In IT circles, there’s no shortage of angst and concern over the rise of bring your own device (BYOD) set-ups. The arguments are mainly based around the fact that IT doesn’t like the loss of control, but business units see BYOD solutions as a cost-saving measure. The discussion then quickly turns to security, which is where it gets complex and many businesses will abandon the idea for lack of knowledge about this specific element.

Who knows what will happen to the data on a device someone brings in from home? What if they lose it? Keep in mind, the exact same issues arise when companies issue employees mobile devices or computers on which they’re allowed to install personal apps or use for personal purposes.

The real way to handle MBYOD is to move to managed BYOD (MBYOD). That doesn’t mean mobile device management, which is a basic, first-line defense, akin to locking your front door at home. In MBYOD, you start with securing your data at its source, then move towards securing it at rest and in transit between the device and your internal systems.

In other words, BYOD means building a tiered system for access to your corporate environment. The final piece is to communicate this system with everyone in the company.

The pinnacle is complete mobile user access to the corporate environment, meaning they can use their device to function as if they were working at a computer while sitting at their office desk. They have complete access to where their files are stored, move about the internal networks get their emails, and access the intranet as well. This level of access is what you give to devices that have the best built-in information controls, managed by your information-savvy mobile management tools. You know that if the device is lost or stolen that you can wipe all the corporate data from the device. This is the base level tier.

The next tier is where you might allow users to access on-premises resources but without any data actually residing on the device. Users might be granted access to server-based computing, virtual desktop infrastructure, and other functions, but you have some controls built into these devices. It is very difficult to fully protect your data on them.

Now that you’ve defined the tiered access to your corporate environment, you have to look at all devices in the market and determine what tiers they reside in.

You can build as many tiers as you like, although the more you build, the harder it becomes to define what devices go where.

With this approach neither IT nor the business is telling the user what device to buy but instead limiting what users can do based on the device they choose. This approach turns BYOD solutions into a self-managed BYOD program. Users have the direction they have to settle on an educated decision, and the security group is upbeat since it has the devices set up to ensure the organization’s information even on non-corporate gadgets.