Over the past few years, it would seem that nearly every technology company has moved existing products around to jump on the BYOD bandwagon, or they have launched a new solution so their employees can Bring Your Own Devices to work. And why wouldn’t they? It’s a huge trend that isn’t going away anytime soon. In a survey sponsored by MokaFive that had 335 respondents, 88% of these people said that their organizations offered some type or BYOD, whether it was sanctioned or not. And that, of course, raises the dual questions of security and privacy.
People in the IT camp would rather see more security, which is what the current BYOD programs offer. On the other hand, though, they don’t offer much privacy. 77% of respondents described their feelings about Mobile Device Management in strong negative words, some even calling it “too intrusive.” And BYOD can also enable insecure use of cloud services. About two-thirds of those in the survey replied that either they or their organizations used sub-par cloud services like Box to store data. This practice and others like it, might put corporate data at risk.
Clearly, in order for BYOD to remain in the corporate biosphere for the long-term, practical solutions will have to be found that protect corporate networks and data, while at the same time not subverting users’ privacy. The exceptional usability of modern tablets and smartphones will also have to remain untouched as well.
From the user’s viewpoint, they can use a device they’re familiar with, their device of choice, as well as the convenience factor: Getting to use the same device for both work and personal tasks. Yet for the IT manager, this practice can open the corporate network to some serious risks. Although many technology outfits are assisting those IT managers deal with the management and security issues that stem from allowing enterprise access from mobile devices that they don’t happen to own, it’s not enough. The zeitgeist of this first generation is one of exchange. The employee gets choice and convenience; in exchange they have to accept that their personal device will now be controlled by their employer — at least to some extent.
In fact, a current installation of typical EMDM software (Enterprise Mobile Device Management) states that “Installing this profile will allow the administrator to remotely manage your iPhone. The administrator may collect personal data, lists of apps, add/remove accounts and restrictions, and remotely erase data on your iPhone.”
If that’s not a serious hit to privacy, I don’t know what is. Users are starting to be concerned about what this sort of thing means for their personal privacy. A recent Harris Interactive survey, which was sponsored by Fiberlink looked at nearly 2,500 US employees. It found that almost 80% of them were worried about employers looking at private information on their personal devices, including websites they visited, applications they’d downloaded, or places they’d been.
Certainly nobody would deny the need to secure enterprise data in the era of BYOD, yet this has to not come at the expense of employee privacy, lest IT managers find employees refusing IT control or BYOD as a whole. Technology enterprises can address both of these needs by making the privacy of their employees part of their core BYOD value propositions, but also because it makes good business sense.
In order to address the BYOD issue, many of the large players in the mobile industry are thinking about how to make the next generation of mobile devices “Enterprise Ready” right out of the box. This describes a device that has a dual identity, or one that runs two separate operating systems. One would be for their work device, and the other for their personal device. Although it’s still the same device, physically speaking, the IT manager can no longer see the employee’s personal device, as it’s a different logical device.
