www.soundshore.nethubfssoundshore-siteheader-img-2

The Next Level Network Blog

IT Management, Security, Compliance for Regulated Firms

The BYOD Dilemma: Corporate Security vs Employee Privacy

Jun 7, 2019 3:16:29 PM / by Eric Benda, CEO

BYOD Issues Driving Changes to Device Management Strategy

Over a number of years, the practice of Bring Your Own Device (BYOD) has become commonplace in companies of all sizes. Employees have been granted permission to let their personal devices double for work – phones, tablets and laptops. BYOD evolved out of employee discontent with having to carry two phones or with finding themselves needing emails or files at home that were on an office computer. Companies began adopt BYOD policies. But those decisions are having unanticipated impacts. In today’s tense cyber security environment, pure and simple, BYOD makes it impossible to maintain a secure network. Mobile device management (MDM) software has been developed in an effort to secure company data on private devices. However, MDM can compromise user privacy. So, we end up needing ways to balance corporate security and employee privacy.

What are the BYOD Issues?

As a managed services provider and cyber security consultant, we deal with concerns on both sides of the dilemma.

Company:

Our clients – most of them regulated firms in financial services and healthcare -- depend on us to build their IT networks and to do everything we can to keep them safe from hackers, malware, ransomware, phishing and the many other threats out there. We help them develop policies and procedures for using personal devices including requirements that we can place MDM software on employee devices. We train employees to recognize and avoid cyber threats. These are critical steps for meeting regulatory compliance standards, maintaining their reputations and safeguarding theirs and their clients’ data and fiscal assets.

Other company concerns include getting employees to surrender their phones to IT to install MDM software and getting access to devices of employees who leave in order to wipe corporate data from them. These are serious and frequent problems. There is also the issue of employee pushback on privacy concerns.

Employees:

Employees learn that there’s a privacy cost to the convenience of using their own devices for work. It often makes employees uncomfortable to know that MDM software can give the IT department or IT partner access to personal information on their devices. MDM software (we choose to use IBM’s MaaS360) allows us to see, though not access, all apps on an employee’s device. What’s the problem there? Consider a situation where an employee downloads a job site app. This could signal his or her intent to move on. Or what if an employer can see a dating app on a married executive’s phone? These are definite privacy issues.

Additionally, if an employee’s phone goes missing, for corporate security reasons the MDM software allows IT to remotely wipe the employee’s phone of all data – including personal email and photos in addition to corporate data. Similarly, if an employee is using an Apple phone, IT can put it into Supervised IOS mode, which requires resetting the phone to factory defaults, essentially wiping the phone of all data. Also, GPS and location-tracking enable the employer to know an employee’s whereabouts. Even though most agree it’s better that their employer have access to their data than hackers, it’s easy to see that employee privacy concerns are real.

What’s the Solution?

We believe that a return to corporate-owned devices for work is the best solution to maintaining security and still enabling enterprise mobility. We can pre-load these company devices with more comprehensive corporate software when we do not need to allow for personal device issues. However, providing corporate phones takes us back to employees carrying two phones, which is what prompted BYOD in the first place. It also potentially imposes a technology choice on employees that can affect productivity if the technology is unfamiliar.

Another strategy being adopted by an increasing number of companies is CYOD – Choose Your Own Device. Employees have the option to choose from a selection of company-owned android and IOS devices, enabling them to select a familiar platform. This enables immediate productivity on starting to use a company device. 

To address employee aversion to carrying both a work and a personal phone, some companies are adopting another acronym COPE – Company Owned/Personally Enabled. This allows certain personal information and apps to be installed and used on company phones. It’s important that employees understand that their personal information will be wiped when they leave the company and it’s their responsibility to save it elsewhere.

CYOD won’t happen overnight. But as companies transition from BYOD, there’s a good interim option. IT can place a container on an employee’s device in which all corporate programs and information reside. If a device goes missing or the employee leaves, the container alone can be wiped remotely, leaving employee data intact. Downside: IT can still see what programs and apps are on the device and the corporate container has its own separate log-in. The log-in is a minor inconvenience, but one that some employees will not like.

Budgeting should be similar for CYOD or COPE as opposed to BYOD. Most companies are already providing some financial reimbursement to employees using their personal devices and company phones can fall into a moderate price range. The need to license mobile management and other security software doesn’t change. We use a comprehensive solution, ManageEngine, for company-owned devices.

The time has come for your company to review BYOD and other enterprise mobility strategies to assure that you’re evolving to best meet the needs of your business and employees – especially in today’s tight labor market. If you’d like to speak with Soundshore Technology Group’s cyber security and mobility experts, send an email to sales@soundshore.net. We’ll be happy to help. While you’re here, please take a look at our full array of cyber security services.

Topics: MaaS360, ManageEngine, BYOD, CYOD, COPE, corporate security, employee privacy

Eric Benda, CEO

Written by Eric Benda, CEO