To BYOD or not to BYOD, is there really any question any longer? According to market research, 85% of organizations implemented Bring Your Own Device (BYOD) policies during the COVID-19 pandemic.
Even with BYOD becoming the de facto standard, companies and employees are now, more than ever, finding themselves at odds over how much control the company should have when it comes to managing those devices….and it’s the HR team who has to break up the fight. They are in the center of the ring, juggling the security demands of IT teams, while assuaging the legitimate privacy concerns raised by the employees-who don’t want the company looking over their shoulder and controlling what apps they can or can’t open in their free time….and no device user is ever comfortable signing over the rights for the company to be able to erase their devices.
When employees bring their personal devices to work, IT departments and security teams worry some about losing control over the hardware, but they are much more worried about which apps the employees use and the security of the data they access. But when a company implements a mobile device management (MDM) plan to oversee those devices, employees know they are losing control over their private information, personal apps and private activities.
Organizations need to move past outdated MDM solutions and toward a containerized approach that gives them complete control over all work related email, files and apps while at the same time isolating that data from all personal email, files and apps on the same device – protecting employees’ personal privacy and personal use of their devices. The fight over security vs. privacy will be resolved for good!
The Flaws of Outdated MDM
BYOD delivers a lot of advantages, for both organizations and employees. For organizations, BYOD increases the mobility, efficiency and productivity of employees. And it’s less expensive than buying, maintaining and replacing work-only company devices and the data plans required to use them. Employees, meanwhile, get to use their device of choice and have the flexibility of using one device for work and personal business. No one wants to lug around separate devices.
Employees, however, do push back at HR over BYOD policies that assume an MDM solution is installed on the personal device. The reasons include:
- Fears over lost privacy, since MDM technologies could track their location and internet habits and control which apps can and cannot be installed on the device.
- The possibility that employers could have access to video, health records, photos, private emails, texts and other data – unbeknownst to the device owner.
- Legitimate fear that the company can easily wipe the entire device if they have any concern (real or not) that work related data on the device might be compromised.
- The extent of access an organization could have to the device in order to update software and secure their own data.
The speed and storage capability of modern phones, combined with the much less expensive access to data, makes the choice of BYOD obvious. So why are companies and government agencies still issuing devices for work use only?
It simply comes down to a perceived lack of better options.
Most organizations still rely on outdated MDM technology, which at best, can really only enforce password policies, restrict use of non-work related apps and offer the “nuclear” option of wiping the device entirely if things go wrong. But in order to implement this functionality, the company needs to take control of the device, creating a tricky personal privacy minefield. Alternatively, a containerized application, installed on user devices – no matter if they are personally owned or company/government owned, can keep work and personal apps and information completely separate, giving the company full control over all work email, files and data and full privacy to the employee around their personal email, files and data.
What Should HR Teams Do?
HR teams, for their part, need to ensure that an organization’s BYOD policies are clearly defined. They should:
- Work together with IT/security to ensure BYOD policies are fair and have a baseline of what technology and programs are implemented on each device.
- Make sure to have different policies for different levels of sensitive information (some company data is more sensitive than others).
- Focus policies on corporate data, not controlling the phone or other device.
This is where SyncDog can help. SyncDog’s Trusted Mobile Workspace (TMW) provides organizations with a robust mobile security and Containerization solution integrated into one. SyncDog’s Containerization capabilities allow for employees’ phones to be securely partitioned into dual-personas. The work persona is isolated within a FIPS 140-2 compliant, AES 256-bit encrypted application container, ensuring protection against malware and other attacks. While the personal persona remains in the control of the employee. With SyncDog, end users, HR and security teams will no longer be at a crossroads.
To learn more about SyncDog’s Secure.Systems, request a demo today!