Everyone and their chinchilla knows that mobile device management (MDM) is the gift of the Magi that the Bible doesn’t tell you about. But, they also know that it’s a business-enhancing remote management tool that wrangles, monitors, controls, and secures a fleet of devices. Sounds super and, yes, it is super for corporate-owned devices - because your fleet, your rules. But implementing MDM for Bring Your Own Device (BYOD) is a little more complex because BYOD devices don’t actually belong to you, despite what your CTO tells you.

Don’t panic. MDM has the sparkly cojones to take on BYOD at scale. It’s perfectly doable. Implementing MDM for BYOD needs just a little more care and some super clever tech stuff.

Why Bother With BYOD Anyway?

BYOD - where employees use their personal devices for company work - supports flexible, remote, or hybrid work cultures. Anywhereism is a thing now, and how and where we work is just part of it. BYOD is an acceptable part of work culture and has advantages for employers and employees alike:

• It’s cheaper for business. No need to buy and maintain new devices and licenses or train staff on new technologies. There’s no time wasted on procurement and the supply chain is non-existent. Employees are responsible for device maintenance and repair (maybe).
• It’s more familiar to employees who work on the devices they’re used to. There’s no steep learning curve or need for training. They’ll also be working on a device they prefer.
• It increases employee mobility and flexibility. Your people won’t be trapped in an office and can work on the go.
• Some studies (that we probably believe) suggest that BYOD increases employee satisfaction and productivity.

But it’s not all glitter and rainbows. There are serious hazards and data risks associated with unmanaged BYOD as well as valid employee concerns:

• Data security is not so secure. Personal devices may lack security controls such as data encryption. You’ll need to rely on your people to update their OS, manage passwords responsibly, not leak data onto USBs, and use anti-virus and anti-malware software properly. Personal devices are often shared between family members, so factor in device-destruction-by-toddler or the possibility of inappropriate use.
• Privacy concerns are very real. Letting your employer get its mitts on your device feels a little Big Brother. Are you being tracked? Can they see the sites you’re visiting and the apps you have? So what if you’ve nothing to hide? Privacy is a human right. Add to this the fear of a corporate overlord wiping your only draft of the next Great American Novel you’re writing. It’s scary.

MDM for BYOD: The Verdict

Yes, MDM for BYOD is worth it. MDM has evolved to take on the challenges of an amorphous, less controlled fleet of personal devices. And, when implemented alongside sound BYOD policies and a so-strong-it-hurts BYOD strategy, any business can gain the benefits without experiencing the disadvantages.

How to Implement MDM for BYOD

Implementing MDM for BYOD successfully depends on getting two things right: the people thing and the tech thing.

The People Thing

If you’d like your people to feel happy and confident to lean in to BYOD, it’s important to establish clarity, lines of responsibility and communication, and to reassure. This is where your BYOD policy comes into play. A strong BYOD policy will do all this, and, in doing so, reduce the risk of data compromised by:

• Establishing a clear user agreement: A list of agreed dos and don’ts.
• Clarifying approved devices and operating systems. BYOD doesn’t mean you must welcome every flavor of device.
• Clarifying reimbursement rules: Who pays for data, roaming charges, and device repair?
• Outlining expectations for security: What happens if devices are misplaced or stolen? How should employees physically secure their device? Should there be time limits for employees to upgrade software and OS when prompted to?
• Outlining a support structure: How an employee should get help or troubleshoot if a company app crashes.
• Clarifying data ownership and user privacy: How is personal data kept private? What’s under MDM control and what isn’t? What corporate data should never be downloaded onto the device? What device-held data does the company have access to?
• Clarifying the device onboarding and offboarding process.

The Tech Thing

Here’s where things get interesting. You’ll want to keep corporate and personal data separate to remotely manage work profiles and allow your people to be productive and flexible without compromising security. MDM for BYOD does this largely by using similar security measures to a non-BYOD fleet but also using different methodologies for keeping corporate and personal data and apps separate. Here’s how:

Happy, Secure Enrollment

Two-factor authentication allows your people to identify themselves securely when enrolling their device. They’ll also enjoy a serving of conditional access, which encourages them to say yes to corporate management of the corporate area of their device and ensures their device is secure to corporate standards.

Put a Wrapper on It

MDM for BYOD deploys a little treasure called mobile application management (MAM). MAM does a ton of stuff including:

• Creating a separate container for work apps on each device to manage its contents remotely.
• Distributing and configuring corporate apps in the work container.
• Blocking users from copying data and apps from the work container onto their personal space.
• Locking down or wiping corporate data and apps without affecting the user’s personal data and apps.

MDM for BYOD: How to Get Started

MDM for BYOD might sound complex, but it’s not as complex as having your reputation, productivity, and profitability busted wide open after an all-too-public data breach of an unmanaged personal device. But don’t panic. If you’re ready to implement MDM for BYOD, talk to us. It’s what we do.

Ignition is Silicon Valley’s best (and friendliest) IT security, compliance, and support team. Contact us today–chatting about IT support and cybersecurity is our favorite thing to do!