It wasn’t that long ago when everyone within the MSPWorld community was proclaiming the virtues of BYOD, or bring your own…anything. The idea was that you can’t stop them from doing it so you might as well encourage it and try to manage it along the way.
Well, if we learned anything during the summer of 2015, it was that there are real risks to doing IT on your own and trying to circumvent your IT department or managed service provider. Platte River Networks is learning that lesson with their client, Hillary Clinton. And, just today it was learned that Caroline Kennedy, the US ambassador to Japan, may have used her personal email to conduct official work business.
So, what is an MSP to do when his customer asks about BYOD? I have some answers.
All IT Environments Require Structure
Don’t let anyone tell you otherwise, without rules, information technology would be useless. IT departments cannot make IT functional without having policies and procedures in place to govern their usage. BYOD, in many ways, challenges IT departmental rules by making the IT staff retrofit their policies and procedures to match the needs of the user. This is not smart and more importantly, it is not scalable.
Make BYOD Serve Your Needs
If BYOD is an inevitability, as everyone says it is, then your BYOD stance should be to allow it, but only after you have the right tools and processes required to handle it. For example, accessing corporate data, sending corporate data, backup, archiving, and records retention, are just a few of the issues IT departments and their MSPs must worry about when dealing with customer provided devices. This risk multiplies when the users start communicating with 3rd party cloud environments, where the organization’s policies can no longer be maintained and ensured.
If BYOD is to remain a viable corporate practice, IT departments, including managed service providers, need to take control of the situation and force the BYOD practices to fit into the existing organizational IT policies and procedures. One thing is perfectly clear, and that is MSPs must not allow BYOD to add more risk to their organization without being properly compensated and prepared for it.