BYOD is a funny term that stands for “Bring Your Own Device”. Before smartphones were popular in the consumer electronic space, corporations used to give some of their employees mobile devices so that they could keep up with corporate email and do work while on the go. These devices (primarily Blackberry) were centrally managed, making it easy for the corporation’s IT department to manage the software on those devices and even remotely wipe the devices if they were stolen.
However, Android, Apple, and Windows phones have now captured a large portion of the smartphone market, with everyday consumers purchasing these devices for themselves and bringing these devices into the workplace. People are also installing their own apps. This means that people are not just installing their own web browser app, email client, and VPN software, but are also installing their own games, wallpaper apps, and talking cats.
From a corporate IT perspective, the upshot is that all of these different devices and different configurations of software make it really hard to manage these devices (“why isn’t my device working with the corporate email server?”), comply with corporate and legal policies (is any sensitive customer information stored on these devices?), as well as protect these devices from malware and unauthorized access.
Despite these downsides, it’s pretty clear that BYOD is going to be the norm for most organizations, due to the widespread adoption of commodity smartphones. There are an increasing number of companies out there who are looking to help organizations get the best of both worlds, letting people bring in their own devices but also helping the corporate IT department manage and protect these devices. In the meanwhile, the best course of action is to set some guidelines to help prepare use their devices properly.
The FCC has some reasonably good guidelines for smartphone security that you can use as a starting point. Some of the guidelines include making sure that everyone has a PIN on their device, install software to find the device and remotely wipe it if the device is lost, and to be sure to install all software patches.