Many companies that have had BYOD policies for a while have matured their thinking. They've grown from looking at employees' personal devices as something to lock down to allowing them in a limited fashion to fully embracing them.
They have moved from allowing only company-provided phones to supporting "COPE" devices (which are corporate-owned, personally enabled tools) to sanctioning true bring-your-own device setups, says Chris Marsh, an enterprise mobility analyst at Yankee Group.
To reach that point, organizations need to get used to data residing beyond their firewalls, and to not always having ownership of that data, Marsh says. As part of this change in mindset, the focus of security efforts should not be on the device alone, but on data, he adds.
Here's how four organizations that have had BYOD programs in place for at least two years have evolved to cope with challenges and change.
Aetna
Two years ago, Aetna introduced a BYOD program to give employees greater flexibility in their choices of computing and communications devices and to allow more people to work remotely.
The Hartford-based insurer had been allowing some people to use their own computers for work, and it expanded this policy to include smartphones and tablets after deploying mobile device management (MDM) tools from Citrix Systems and Good Technology to ensure security and control.
Aetna later added MDM systems from AirWatch, BigTinCan and BlackBerry.
The company adopted multiple MDM technologies in order to meet the needs of its various business segments, says Alan Pawlak, executive director and head of client services. Those systems "allowed us to begin letting noncorporate assets access our core data in a secure way," he says, adding that many users "embraced that" because it enabled them to get onto the corporate network from home.
Before expanding the BYOD program, the IT department wanted to get the approval of executive leadership and the heads of each line of business, Pawlak says. Toward that end, BYOD project leaders created a written agreement that employees had to sign before they would be allowed to use personal devices for work.
"That was an effort to protect the company for regulatory reasons," Pawlak says. The policy contains rules for how to engage mobile devices in the work environment, and it identifies types of users excluded from BYOD -- including those who often work with regulated data such as personal health information.
Today, the BYOD program encompasses about 4,000 people in many departments and functions. This represents about 8% of Aetna's workforce.