Skip to main content
App management icon

This post is from the Apperian blog and has not been updated since the original publish date.

Last Updated Aug 02, 2016 — App Management expert

Best Practices for BYOD Policies and Programs

App Management
This is the second blog post in a series providing guidance on rolling out and managing a successful Bring-Your-Own-Device (BYOD) program in your organization. 
Bring your own device (BYOD) by itself is not a strategy; it’s a decision on whether or not to support the device of choice of mobile users in your organization. Can your employees use the devices they want to use every day? Check, BYOD achieved. Unfortunately, that is all a BYOD strategy amounts to for many organizations. As you can see it leaves a lot of questions unanswered...What about mobile apps? Enterprise data? Who pays for what?Many organizations have decided that allowing BYOD is an effective approach to mobile. The problem is, a BYOD strategy all to often just means putting the onus of being productive via their mobile devices back on the employee. While employees get to choose the device they want, they also choose the applications that will be consuming and storing corporate data. The organization might save money on hardware, but what about service costs, and are these accurate? Without policies in place, BYOD is essentially a do nothing approach that leaves IT out of the decision process on how corporate data will be used on mobile devices. BYOD enables many IT shops to ignore mobile at the expense of visibility into what their mobile workers really need. BYOD is only one piece of a larger strategy that allows IT to control costs and the use of corporate data on mobile devices.


Beyond security and management, it is important for IT to provide guidance in other areas to avoid employee confusion, reduce help desk inquiries, and reduce costs. The following outlines advice on specific areas that IT should address when rolling out a strategy to support BYOD users.


Organizations need to clearly outline which financial responsibilities will be borne by the company and those that are the responsibility of the employee in the event a device is lost, stolen, or damaged. For BYOD, be sure employees understand that issues with hardware will need to be supported by their mobile operator or device vendor, not IT. Provide a clear company policy on how much of their service plan is covered. Outline the financial responsibilities of your organization and those of your employees in regards to monthly service fees such as data, text messages, and call time. For international travelers – being upfront about reimbursement policies for international service fees can avoid a fair amount of pain and expense. If you are going to reimburse your employees for service, you may want to explore the user of a telecom expense management service.


BYOD is about allowing employees to have a device for work and personal use, so there is an expectation that they will retain ownership rights over their device. However, because of the storage of sensitive corporate data, it is be prudent to require employees to keep their device’s OS updated in order to maintain a minimum level of security. Employees should also be responsible for informing IT in the event their device is lost, stolen, or otherwise compromised. It is also worth addressing the corporate actions that will take place in the case of job abandonment, resignation, or separation.


No BYOD policy should have access to a device owner’s personal data (e.g. private contacts, text messages, photos), as this information should always remain private. With solutions like mobile application management, IT can clearly state that they do not have the ability to view or delete personal data. If you’re thinking about rolling out mobile device management you will need to clearly define the reach of this technology to users and how it can impact their personal use of their device.


As corporate data is pushed or pulled to employee’s devices, even in an BYOD deployment, IT should retain control of that data. This sensitive data on an employee’s device should be managed at the app-level rather than at the device-level. This ensures that the employee’s rights as a device owner are not infringed upon, while at the same time, the enterprise to is able to manage all sensitive information by updating, modifying, or even deleting corporate data from mobile enterprise applications using mobile application management.


For sophisticated mobile strategies, you may need to define the devices that you will support. This decision depends on the types of apps that you provide for your employees. Corporate applications may not support every device out there, so be sure to clearly state the devices and operating systems that your apps will run on. It will be helpful to institute an approval process for new or updated devices that enter the market. Depending on your tolerance for risk you may or may not support rooted or jailbroken devices. Such devices can be more susceptible to malware and. many organizations choose not to support them as they can introduce additional security concerns into the enterprise.


After developing a BYOD policy, ensure that all parties involved – BYOD employees and contractors, executive-level staff, IT – fully comprehend each component. Communication is key, so hold information and training sessions to explain and clarify your BYOD policy. Keep a forum open for BYOD employees to ask questions or raise concerns, and have them sign the policy once they’ve gone over it. In addition to addressing cost and liability concerns, having a meaningful BYOD policy in place means that all parties involved are on the same page, thus enabling your organization to gain more from its BYOD efforts. In our next post we will address BYOD security, sharing an approach to supporting employee devices that keeps corporate data secure without intruding on employees' personal data.

More from the Blog

View more
Apr 30, 2020

Mobile Application Management: A Forward View

App Management
  IT Is Adapting in the Midst of the COVID-19 Pandemic The Coron ...
Read More
May 19, 2019

Sneak Peek: How Are IT Leaders Driving Mobile App Adoption?

App Management
Apperian conducted the The Mobile Enterprise Application Survey to fin ...
Read More
Jan 30, 2019

Part 1: App Security Should Be an Integral Part of Your DevSecOps Process — Not an Afterthought

Application Security
What are the key considerations and components of DevSecOps? The in ...
Read More
Nov 19, 2018

Breaking Down the New California IoT Law

Application Security
Recently California passed legislation regarding the security of all I ...
Read More
Contact Us