BYOD 2.0: Can anyone balance enterprise security with employee privacy?

October 29, 2013

Bring-your-own-device (BYOD) will go from optional to mandatory in nearly every enterprise by 2017 but with that comes a few issues.

The inevitability of the BYOD phenomenon is topic causing heated discussions among CIOs and IT departments across the board, based on a market that is flooded with solutions from dozens of partners.

As we approach the proliferation of BYOD in the enterprise, are we forgetting who the actual users of BYOD are?

The answer, of course, is the employee. We must not forget that employees are bringing their own smartphones and tablets to work, which makes privacy and protecting their own personal data their number one priority. Thus, the ideal BYOD solution would protect corporate data and grant employees the mobility they need, without compromising their privacy.

As simple as that sounds, the first-generation solutions available today fall short in meeting the needs of both enterprises and employees.

Gartner recently called BYOD the most radical shift in enterprise client computing since the introduction of the PC. With BYOD, an employee can use his personal smartphone or tablet to access work email, applications and data, rather than using a corporate-issued mobile device.

From the consumer’s perspective, he benefits from getting to use his device of choice, as well as the convenience of carrying one device for both professional and personal use.

An uneasy exchange between choice and convenience

But to the IT manager, this can open up significant risks. That’s why many tech companies are focused on helping IT departments deal with the security and management challenges that come with allowing corporate access from mobile devices they don’t own.

The paradigm of first-gen BYOD solutions is one in which, in exchange for choice and convenience, the employee must accept that his personal device will now be controlled, at least to some degree, by his employer.

Look at this message presented to employees during installation of typical Enterprise Mobile Device Management (EMDM) software used for BYOD management:

“Installing this profile will allow the administrator to remotely manage your iPad. The administrator may collect personal data, lists of apps, add/remove accounts and restrictions, and remotely erase data on your iPad.”

Consumers are waking up to what this means for their own personal privacy. A Harris Interactive survey (sponsored by Fiberlink) of nearly 2,500 U.S. workers found that nearly 80% of employees are concerned about employers viewing private information on their personal devices, such as their location, websites they visited or applications they downloaded.

While no-one would deny the need to ensure enterprise security in the BYOD era, it must not come at the expense of employee privacy. Otherwise, IT managers may find employees rejecting IT control or BYOD altogether. Tech companies can address both needs by making employee privacy part of their BYOD value propositions and it makes business sense too.

Most of the Forbes top 15 tech companies — Apple, Samsung, Microsoft, Google, Hon Hai Precision (Foxconn), Dell, Qualcomm and Panasonic — derive significant revenue from mobile device consumers, either directly or indirectly. If BYOD begins with a consumer purchasing a smartphone or tablet that also can be used for work, it seems the first objective is to create a mobile device that the consumer wants to buy, and secondly, that the both the consumer and his employer trust for work use.

That’s why many players in the mobile industry are looking at how to make the next generation of mass-market devices “enterprise ready” from the start.

Taking the Jekyll and Hyde approach

One approach gaining momentum from the aforementioned device manufacturers and network operators is to create a dual-identity (aka dual-persona) smartphone or tablet that runs two distinct operating systems – one is the consumer’s personal device, and the other is his work device.

The benefit of this approach is that the work tablet is isolated from the personal tablet, ensuring enterprise security, but more importantly from a privacy standpoint, the IT manager has no visibility into or control of the personal device.

Today’s consumers are choosing smartphones and tablets based on operating system, 4G capability and application availability. In the new era of BYOD, it won’t take long before “privacy assurance” makes the list of buying criteria.

Such features must include:

  • Applying policies only when the mobile device is used for work purposes, without imposing restrictions on the employee’s personal mobile user experience.

  • Preventing IT managers from knowing websites visited or applications accessed when using the device for personal purposes.

  • Safeguarding an employee’s personal content such as photos and files from being wiped from the device in the event it’s lost.

In BYOD 2.0, recognizing the value of protecting consumer privacy while also serving the enterprise need for security and control will be a win-win-win for tech companies and their two customers — the enterprise and the consumer.

(Whether you are engaging your customers online or collecting data from workers in the field, mobile must be part of your plan. Download this whitepaper to discover the 16 best practices to executing a successful mobile engagement and data collection strategy.)


Load More