Considering a BYOD Policy for your Organization?
The scenario is familiar: your organization is inundated with connected unmanaged devices. The requests for corporate network access for tablets, smartphones and personal laptops which started from the top of the pyramid is now getting lower and lower, and subsequently more and more. Since you can’t beat them, at least come up with a system where your IT infrastructure can accommodate these devices while maintaining data security. Thus was born your organization’s Bring Your Own Device, or BYOD policy. You are not alone: many an organization’s BYOD policy started out the same way. The upside? Less capital expenditure for end-user devices. Note that I said end-user devices, don’t expect less CAPEX across the board since there’s no such thing as free lunch! But as an IT person, I personally would rather invest in the back-end infrastructure than end-user devices which, let’s admit it, has a very short life expectancy.
These questions often come out in mapping out the plans for a BYOD policy:
Who are candidates for BYOD? Altough the organization can opt to make this available to everyone, the best candidates are mobile workers, those whose roles can enable them to work from home (which is another practice gaining ground nowadays), and 3rd party contractors. For the first two examples, the objective is to address their mobility. The 3rd party contractors may be in your premises, but of course your organization may not be in a financial situation to purchase laptops for 3rd party use. If your organization is an educational one, then you will have a bigger population of candidates — the students!
What to access? By implementing and formalizing the corporate BYOD policy, you can now control what the endpoint devices can access and stop the assumption that they SHOULD be able to access whatever the corporate managed devices can access. For one, to ensure data security, these devices should only be able to access a managed host, and not actual data (which they can extract into their personal devices), or the apps (e.g., SAP). There are two ways of doing this: either implement Virtual Desktop Infrastructure (VDI), or roll out Windows to Go in your organization. Either way, the desktop operating system available to the devices comply with corporate security standards, because YOU the IT guy can make it so!
From which devices? Of course, personal devices. Which ones? Well that depends on which client can connect to your VDI infrastructure. A Microsoft-based VDI requires the Remote Desktop Services client, and this may be limited depending on the device (e.g., as of the time of writing, Apple iPad and iPhone does not have RDS client built-in). If your organization intends to implement the VDI solution from Citrix, for example, the Citrix Receiver is the client that you need, and this one is available free to a wide range of devices. Oh, and before we forget, consider also that these devices need to be enrolled and delisted from your BYOD program as needed.
How to manage? Yes, this is an important question. Do your homework on solutions to manage the devices, especially the non company owned ones. Ensure that these solutions support the device technologies intended to be part of your BYOD scheme. Devices are to be checked for security compliance before they could be enrolled, and they are to be delisted as needed. Most of all, if ever there is company data in the device, this data should be wiped off from the device when the device is delisted from the BYOD program.
We live in exciting times when the PC may not be the primary productivity device. By implementing VDI and BYOD, your organization can enjoy the usage of the latest technologies, less capital expenditure for client devices, and more productive and happier end-users.