It's telling that "bring your own device" is shortened into the acronym BYOD. It's just another four-letter word that, depending on the context you use it in, is either your company's downfall or its savior. For some, it's another way to save money on the bottom line, though most people know by now that if your intention is to save money, you're barking up the wrong tree. Then there are those who know that providing their users with the right devices can boost productivity. It's not really a stretch to think this, as tons of news stories and surveys show that people are spending more time working and are producing more.
Of course, you have the other side that looks at BYOD as "bring your own disaster," just another security problem where all your corporate data just sits waiting to be misappropriated while your users goof off playing Angry Birds.
The truth is that it's already too late to start worrying about your data being exposed. People have been taking corporate data and putting it on their own devices for years. The only difference now is that it has become much easier with new tools such as Dropbox and SugarSync to get your company's data from your internal data stores to your users' devices.
You are now stuck with a choice. One is to mandate security and lock down endpoints. This is what most companies end up doing. They control the endpoint as a way of securing the data. It's not a bad option; it's good to secure the data on the endpoint, and it makes it easier to do something when those devices are compromised. It just tends to ignore the one element it shouldn't: your users.
Once you look past people trying to steal your data from a corporate espionage point of view, you begin to realize that many data exposures are due to your users' habits. The one thing we spend the least amount of time on is our users. We discuss BYOD and how to secure the device, what apps users should use on those devices, and what policies need to be in place. We spend the very little of our time focusing on the users themselves.
That's the other choice: Focus on the users. I believe it's the right choice because, in the end, you sink or swim with your users. You need to bring them into the loop and work with them, not dictate to them. There are two pieces to this strategy.
First, you need to focus on educating your users. What are the things they should be doing? What shouldn't they be doing? (This should be part of your policies as well.) What sorts of situations might they get in that would be dangerous either for them or for the company related to the data they use?
Remember, if it's their own device, it's not just corporate data that lives on it but their private data as well, which gives them an incentive to protect all the data on it. They're not trying to be unsafe with the data; they're just trying to get things done the best way they can. Teach them how to do just that and at the same time build good habits that keep everyone's data secure.
This leads to the second part of your strategy. You have to focus on the user needs, what I call the Fun Principle. There's a reason your users have moved corporate data to their device. Figure out what they are doing with the data and why they need it. Look at what apps they use with the data. Chances are your users found the best apps to enable themselves to get their work done. They just want to be able do their job as quickly as possible, so they can spend more time with their families.
Use the work they've already put in, then build on it. If they are using Dropbox to move their data around, figure out if you can find a way to allow them to do that securely. If you can't, work with them to find an alternative that's just as frictionless for them but that you can secure. If they are using Evernote to take notes, maybe the business has to buy a subscription to the Pro version and have users encrypt the data. Concentrate on what your users have already figured out and use that knowledge to enable them securely while keeping the experience as frictionless as possible.
The goal is use mobile to enable your users to be more flexible and agile, which allows them to be more productive and efficient. You do this through education and fun, hopefully leading your users to a frictionless experience. The BYOD genie may already be out of the bottle, but you get to decide (apologies to singer Keri Hilson and rapper Kanye West) whether it's dessert or disaster.