By Ricardo Alem, Senior Sales and Engineering Manager
by Citrix for Latin America and the Caribbean
If your company has not already implemented a BYOD (Bring-Your-Own-Device) program, it is likely that this type of system will be adopted soon. According to Gartner, "50% of companies said they intend to move exclusively to BYOD for smartphones in 2017, eliminating the option for company-provided devices[1]." More and more companies recognize that their employees can make their own decisions about the technology they need to work. But before diving headlong into the BYOD program, it's important to consider a few factors to ensure a balance between personal preferences and the functionality needed for the job.
There are several ways to implement a BYOD program, each with a different level and type of control over an employee's mobile device. For this reason, it's important to know the level of control the IT department will have over your device and personal content.
BYOD – the simple (and sometimes painful) version
The simplest way to offer a BYOD program is to simply open access to the Microsoft Exchange email server to any user, on any device. It's a simple and easy-to-implement approach, but many people are unaware of the consequences of connecting to that server. Using the policies provided by Microsoft Exchange, the IT department can disable your camera, require a password each time you access your device, or even perform a reset of your device – erasing all your content, such as personal emails, contacts, photos, music and apps.
It's unlikely the IT department would do this for no good reason, but it won't help much if you've just lost your daughter's birthday photos.
Managing your device – better for you, better for the IT department
Many companies start with the more primitive approach described above, but quickly realize the limitations of this approach and move on to implementing a mobile device management (MDM) system, a smarter and more sophisticated way to implement a BYOD program. In this scenario, the IT department asks you to install an enrollment application that can be downloaded from one of the major app stores – the Apple Store or Google Play – to enroll the device with the MDM solution. This process opens up several possibilities. The company can configure the devices remotely to make the BYOD user's life easier.
With MDM, the company can also implement the same restrictions as the previous approach. The IT department can also scan the device for unauthorized access that could compromise the security of corporate content. These compliance checks are often automated and are initiated when the device is used within a specific distance – that is, location services must be kept active at all times. This is part of the safety and security process and is a small price for the freedom to use the device itself, although it uses more battery, so it is important to always carry the charger.
Application Administration – Surgical Security for BYOD
Mobile application management (MAM) is an increasingly popular approach, implemented individually or in conjunction with MDM. With MAM, you can implement settings and restrictions for each application individually, rather than adopting an all-or-nothing policy for the entire device. For example, the IT department might:
• Require a password when accessing a corporate application, but allow access to personal applications. Even with a personal password, the company will likely require a longer password to protect its corporate assets.
• Disable the camera and other functions only when using corporate applications, but release the device during personal use.
A joint approach
Some companies use MAM and MDM together. Using MAM, the IT department can protect corporate applications and data without affecting personal content, and MDM is most useful for implementing pre-determined settings that make the user's life easier.
With this joint approach, IT can only erase corporate content and settings from the device, without touching personal information. When the phone is lost, the IT department can quickly erase corporate apps and data to maintain security – but if the phone is found, personal apps, emails, photos, music, contacts, etc. will still be on the device. (Note: If the corporate application is used to create personal content, for example a corporate copy of Word to write a letter, that content will be deleted along with the application, so it is important to save this content elsewhere).
Questions you should ask
Knowing how a BYOD program works, I have put together some questions that should be asked to know how the program should work within the company.
• If the IT department is using MDM, what restrictions would be implemented against the entire device? If necessary, would the IT department perform a remote reset to erase all content, or would it just delete corporate content, without affecting my personal content?
• Will my battery life be reduced after signing up for the system?
• What corporate apps will be installed on my device? If my device has low available memory, will it have space for my personal content?
• What restrictions will be in place for the apps I use, such as preventing copy-paste or camera access? What new features will be available?
• What were the comments from other BYOD users? What's the alternative?
You'll likely still want to sign up for the BYOD program, but now you know what to expect and the kind of control your IT department will have over your device – creating a BYOD experience that combines convenience with peace of mind.
EN 
PT 
