BYOD (Bring your own device) Management

Consumerization of IT, a phrase used to describe how an Information Technology (IT)-related entity first emerges in the consumer market before permeating into enterprises, largely as a result of employees getting used to the technology/devices available at home and thus, preferring to use it in the workplace as well. BYOD or Bring Your Own Device is one of the core concepts of Consumerization of IT. With more organizations embracing BYOD nowadays, bring your own device management (or BYOD management) is fast becoming vital in enterprises. In a nutshell, effective BYOD management is seen as equally important as managing corporate devices and MDM solutions are considered one of the best BYOD management tools.

What is BYOD (Bring your own device)?

BYOD or bring your own device is a system whereby employees who’ve been using a particular device frequently at home decide to use the same in their organization as well. BYOD has a lot of advantages for both the employees as well as employers.

Features of a BYOD setup:

  • No learning curve: As the employee is already used to the device, there is absolutely no learning curve.
  • No additional devices to be purchased: Employees needn’t use multiple devices - one for corporate usage and one for personal usage, as the personal device can be used for both.
  • Access to corporate data/apps anywhere, anytime: With their personal devices, employees have the option of working remotely.

Advantages of a BYOD setup:

  • Increased Productivity: As there is no time taken for device adoption, employees can start to work immediately, thereby improving productivity in case of BYOD.
  • Cost Efficient: As employees bring in their own devices, enterprises needn’t purchase additional devices.
  • Improved employee satisfaction: Giving the employees the option to choose and/or use a device of their preference to work, leads to increased employee satisfaction improving efficiency.

Along with the advantages, there are certain disadvantages as well:

  • Security: As the corporate apps and data exist along with personal apps and data, there are high chances of data loss or unauthorized data sharing.
  • Loss of device: Unlike corporate devices which are bound to be within the organization’s premises, employee’s personal device is carried out of the organization’s premises and can be lost/stolen/misplaced. In addition to losing the device, there are high chances of unauthorized corporate data access.
  • Device Disparity: In case of corporate-owned devices, most of them manufactured by a single OEM or a couple of them. However, in case of BYOD management, there are going to be different device types manufactured by several different OEMs, making management difficult.
  • Privacy: From the perspective of the employees, the enterprise taking control of their personal devices in order to manage the corporate data present within, can be considered as an infringement on their privacy.

Using mobile device management solutions like Mobile Device Manager Plus as BYOD management software, you can leverage all the benefits of a BYOD setup while nullifying any disadvantages due to its extensive set of BYOD-related features:

  • Simple and quick onboarding

  • MDM provides you with onboarding methods which are can be utilized by the employees to enroll their devices with MDM. As an IT admin, all you need to do is to send an enrollment invite via E-mail or SMS and the employees can follow the instructions to enroll their devices within minutes. There’s the other option of enrolling personal devices by providing AD credentials to enroll their devices themselves with minimal user intervention via self enrollment. Further, as MDM can handle device disparity as it manages multiple platforms (iOS, Android, Windows, macOS, and Chrome OS) and multiple device types (smartphones, tablets, laptops, and desktops). 

  • Efficient management of personal devices

  • In case the organization has a mix of corporate and personal devices, you need to configure separate set of policies for corporate devices and separate ones for personal devices. This can become cumbersome when dealing with a large number of devices. MDM lets you cluster personal devices into groups after which you can associate policies and apps to these groups. This keeps BYOD management separate from management of corporate devices and corporate device groups. Once the policy is associated, any time a personal devices is brought under management, all you need to do is add it to this group. All the policies and apps previously associated to this group get automatically associated to the personal device. In case you've got multiple groups for personal devices, MDM eases the process of switching groups as well using Move to group. This ensures when a device is moving from one group to another, the policies and apps from the previous group get automatically removed and the ones from the new groups get automatically associated.

  • Managing only corporate data

  • Containerization lets you manage only the corporate data while having zero control over the personal data. This is possible due to the creation of a logical container which isolates the corporate data and personal data despite co-existing in the same device. Enterprises can only manage the corporate space while ensuring there is no unauthorized access/sharing of corporate data. Click here to know more about containerization in Android and here to know more about containerization in iOS. Containerization in BYO devices ensures enterprise data is stored in encrypted/secure containers ensuring corporate data security.

  • Pre-configuring policies

  • You can configure basic policies such as Wi-Fi, E-mail, Exchange ActiveSync etc, on the device ensuring employees needn’t spend time configuring corporate policies. Also, you can configure policies containing restrictions to ensure secure access to corporate data and/or to ensure devices adhere to certain organizational security standards.

  • Managing corporate apps

    You can build your own app catalog and create an application self-service portal for the employees to install the apps they need. In case of in-house enterprise apps not available for public download on the Internet, you can have them easily distributed using MDM. You can also pre-configure settings (supported for iOS, Android and Windows) as well as permissions for the apps thereby ensuring the apps are ready to use on installation and require minimal user intervention.

    MDM also integrates with Android Enterprise (also referred to as Google Play for Work), Apple Business Manager (previously known as Apple Volume Purchase Program), and Windows Business Store ensuring you can silently install/update/uninstall apps without any user intervention. For this, the devices need to be provisioned as Device Owner in case of Android and Supervised in case of iOS.

  • Device maintenance

  • To ensure BYO devices accessing corporate data adhere to organization compliance standards, you can periodically scan devices to fetch basic device data such as OS version, space available etc. In case the personal device is running outdated OS versions, you can initiate and automate OS updates from MDM server.

    As the devices are handy and portable, there are high chances of it being lost/misplaced. If it is misplaced, MDM lets you remotely lock the device to prevent unauthorized data access. You can locate the device and make it ring an alarm to get its exact location. In case the device is lost, you can enable Lost Mode which automatically locks the device and prevents it from being accessed. To ensure device cannot be unlocked from Lost Mode by providing the device passcode, MDM provides you with the option of resetting the passcode. You can optionally display a message and a contact number to hand over the device to its rightful owner. Lastly, you can choose to wipe the device to prevent misuse of data.

    Further, in case the employee encounters an issue on the device while not being in the organization's premises, you can choose to remotely troubleshoot the device by viewing the device screen or controlling it. To ensure user is fully aware of this, MDM prompts the user to accept a remote session or in case of iOS, the employee needs to perform certain functions on the device to initiate a session.

    In case an employee leaves the organization, you can deprovision the device which automatically corporate wipes the device ensuring the device has no corporate data present on it while retaining other personal data on the device.