CYOD: How to choose devices for your users

Devices should be easy to manage but also desired by employees

The enterprise’s need for control must be balanced against what users want when deciding on which smartphones to support in a choose-your-own-device (CYOD) scheme, say analysts.

Amid a movement in enterprises from corporate-owned mobile devices to bring-your-own-device (BYOD), some organisations are opting for CYOD as a middle ground.

Under CYOD, IT managers allow employees to pick from a limited selection of devices. The scheme offers more control for the business than BYOD while giving slightly more freedom to employees than they would have under a corporate-owned device policy.

Read: BYOD vs CYOD: Bring or choose your own device?

Critical to any good CYOD policy is choosing the right devices to offer employees. We asked analysts what should be IT managers’ top considerations when selecting which smartphones to allow in the enterprise.

1. Can it be managed?

An easy first test is to check a given device’s compatibility with the enterprise’s mobile device management (MDM) software, say analysts.

“From an IT management perspective, the main thing is to allow platforms that can be managed by the chosen MDM solution and where the company’s mobile device policy can be enforced,” says Gartner analyst Song Chuang.

Telsyte Rodney Gedda says it’s important to remember there are differences between each mobile operating system and even between different devices running the same OS. For example, different smartphones run different versions of Android and each manufacturer has customised that OS in different ways.

“IT managers need to be aware that just because something is iOS or just because something is Android doesn’t mean it’s always going to work for them,” says Gedda.

2. Is it built for the enterprise?

“The [device] vendors that will likely be allowed are the ones that have invested in enterprise features and capabilities,” says Chaung.

For example, Samsung has a program called “Samsung Approved for Enterprise,” or SAFE. However, Chuang cautions that IT managers should do more than count how many enterprise features the manufacturer lists.

“It’s not just a matter of how many they have, but how many are actually usable by the MDMs used to manage their devices,” he says.

Gedda adds that IT managers should also look for compatibility of mobile devices with accessories like Bluetooth headsets, as well as corporate phone systems and other IT systems.

3. Will it be secure?

While each device will have its own security mechanisms, IT managers should look for compatibility with a cross-platform security tool that will let them manage all of the business’s devices in one place, says Gedda.

Chuang says to test devices against several basic security requirements. A device should have a lock code, use a complex password rather than a four-digit PIN, have device encryption enabled, and be able to be wiped remotely and detect rooted and jail-broken devices, he says. The device should also lock when idle and become unusable after too many failed attempts to unlock, he says.

Because of fragmentation in Android, some devices running the OS are as secure as or more secure than iOS and Windows Phone, while others are far less secure, says Chuang. Android devices also require anti-malware software since Google does not require apps to be installed from its app store, he says.

Android devices should at minimum be on version 4.0 of the OS, and unmodified “vanilla” Android is currently less secure than customised versions by Samsung and some other manufacturers, warns Chuang.

4. Is it popular?

The above IT concerns about control must be balanced against what the users want, the analysts say.

Asking employees what they think about different devices is a good way to avoid complaints once devices are chosen, says Gedda. “It’s always good to know what people like and what people don’t like and will have trouble with.”

Chuang notes that “what’s demanded tends to correlate with global market share that the different vendors have.”

However, businesses may also wish to prioritise devices preferred by employees in higher positions, he says.

5. Will it be one device too many?

Don’t offer more devices than enterprise IT can reasonably support, says Gedda. He estimates that in most cases that will be between two and five devices.

Focus on application and data management rather than the devices themselves to gain greater flexibility to support more devices and update the selection of devices over time, he adds.

Similarly, Chuang advises organisations to “start somewhat modestly” when compiling a list of supported devices.

It makes sense to support iOS since it is popular, but for Android it may be best to choose only one or two devices to start, he says. “Don’t do a big bang. Do it incrementally.”

Follow Adam Bender on Twitter: @WatchAdam

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags mobilesmartphonesBlackberryAndroidiosguideHow toWindows Phonemobile device management (MDM)Bring Your Own Device (BYOD)advicechoose your own device (CYOD)

More about GartnerGoogleSamsungTelsyte

Show Comments