If you’re a Managed Service Provider (MSP), there’s a very good chance that BYOD (Bring Your Own Device installations) is a thorn at your side.
Businesses choose for their employees to use their own technology for various reasons, the most popular ones surrounding cost, convenience (avoiding multiple devices), and sheer ignorance (few understand the risks associated with it).
Here are some key concerns and how to address BYOD issues with one powerful tool:
1. Network Security
Best practice dictates we run environments that are in complete lock-down to adhere to PCI and other regulations. Personal devices are likely not going to be as useful to the person when on lock-down, so there will be resistance.
Further, when employees (and owners) use a Bring Your Own Device system, we know they’re not going to want their MSP to manage (have full access to) it. If they do allow it, they will likely do so begrudgingly and later resent it.
2. Company Security
We already know it will be a challenge to convince the end user to allow us to manage the device.The device will contain sensitive company data, making it less than ideal to just assume that it will be properly protected by the owner.
If the device is going to remain unmanaged and the business is unable to apply a uniform policy of encryption and security measures to prevent lost data or unauthorized access.
To complicate matters, many consumer laptops lack the hardware to do encryption so a boot password is the only option. It’s a solution, but an annoying and problematic one at best (think about remote, unattended reboots).
3. Human Resources
Clients should be made aware that when personal devices are at play and email is potentially being answered after-hours, there is a chance that a Fair Employment Practices liability could exist. This is something to consider carefully before allowing employees to use personal devices for work.
4. Other Ramifications
The list of issues can go on and on, but a particular one we’ve seen surrounds clients who allowed employees to have their computers placed “into” the business.
This means they permitted their MSP to wipe the computers clean and load a Professional version of Windows, as well as company software. All was well until they parted ways with the company.
Suddenly, they raise issues about their personal data, are upset about company policies on their systems, and the client is upset they have to pay to remove all the protections and make the system “personal” again.
So what do MSPs do to solve these BYOD issues? Is there a single way to head them off at the pass? There actually is!
The shortest answer is to discourage BYOD, but that’s not always feasible or practical so we’ll talk about the next best thing, something I recommend you insist your clients adopt. That magic bullet is a Bring Your Own Device policy.
This policy should be written by an attorney and in cooperation with the business and you, their MSP. It will allow all the concerns above to be addressed ahead of time, thoughtfully, and without emotion or passion so that when each situation arises, the policy guides what will happen next.
As MSPs, we are very good at “doing the thing” but we severely lack in documentation and process to get it done. Often times, we are backed into a corner where we have to be the bad cop – after all, we’re tasked with protecting the network, right?
It is easy to think that it’s our job to police and enforce the network, but in actuality it begins with the client. They must adopt a policy and enforce it. When this approach is taken, there is buy-in from all parties.
We all understand what our roles are and it keeps us from becoming the bad guy by giving everyone an agreed-upon playbook to refer to.
Encourage your clients to adopt a policy that you both agree on and can sensibly implement, but don’t forget to include enough flexibility to accommodate ever-changing business needs and special situations that allow you to shine as the hero!