As with any security initiative, laying the groundwork for a BYOD (Bring Your Own Device) policy will give it the best chance of success. Take the time to clearly define the limits of personal device use within the company. The company’s BYOD security policies should address many common questions regarding the use of personal devices for both end users and IT professionals. Here are some questions to consider:

• Who is authorized to access company data from personal devices?
• Under what conditions can personal devices connect to the company's networks?
• Does the organization require explicit approval for each BYOD request?
• What security controls should be in place on BYOD endpoints?

Develop BYOD policies based on user needs (where possible)

Establishing BYOD policies within an IT silo tends to be counterproductive in the long run, especially as more and more workers operate outside the traditional network of endpoints. Work to build alliances and partnerships with business unit employees to lay a solid foundation for the BYOD initiative. Resist the idea of giving HR excessive power as the employees’ representative in the creation and maintenance of BYOD policies.

Instead, treat it like any other business unit. The reason is that IT departments want unfiltered, firsthand feedback on how BYOD policies are affecting their productivity. Building relationships with end users will also improve the quality of feedback, as IT departments will be able to identify which policies are effective and which ones hinder productivity.