As with any security initiative, laying the foundations of a BYOD (Bring Your Own Device) policy will have the greatest chance of success. Take the time to clearly articulate the limits of personal device use within the company. Corporate BYOD security policies should answer many common questions about the use of personal devices for both end-users and IT professionals. Here are some questions to consider:

• Who is authorized to access company data from personal devices?
• Under what conditions can personal devices connect to corporate networks?
• Does the organization require explicit approval for each BYOD instance?
• What security controls need to be in place at BYOD endpoints?

Develop BYOD policies based on user needs (if possible)

Establishing BYOD policies within an IT silo tends to be counterproductive in the end, especially when more and more workers are outside the traditional endpoint network. Work to build alliances and partnerships with business unit workers to lay a positive foundation for the BYOD initiative. Resist the idea of giving HR inordinate power as employee representatives in the creation and maintenance of BYOD policies.

Instead, treat it like any other business unit. This is because IT departments want unfiltered, first-hand feedback on how BYOD policies affect their productivity. Building relationships with end-users will also improve feedback, as IT will know which policies are working and which are hindering productivity.