expense Management ... 6

Where Are the Benefits and Traps of BYOD? ... 8

How to Manage Financial Considerations for BYOD ... 10

(3)

Published: 2/13/13 Page 3

A

bout this Whitepaper

From a technology perspective, Bring Your Own Device (BYOD) is one of the most talked about movements in the business world. A BYOD program can increase user satisfaction, maximize productivity through minimizing the learning curve, and eliminate the need to carry multiple devices for both business and personal use. While this sounds great in theory, in practice, there are many things to consider.

According to Gartner, 70% of IT organizations are either supporting BYOD or plan to in the next 12 months. While that may be the trend, a recent Network World article quoted Dionisio Zumerle, a principal research analyst at Gartner, stating that “of the 70% of organizations that want to do BYOD, at least half are not ready.” If you're considering implementing BYOD or recently implemented a program, have you considered the Who, What, Where and How of BYOD programs? And, how does that impact your current wireless expense management (WEM) initiatives?

The debate has shifted focus from whether to fully adopt BYOD, to questions about how to properly implement a program to manage both BYOD and corporate-liable users. Security is undoubtedly an issue, but how do you decide who is eligible for your organization’s mobility program in general? This paper will address questions about policy, eligibility, and security within enterprise mobility programs -- both BYOD and corporate liable -- as well as what matters most to your mobile program: managing the expense.

(4)

Essential Elements for BYOD Policy

One of the biggest mistakes an organization can make is announcing that it will allow employees to use personally owned devices at work before establishing a separate policy for BYOD devices. A BYOD policy can be similar to your current mobile policy for corporate-owned devices, but it will have to address additional concerns. It should outline rules for who is allowed to participate, how much, if any, of a stipend they will receive for devices and monthly service expenses, employee responsibilities, and employer rights.

First you need to establish a BYOD policy. Next, you need to require employees that wish to participate in the program to sign the policy signifying that they will abide by it.

Who Should be Allowed to Participate in a BYOD Program?

A BYOD policy should clearly define who is eligible. Today, intellectual property (IP) is one of the most valuable corporate assets, and the appropriate steps must be taken to protect it as the company would any physical asset. This consideration may lead employers to limit BYOD participation to employees who are not likely to have highly sensitive IP in their e-mail or on their devices. In addition, organizations should consider government regulations and the consequences of a breach of data from information that resides on an employee's device. Employees of financial service firms, healthcare workers, and other sectors where there are government regulations for business and customer information, may find the risks and costs associated with a data breach too high to allow all employees to participate in a BYOD program.

What Are Employee Responsibilities/Employer Rights?

The most important applications that mobile devices provide -- the ability to connect to email, enterprise applications, and store sensitive data -- can also be the most dangerous. The policy should state explicitly which employees are allowed to connect to these applications and what measures the organization can take if the employee’s device is lost or stolen. Some interpretations of the law have concluded that companies may not have the legal authority to wipe data from a device they do not own, so it is important to state how your organization would like to handle lost/stolen devices. Ideally, the policy should excuse employers from liability if they wipe any and all data from the device, including employee data. To further enhance security, a password should be required to access the device, with timed lockouts and shutdowns if the wrong password is entered several times.

Recommended Items to Address

 Who is responsible for troubleshooting and fixing technical problems on a BYOD device?  Will there be corporate support for employee owned devices and configuration of corporate

email?

 The policy should require employees to follow the same corporate conduct mandates of their employee policy regarding proper communications, prohibited content, illegal activities, etc.

(5)

Published: 2/13/13 Page 5

 The policy may have restrictions on downloading company documents, camera use, connectivity to USB ports, and jailbreaking the device.

 The policy may require that employees use security software to protect against malware, viruses and other threats.

 Employees should be required to report theft or loss of a device immediately. Expense Management of a BYOD Program

As discussed, the driving force behind BYOD programs is providing users the flexibility to choose which device they want to use in the workplace, thus improving productivity and employee

satisfaction. In most cases, organizations will utilize a hybrid approach to BYOD that offers eligibility to some users dependent upon their title or status within the company. It is important to put a process in place that allows you to not only manage the eligibility for an individual to join the mobility program, whether corporate-liable or BYOD, but also answer questions, including:

 How will you centralize the process of users requesting access to the corporate mobility program?

 How to validate the users requesting to join the mobile program are eligible to do so?  What stipend is available to BYOD users joining the program, if any at all?

 How will users accept the policies that you’ve instituted in order to participate in the program?

 How will you track an inventory of your corporate devices, along with those that you’re paying a monthly stipend for?

(6)

Capabilities Needed to Manage BYOD and Expense

Management

Enterprises should look to solutions that address five main segments:

 Telecom Expense Management (TEM) and Wireless Expense Management (WEM)  Mobile Device Management (MDM)

 Mobile Application Management  Connectivity Management  Security

Some analysts are referring to these areas collectively as Enterprise Mobility Management (EMM) or Managed Mobility Services (MMS), but the capabilities and definitions vary among suppliers and analysts for these terms. Managers should avoid getting distracted by what each term covers, and instead use their BYOD policy to identify the specific capabilities needed to enforce the policy. In addition, alignment of policy enforcement with TEM, WEM, MDM, Application, Connectivity, Content and Security solutions will help managers avoid procuring systems that exceed their needs, or ones that are too narrow and lack the features that are necessary to enforce policy. TEM and WEM

Deployment of new devices is not a "one-time" activity, so managers need to identify the most efficient way for the enterprise to maintain an accurate inventory of employees in the program, their devices, operating systems, and applications. TEM and WEM programs can provide a portal to gather this information, and automate the approval process for eligible employees while managing the workflow for workers who must be approved prior to participating in the program. When TEM and WEM solutions are integrated with other programs that are used to manage BYOD, employers gain better visibility for all telecom expenses by user, better security, and total control over the mobility program.

MDM and Mobile Application Management

Gartner originally defined MDM capabilities to include software distribution, policy management, inventory management, security management and service management. Today, these capabilities are often viewed as part of Mobile Application Management with focus on app delivery, app security, app updating, user authentication, user authorization, version checking, push services, and reporting. Capabilities and definitions may vary among suppliers, so buyers should focus on using their policy to define their needs and what deliverables they expect from solutions providers. There are some apps that every employee should have, while others are probably not in the best interest of the organization and may be banned. Application filtering with ‘approved’ and ‘banned’ lists can control downloads based on the device, operating system, and app. Intrusion prevention software tools can block network access for noncompliant devices, and security programs can help screen devices for malicious apps.

(7)

Published: 2/13/13 Page 7

Larger enterprises may want to go so far as to create their own application store for in-house custom apps. This allows managers to avoid posting apps in a public online store, further securing the mobile program. Support for installing custom apps and setting up a custom company app store may be more important for BYOD programs.

Connectivity and Security Management

Employers need applications that can help manage multiple mobile platforms. Device

manufacturers support encryption, but the levels differ across different operating systems. It is harder to control devices, monitor expenses, and manage security risks for a wide range of BYOD devices connecting to the corporate network when the company doesn’t own them; emphasizing the importance of centralizing the management environment.

When it comes to security, enterprise managers should determine how they will secure specific files, folders, and company data on mobile devices with encryption; in some cases, the entire device may need to be encrypted. An enforceable policy can help secure corporate data on employee-owned devices. Enterprise managers will also want a mechanism to enforce a policy that locks devices after several failed password attempts, and a “kill switch” that can remotely wipe the data if a device is lost or stolen. Some enterprises find it helpful to receive reporting from providers that monitor and relay what data is moving to and from a mobile device.

Mobile browser security and other capabilities can enforce policy that blocks dangerous or non-work-related websites during work hours. GPS capabilities allow for websites to be blocked when a device is used at a work site. Location capabilities with Geofencing can detect when devices leave certain geographic areas, and take action to secure them (such as locking or remotely wiping data on the device). In some cases, employers want to be able to lock a camera when employees are in the office or other sensitive locations, and release it for personal use when they are home.

(8)

Where Are the Benefits and Traps of BYOD?

BYOD Benefits

Increasingly, consumer technology is setting the agenda for mobility programs in the workplace. While historically, senior executives were the first to acquire new technology, all employees now want to have the latest mobile technology, and they like the flexibility that comes with being able to select their own device. This model replaces the standard corporate replacement cycle for devices that follows a rigid depreciation schedule immune to the lure of compelling new features.

Another major advantage of BYOD is the ability for employees to maintain one device for work and personal activities. This approach provides more freedom to employees, and aligns with

organizations that place emphasis on giving employees an open environment to promote innovation. In addition, allowing a larger group of employees to use their own device to access email and other corporate applications during non-traditional work hours often improves employee responsiveness.

Employers like productivity gains from employees that use technology they are already familiar with, while IT managers welcome the opportunity to avoid playing the role of gatekeeper by

rejecting demands for new devices. Cost savings from being excused from managing procurement and the expenses of devices can also be a benefit to organizations.

BYOD Traps

Part of the attraction and justification of BYOD is that employees will supposedly be responsible for managing their own devices, technical issues, security, and expenses. This approach can lead to problems for organizations with valuable corporate intellectual property that may reside on the device. Fallout from security breaches, data leaks, technical problems, or runaway expenses usually boomerangs back to employers. For example, if an employee is stuck troubleshooting technical problems with their device, the employer will lose some productivity from that worker. Ultimately, if an employee's device is compromised or lost and the data includes customer records, employers will be held liable for data breaches.

Cost savings from reduced corporate procurement may be fleeting. Many enterprises are able to negotiate deep discounts for telecom services, more favorable plans with pooling of voice/data services, and subsidized devices at no cost. When employees are not drawing on a corporate pool of minutes or data, they may choose to ignore calls to avoid exceeding their allotment of peak minutes during business hours, or they may turn off their device (and later claim their battery died!) if they are close to exceeding a data allotment.

Benefits from scale are lost if employees do not use similar devices or the same operating system, and writing a standard application for such a corporation may not be possible. It will also be difficult for employees to share best practices or tips-n-tricks with new hires if they are not using the same device.

(9)

Published: 2/13/13 Page 9

Finally, when employees control their phone number, they also control relationships with customers and contacts. Even if the corporation is able to remotely wipe the device of a former employee, clients can continue to call and text that phone number. The former employee has copies of bills with listings of phone numbers, and other activity that they can use to re-establish relationships if they go to work for a competitor.

(10)

How to Manage Financial Considerations for BYOD

Senior executives may issue a directive to eradicate corporate paid costs for mobile services, but these expenses are difficult to eliminate. Employees and their managers will find ways to rationalize and justify paying for work-related expenses. This is particularly true for road warriors and field workers whose jobs require them to work away from the office, yet maintain consistent contact with co-workers and customers. Firms that allow employees to use expense reports for mobile charges may wish to provide system feeds of the mobile charges that are submitted on expense reports, to their TEM provider. This will enable managers to gain visibility into the costs and compare trends for the charges before and after transitioning to a BYOD program.

Another approach to manage work-related expenses for BYOD devices and monthly service fees is to offer a monthly stipend rather than direct reimbursement through expense reporting. This approach enables organizations to establish a budget with a predictable monthly expense for charges, while allowing employers to place responsibility of managing expenses on employees. With a monthly stipend, it is less likely that managers and employees will be able to rationalize requests for reimbursement of unexpectedly large bills for mobile services in an expense report.

(11)

Published: 2/13/13 Page 11

Conclusion

BYOD is here to stay, but implementation is not simple. The risks from security breaches and runaway expenses for BYOD devices can compound quickly if they are not properly monitored. Further, security breaches of customer records and expectations for corporate support when technical problems arise show that BYOD is complex. These issues, coupled with the loss of volume purchasing power, larger service costs that slip into expense reports, additional costs to manage a heterogeneous environment of operating systems, and application management – all add to the expense of the mobile program.

These considerations change the calculation for BYOD programs. Employers should not expect huge cost savings, but there are still reasons that firms may wish to move forward with allowing employees to use their own devices at work. Tech-savvy workers who may be pushing the BYOD trend from the field are often capable of implementing their own workarounds to use personal devices to gain access to the corporate network. With this scenario, there will be little or no visibility for IT administrators and the risks from a security breach or runaway expenses grows.

A BYOD program is unlikely to dramatically reduce costs. In fact, costs may be higher w and we’ve seen recent examples in the media (see IBM). Managers should start by identifying which devices employees are interested in using, the corporate applications they need to access with their personal devices, and the mobile apps they will use. Next, managers can identify potential risks by evaluating employees' job roles, the intellectual property they are likely to have on their devices, and the devices they wish to use.

Managers can use this information to identify which applications and devices pose the greatest security risks, and which can be approved for use with limited security risk. This information will help managers create a BYOD policy and a communications program to explain the ramifications of insecure apps and security gaps for devices that they do not approve for use by employees. To obtain the greatest benefit, they can ensure that TEM, MDM, mobile application management, connectivity, mobile content, security, EMM, and MMS programs are integrated.

Ultimately, firms will find that allowing some employees to bring their own device to work, and supplying others with a corporate-owned device, is the best approach. This hybrid solution will allow for greater control with employees that require tighter security because they have valuable information on their device or they are more likely to incur big expenses. And, it will enable employers to provide BYOD benefits to a large number of employees that are not eligible for corporate paid devices.

This ‘best of both worlds’ enables firms to gain from increased employee satisfaction and productivity, while controlling what matters most: security and expenses.

(12)

1661 E. Camelback Rd.

Suite 300

Phoenix, Arizona 85016

For More Information about

Telesoft and our fixed and

mobile expense management

solutions, please

download our

digital brochure

and

Visit:

www.telesoft.com

Call:

800.456.6061

Email:

[email protected]

About Telesoft

Trusted experts in

Telecom Expense Management

(TEM)

software and services for over 30 years,

Telesoft reduces fixed and mobile telecom spend

to improve an organization's bottom-line. Telesoft

automates the telecom expense management

lifecycle - from management of telecom invoices,

usage and cost allocation, through provisioning

and inventory - to lower telecom expenses and

improve efficiencies. Offered as hosted, licensed

or outsourced solutions, Telesoft provides an

integrated management platform

for centralized

inventory, common data sharing and unified

reporting. Telesoft solutions are used by hundreds

of commercial and government organizations

including the largest and most complex telecom

environments in the world.

References

Related documents

 Despite technology safeguards, training HR staff regarding access to and use of sensitive corporate data remains paramount The more private the data data remains paramount. The

Employees remain subject to organisational policy and procedure in respect of personal conduct, data and information security, and physical security, including but not limited to

Requirements of icici bank coral application status: information after paying late payment gateway and air india website in the credit cards and to advance cash or atm?. Various

Extensively canvassing these factors in accounting, Senik and Broad (2011) identify the following as the key barriers to technology adoption: resistance to innovation; demands

We will work with Partner Schools to ensure students have access to suitable technology for Aurora College classes.. The BYOD policy will outline the rights and responsibilities

This IoT framework collects, integrates, and analyse data from the entire production environment, and the discovered information, knowledge, and analysed results are shown

Proximal amputation - if the loss occurs between 2 joints - the full impairment for the lost distal portion is added to the percentage of the bone lost between the joints multiplied

Therefore the Buninyong Primary School BYOD Program allows students to use an Apple tablet device that can utilise the latest operation system (iOS) and support the installation