BYO computing needs contingency plan: Gartner

Analysts suggest best practices for CIOs.

Gartner has urged organisations with bring-your-own (BYO) computing programs to define a “contingency plan” to address any unexpected legal, compliance or commercial demands.

The analyst firm outlined challenges, opportunities and a set of best practices for supporting BYO devices in a research note last week.

Researchers Nick Jones and Leif-Olof Wallin, from Britain and Sweden respectively, urged chief information officers to re-engineer their support processes as consumer devices gained traction in the enterprise.

In May, Telstra commenced BYO computing trials that allowed an undisclosed number of call centre and sales staff, consultants and third-party suppliers to access corporate applications from personal mobile computing devices.

Jetstar, Suncorp, EMC, Cisco and legal firm Norton Rose were other Australian companies with BYO computing plans.

“BYO is a principle that most organisations will adopt; therefore, the support organisation must prepare for this change,” the Gartner analysts wrote.

“BYO programs change the goals of the support program and the responsibilities of the support organisation, which, in turn, will demand new procedures, metrics and organisational structures.”

Gartner urged support organisations to develop new skills and spend time understanding consumer technologies they may have to support.

The analysts noted that while employee satisfaction was a driver of most BYO programs, support teams should balance demand with the complexity of supporting unfamiliar devices.

Organisations tended to adopt a combination of tactics, they wrote, including:

• timeboxed support, where support staff committed a maximum of 30 or 60 minutes to supporting any BYO devices;
• “best effort” support, where support staff made “reasonable attempts” to fix problems, with the understanding that BYO problems were ultimately the user’s responsibility;
• technically bounded support, where corporate IT supported some technologies and not others;
• loan device pools, from which users could temporarily replace lost or broken devices;
• community support, so employees could share information and experiences through mailing lists, corporate social networks, wikis, or microblogging tools;
• defining or providing support arrangements with third-party providers;
• outsourcing support completely to an external organisation;
• education and training programs to make users aware of common problems and solutions, BYO policies and their responsibilities; and
• policy administration and enforcement, including wiping devices or deauthorising users when necessary.

Support staff should also be prepared to provide training, education and policy auditing to prepare for situations in which a personal device may be required for e-discovery as a result of litigation.

Multinational organisations were urged to customise their BYO support programs for each country due to differences in privacy, funding, taxation, insurance, network service contracts and working practices.

Strategies should also address what happens when personal devices are lost, broken, or faulty, Gartner wrote.

In case of high-profile data loss or security failures, support organisations should be prepared to implement urgent changes to policy or technology, the analysts reported.

They recommended the development of a “contingency plan” for those situations, and the involvement of human resources, auditors, insurance providers and legal staff in the design of BYO programs.