QTPA Member Alert |Bringing Your Own Technology to the Workplace – A Business Issue (25/3/2013)
Bringing Your Own Technology to the Workplace – A Business Issue
The following is presented to the Queensland turf industry as an update on current trends affecting the workplace.
In an article recently printed in the Australian Institute of Company Directors newsletter, included an article by Stephen Coats partner BDO, regarding a new phenomenon sweeping the workplace. This surrounds the use of mobile devices utilised by staff and employees as most individuals have two or more of these devices they use on a daily basis (e.g. smart phones, tablets or laptops). This phenomenon is currently known as Bring-Your-Own-Device (BYOD). This is yet another issue facing businesses in 21st-century.
Technology advances means that individuals now often have more capable, powerful and user-friendly equipment at their home and for personal use than in the office. This issue is frequently addressed with the question of “How do we get the business to roll out the same updated user-friendly increased capability that will increase productivity and efficiency to staff? This is not an easy question to answer even though the benefits are easily identified. There is huge risk management and legal Issues and of course cost.
There are a number of questions that need to be answered before connecting non-corporate devices to corporate systems and they include:
- Does the organisation have a Risk Management Plan for mobile computing and BYOD that is reviewed regularly and approved by management.
- Risk Management Plans need to consider;
- new risks and concerns that mobile computing brings,
- be approved by the board to set the tone at the top;
- clearly articulate oversights and management’s expectations;
- be current given the rapidly changing nature of mobile computing.
- Does the organisation have a Mobile Computing and BYOD Awareness and Education Plan that ensures users of mobility infrastructure understand their responsibilities? It is nearly impossible to expect users to behave in a corporate manner with their personal devices if management has not implemented an appropriate training regime for employees. A training programme should outline expectations, monitoring arrangements, and outline penalty provisions for misuse.
- Has the organisation engaged widely, including across human resources, legal, purchasing, information technology and finance, to address all necessary parameters relating to mobile computing and BYOD.
- BYOD should not be considered purely as an information technology issue.
- Purchasing arrangements, including chargeback of usage and device replacement, involve procurement teams and policies.
- Employee expectations and penalty regimes involve human resources and industrial relations teams. Monitoring of staff out of hours, including personal activity during work hours, usually involve the legal department, particularly where personnel details can be remotely wiped by the organisation without recourse by the employee. Of course technical security implications of using unsecured mobile operating systems to access secure corporate assets will involve the organisation’s technology specialists.
- Are BYOD activities managed in an efficient manner, including activating location monitoring of devices and engaging a global theft recovery service to retrieve lost and stolen devices.
- As the organisation relies on personal devices of corporate access, automated policies and procedures should be implemented to provide the business with assurance and employee is performing as expected and has the appropriate access, including if their personal devices are stolen, lost or otherwise unavailable. One-way organisations do this is through automated monitoring tools, including engaging mobile device and left recovery services to recover lost or stolen mobile devices.
- As consideration being given to what devices will be allowed to connect to the corporate systems, including the version of operating system in use for those devices and how that will be supported?
- The mobile device operating system provides organisations with their most serious challenge to security and ongoing corporate system mobile applications development. When organisations develop corporate mobile applications to assist employees with their tasks, support considerations become apparent in some environments where many thousands of operating system variants are in use. For a corporate organisation to effectively manage that type of environment, the internal support costs are considerable.
- It is the organisation’s mobile computing and BYOD policy well constructed, understood by all users and enforceable?
- A core issue in any BYOD strategy is ensuring employees except the conditions and providing for a penalty regime should conditions be breached. One way to do this is to have each BYOD employee sign an understanding confirming they agreed to the organisation’s conditions and associated penalties.
- Has readiness assessment being conducted to confirm the organisation’s robustness in dealing with mobile computing and BYOD requirements and to ascertain its maturity level and focus for future investment?
- Before going live with any new initiative is always useful to gauge the organisation’s maturity level with respect to the initiative. More mature organisations generally have a greater capacity to adjust and implement new regimes than less mature, embryonic organisations.
- A BYOD readiness assessment can highlight where mobility issues might arise and provide a diagrammatical representation of the current state versus the desired state, particularly with regard to employee engagement, technical security issues, and wide involvement of necessary business units such as human resources, legal and procurement.
- A series of structured steps to ensure business needs, staff flexibility and satisfaction requirements are catered for equally, will ensure boards and senior executives get connected on the devices they like and use, and provide a robust foundation for an organisation to roll that productive and efficient, state-of-the-art capability out to staff.
0 Comments