How the smartest companies are letting employees use their personal gadgets to do their jobs.
By ROGER CHENG
For lots of workers, the company BlackBerry just doesn’t cut it anymore.
As people pack increasingly sophisticated smartphones in their personal life, they’re clamoring to use those gadgets in the workplace as well. And many of their bosses are loosening up. They’re ditching the traditional BlackBerry-or-nothing policy and allowing a wider range of mobile devices, including tablets such as the iPad.
This arrangement can bring benefits for both sides. Businesses don’t have to buy as many phones for employees. Employees, meanwhile, don’t have to carry two devices around, and people who didn’t get a company phone before can have one now.
But there are a lot of potential pitfalls, too. Few smartphones offer the security features that the BlackBerry is known for. IT departments also struggle with supporting business programs on newer mobile operating systems such as Google Inc.’s Android. What’s more, allowing personal phones raises a tough question: How much control does a company have over the device? What happens, for instance, when somebody leaves the company—and their phone is loaded with sensitive business documents?
The companies that have seen the most success are giving their employees the most freedom—but are also seeking a higher level of accountability. They’re asking that workers take responsibility for keeping the device safe by managing passwords and complex security functions, as well as shouldering part of the cost.
“Companies that are being successful are moving away from dictatorial approach to a shared-responsibility model,” says Ken Dulaney, an analyst for research firm Gartner Inc.
Here’s a look at some of the smartest strategies that companies are using to maintain the balance.
Locking and Deleting
Most companies start with a very basic line of defense: insisting that workers use the password feature found in every smartphone. The password prevents other users from accessing any of the phone’s basic functions, forcing most run-of-the-mill thieves to erase the device to make it usable. That’s critical, because employees will often store emails and attachments with corporate data or information about future projects on their phones.
But passwords aren’t foolproof, and a technically savvy crook could break through the defense. So, what should companies do for an extra layer of protection?
Kimberly-Clark Corp. has a hard-line solution: If a phone is lost or stolen, or an employee leaves, the company erases the device remotely.
The company began allowing employees to use their personal smartphones to access their corporate email accounts in December. Since the change in policy, roughly 300 employees have connected their personal smartphones to their work email accounts, according to Ramon Baez, chief information officer for the company.
“Since these are small devices and are easily misplaced or stolen, it is vital for a company to have the ability to wipe company-sensitive information,” says Mr. Baez. The company will wipe a device as soon as it is reported lost, or if the user reaches the maximum number of attempts with an incorrect password.
Of course, a remote erasing also deletes any personal information on the phone, such as contact numbers and family photos. But the threat of losing all that may help make people more vigilant about keeping track of the phone.
Still, the practice isn’t foolproof, because a phone needs to be connected to a cellular network to be wiped. Mr. Baez is working on a “self destruct” option that would automatically erase a phone in case it’s lost and disconnected for an extended period of time.
And the practice doesn’t work everywhere. In China and South Korea, employers by law aren’t allowed to erase the personal data on their workers’ phones, according to Mr. Baez. So, he doesn’t allow employees in those countries to use personal devices in the workplace.
Walling Off Data
Sometimes it’s not enough to erase data after a phone is out of a worker’s hands. Companies in a range of industries—such as medicine or finance—have to do a lot more to protect sensitive data while employees are still using the devices. Medical companies, for instance, have to follow rules under the Health Insurance Portability and Accountability Act that protect customer data. In some cases, that means having patients’ information on a regular personal cellphone isn’t permitted.
Nationwide Mutual Insurance Co. uses software from Good Technology Inc. to carve out a part of an employee’s device strictly for corporate use. Guru Vasudeva, chief technology officer of Nationwide, calls the portion a “secure container” within the phone that houses access to corporate email, address book and calendar. Work emails and attachments can be viewed in the container, but can’t be moved or downloaded into the phone itself. If the phone is lost or if the person leaves the company, Nationwide can wipe that portion of the device, leaving the personal information intact.
Beyond the typical password found on a cellphone, the container has its own password, and the data inside are encrypted, says Mr. Vasudeva.
“We looked for a technical solution with the flexibility to allow what [the employees] want, but at the same time meet all regulatory and technical requirements,” says Mr. Vasudeva.
Dealing With Variety
Beyond security, there are lots of technical headaches with workers using their own devices on the job. For one, compatibility. With a wide variety of devices using different operating systems, it takes lots of time and resources to build and test a different version of the same application for every single one.
For the time being, most companies are trying to avoid those headaches by keeping things simple. Workers who use their own smartphones generally can get access only to the company email network—not any other work software. The more complicated stuff, such as apps that provide access to company software and databases, is generally limited to the widely used BlackBerry platform.
.Kimberly-Clark is looking to partners such as AT&T Inc. to help it create a mobile-enterprise-application platform. This relatively new technology allows a company to create one app and have it run on all devices. For instance, a company could create an app that accesses customer-relationship-management software in the corporate database and have it distributed to all sales personnel, regardless of their phones. By using the technology, the company “gains the ability to effectively manage the cost of supporting many different devices,” Mr. Baez says.
A Virtual Solution
Some companies are working on other ways to give workers access to more than company email. They’re using a technique called virtualization to let workers tap into a much wider range of software. Companies put software, from providers such as Citrix Systems Inc., on the workers’ portable gadgets. The employees can then use that software to access their entire desktop on the device—and use the same programs on the road that they use in the office.
Royal Dutch Shell PLC, for instance, is testing these kinds of systems for use with tablets such as the iPad. Placing virtualization software on employees’ personal tablets is less expensive than outfitting them with company-purchased laptops, says Jay Crotts, the company’s vice president of IT services.
Virtualization provides an answer to a basic question, he says: “How can you increase productivity and allow more ubiquitous access?”
New Ways to Pay
Not all of the problems with smartphones are technical. There’s also the matter of cost. Smartphone bills can be steep for regular users—and most people want the company to kick in if they’re using the phone for work too.
Companies that have embraced personal devices have also found ways to reimburse employees for their phone use. Mr. Dulaney, the Gartner analyst, says one common solution is to use a telecom expense-management program, which allocates some expenses to the company and some to the worker.
In some cases, companies pay for the whole data portion of the bill. Some companies go further and cover the whole thing. The situations vary, and depend on the type of employee and the type of company involved. For instance, a factory worker who’s on call might get compensated for voice but not data, while an executive might get fully covered for the phone.
Nationwide gives employees who would otherwise have a company BlackBerry a stipend equal to what their BlackBerry bills would have been, which ranges from $70 to $100 a month. The worker has to cover the difference. Employees who would not have gotten a BlackBerry are responsible for their whole bill, since for them the access to the corporate data is voluntary and considered a perk.
“We think it’s a fair deal,” says Mr. Vasudeva.