news_coverage_icon

Media Coverage Archive

CMS Wire | BY Dom Nicastro
Friday | May 25, 2018

With pressure on organizations to produce higher employee engagement, some companies are turning to employee choice programs as a method of improvement. According to Apple device management providers Jamf, employee choice programs put the decision of which brand of computer hardware and/or mobile device in an employee’s hands. Options include employer-owned devices, bring your own device (BYOD), or both, Jamf officials wrote in their 2016 Employee Choice Program Survey (pdf). More than half of the 580 enterprise organizations (52 percent) surveyed in Jamf’s March 2018 survey (download required) offered their employees the choice of what type of computer they use at work.

If it’s time for your organization to deploy such a program, you should be aware of some guidelines and structural questions, particularly in the areas of security and enablement. We caught up with experts to discuss a few considerations to keep in mind.

Employees Need Access to Software and Apps, No Matter the Device

Nick Thompson, product marketing manager at Jamf, said while major software providers offer cross-platform versions, certain software and apps may work better — or may only work — on Apple, Microsoft or Google operating systems. In cases like these, IT and employees need to know which apps or tools are available on each platform. Compile a list of the resources that employees depend on the most. If a resource is not available on one particular platform, make sure there is at least a comparable app available on the other, Thompson said. “Once implementation of choice is imminent, set up a testing environment for devices that will be supported to ensure all tools work as expected,” he added. “This is a proactive way to eliminate fire drills when someone isn’t able to get their work done.”

Get IT Comfortable With All Platforms

IT professionals are often more comfortable working with one platform over another. Ensure your IT team is up to speed and comfortable deploying and supporting any platforms your organization will offer. Find a management solution provider that can train them on each of the platforms as needed, Thompson said.

The same goes for employees, he added. “When given the choice, they may choose to stick with what they know based on familiarity and comfort.” Thompson suggests to support a smooth transition for those who want to try something new, consider establishing a short “grace” period when employees can have access to both their old and new devices. “This,” he said, “will help them gain confidence with their new device and eliminate downtime while they overcome the learning curve. For new device training, provide access to device information and a forum for sharing knowledge with each other.”

Find Balance Between Employee Choice and Information Security

To do employee choice effectively while not sacrificing information security and introducing new risks, it’s imperative to find a balance between employee choice and information security, said Ben Rothke, principal security consultant, at cybersecurity services provider Nettitude. “Any firm that has an unrestricted BYOD policy opens themselves up to serious information security and privacy risks,” he said. “With gigabytes of data stored on smartphones and laptops, there’s a massive amount of data that could easily — and often silently — be stolen.”

Perform an information security risk assessment, and then develop a security strategy based on that. “That method,” Rothke said, “allows firms to effectively handle and deal with the associated risks with an employee choice initiative, while giving them the freedom to select the IT devices that work best for them.”

Related Article: Cybersecurity Demands We Think Globally and Act Locally

Sell Security as a Benefit and Adoption Will Soar

Many IT departments first focus on the device characteristics: how easy certain models might be to upgrade and patch and how expensive certain models are to buy and maintain, according to Domingo Guerra, president and co-founder of mobile app security provider Appthority. “More importantly,” he added, “IT departments should consider how they will protect these devices from growing cyber threats.”

Some companies have turned to mobile threat defense (MTD) to keep their devices and data secure. However, most MTD solutions require an on-device agent, which can be painful to deploy without employee buy-in. “We’ve seen that by proactively involving employees in securing the enterprise, it is easy to deploy agents with the right positioning,” Guerra said. “Rather than making the optional MTD agent mandatory, position it as an employee benefit and adoption will soar.”

Guerra said that by extending employee choice into how to stay protected, and making it about empowering employees to protect their devices and their own data, IT departments will see high adoption of MTD. They’ll also have employees take an active part of protecting the enterprise data found on employee devices.

Include an Incident Response Plan

Cybersecurity researcher Brent Kirkpatrick said employee choice needs to be complemented by an incident response plan for each device and operating system. “Your IT people need to be able to respond to security intrusions on all the devices your employees might use,” Kirkpatrick said. “If you are unable to support incident response for a device, none of your employees should be allowed to use it.” Think of the consequences if your company were hacked after you allowed an employee to use a device outside of your incident response plan. The device would become a legal liability and would open you to damages and fines. “Not to mention,” Kirkpatrick added, “the hackers themselves would quickly find that same device to be a route into your network, behind your firewall.”

Don’t Attempt to Define What ‘Productive’ Looks Like

Ryan Kremkau, director of strategy and engineering at financial corporation Capital One, has implemented employee choice programs at Capital One, Nike and Expedia. He stressed that during an employee choice implementation, let users choose and let them tell you what enables them. “IT policies historically put employees into pre-defined roles and then assign an assortment of ‘tools’ based on what they felt those roles were responsible for,” Kremkau said. “The challenge for IT organizations is that users continue to evolve, the same as the technology they design, build and support.” Unless the expectation is identical output from every single person in a team or organization, then you should question why they were all “assigned” identical tools, Kremkau added.

The good news is Kremkau sees a growing shift, where IT organizations are becoming less prescriptive and paying more attention to employee demand signals and on the user experience they’re delivering. “This shift,” he said, “has helped to not only enable users but has helped to reconnect IT organizations with their users and give them a much-needed voice when it comes to the technology a company chooses.”

Recognize Enablement is Key for Any Employee Choice Program

The apps, devices and systems your employees choose will include ton of services that need to be enabled in order to truly support platform functionality and capability correctly, Kremkau said. “Yes, you can ‘manage’ or ‘secure’ many of the scary things, but you inevitably end up back at a point where you’re prescribing what a user can or can’t do,” he said. “There is an incredible balance that needs to be achieved between security, usability and experience, and that’s where you’ll need to be prepared to spend a significant amount of time, energy and resources.”

Expect hard conversations and even harder decisions that need to be made in order to strike the balance. Know where you want to go directionally within the organization, not only with users but technology. “Realize early,” Kremkau said, “that it’s not an overnight transformation and that things will appear much harder than they actually are, which also means you’re on the right track.”


Read the original article on CMS Wire here.