4. Establish a trust model. Employees use personal devices differently than corporate devices, according to the report. "For example, they download more apps. So with BYOD, devices may fall out of compliance with corporate policy more frequently, or for different reasons." Consider setting a tiered policy, the white paper advised, since ownership is now a "key dimension along which to set policy." And as a result, personal and corporate devices will each have different sets of policies for security, privacy and app distribution. Your trust model should also include defining remediation options – including notification, access control, quarantine, selective wipe – and keeping a constant eye on the security policy being instituted. "What is the impact on user experience? Will users accept that tradeoff over the long term? If the trust level of the personal device is so low that security requires extensive usage restrictions, the employee's personal mobile experience will be damaged, and neither the policy nor the BYOD program will be sustainable."

[See also: Mobile health developers see bright future ahead.]

5. Anticipate future technology needs. "Companies should plan for the increase in future technology expenses, like new versions of tablets and smartphones, to ensure they stay within budget," said DeLorenzo. The Mobile Iron white paper added since an organization's device list is strongly influenced by user demand, it could change rapidly. In turn, this could require someone becoming an "expert" on device and operating system evolution, or else the program could become obsolete. "This is especially important when the program moves beyond iOS and Blackberry to operating systems with more variants." Additionally, consider developing a "light-touch certification plan" for the evaluation of future devices. "Most organizations invest in upfront certification when launching their BYOD programs," read the white paper. "However, new devices are introduced into the market every 3-6 months, so the certification process must be ongoing and continually evolving.  If the process is too heavy, it will become expensive and eventually fall behind, so speed and efficiency of certification is essential." 

6. Note the changes a BYOD program has with regard to corporate liability. According to the white paper, BYOD introduces a new consideration to any organization's employee actions and liability. "The device on which these actions may take place isn't the property of the company. So, the question is 'Does moving device ownership from company to employee increase or decrease corporate liability?'" It added some things to consider are defining the elements of baseline protection for enterprise data on BYOD devices, and assessing liability for personal web and app usage. "The employee's expectation is they can use their personal device however they wish," it read. "Is inappropriate use still a liability for the company, even if it doesn't affect enterprise data?" 

Follow Michelle McNickle on Twitter, @Michelle_writes