Weiss says that TeliApp runs on the understanding that anything on the company server is company property, and so users don't copy files to their desktops. If someone does copy a file, the action is immediately logged and remedied. "Everyone understands the policy after their first well-meaning screw-up," Weiss says.
Try to keep data off local devices
When choosing applications and services, make sure a lot of data can't be downloaded and saved to local devices. One of the keys to minimizing risk in a BYOD workplace is restricting user access to networks and central repositories. You'll want to find tools that can sync all user data to a central account that an administrator controls access to. You'll also want to find ways to place intermediary technologies between the company network and employee devices. It will ultimately reduce IT's workload and add a layer of security to the company's networks.
"If you mobile-enable users and they have access to your enterprise data in an unrestricted fashion, you have to actively manage that device, which is difficult to do," Veague says.
One example of a cloud-based service that can minimize risk to the BYOD workplace: YouMail. The voicemail service stores all its customers' voicemails and call history in the cloud, so an employer who has YouMail as its voicemail standard will retain contact information and voicemail content even after an individual user leaves. The downside? In the current business-class offerings, users can still access their old accounts. However, in a forthcoming enterprise product, which is still in private beta, but aiming for customer deployment by the end of the summer, an administrator will be able to activate and deactivate individual user accounts.
You'll also want tools that let an administrator remotely wipe or delete an account. This way, former workers can maintain their device, yet they will no longer have access to their old accounts in certain apps.
Find applications that minimize the amount of data that's downloaded to any mobile device, Veague suggests, and follow this rule of thumb: "If you can't access the app, you can't access the data." If this rule is followed, then all an IT admin has to do when an employee leaves is shut off the individual user account; the data remains safe.
Do sweeps regularly
One of the downsides of a self-provisioning workforce is that not every worker is going to be as assiduous about application updates, security measures, and backups as a dedicated IT professional is. So have IT step in and do regular security check-ups on any devices that are allowed to access company networks. Because security requirements will be written into any BYOD policy, users will know that their devices are going to be scanned and updated regularly.
This last step may be out of IT's hands, but it is often the first step in avoiding any problems. Weiss says, "You have to know who you're hiring -- it all comes down to that. If you don't think a person's trustworthy, regardless of what their credentials are, then don't hire them."
With these steps in place, the risks of letting employees provision their own hardware are managed in a way that lets IT professionals still maintain their primary responsibilities to a company without being perceived as an obstacle for mobile-mad employees to work around. And being seen as business-friendly while also protecting the business? That's the real win-win when you think about employees' departures as you're bringing both them and their devices on board.
This story, "BYOD blues: What to do when employees leave," was originally published at InfoWorld.com. Follow the latest developments in Consumerization of IT at InfoWorld.com. For the latest developments in business technology news, follow InfoWorld.com on Twitter.
Read more about consumerization of IT in InfoWorld's Consumerization of IT Channel.