The BYOD movement has become an acceptable way of doing business nowadays, with more and more employees using their personal mobile devices for work. But when it comes to BYOD privacy concerns, there are two sides to consider: the employees using their personal devices for work, and the IT administrators tasked with protecting corporate data.
IT administrators deploying enterprise mobility management (EMM) systems might say that, no, BYOD users do not deserve privacy. Admins enact policies on devices that grant access to company data, email and apps; it's up to the BYOD user to sign that policy to gain access to those items. Companies that subsidize the devices employees use for work could argue that IT should be able to access these devices, potentially hazardous apps and company email and data stored within those apps.
But does this mean the enterprise should have access to all the apps on an employee's device, or just the ones associated with work or downloaded through the company's app store?
Any IT admin who has deployed EMM would likely find that employees are pretty passionate on the subject of BYOD and privacy. They might be really excited to be able to do work from anywhere, but also extra suspicious of the company's ability to see what they are doing on their mobile devices. From an employee's standpoint, he could say it's his device; since his employer is requiring him to access company resources and do work from anywhere, he should be entitled to privacy.
Both sides have a substantive argument. Users should have BYOD privacy for their own apps, email, photos and personal data, but not for company-provided apps, company email and data. IT can appease both sides by sandboxing corporate email, apps and data; sandboxing may require a separate login, but makes it clear for the user that company applications are separate from their personal items. Android for Work, for instance, only allows IT to control an employee's work profile.
What about concerns of companies spying on their employees' devices? BYOD users should keep in mind that those on the corporate side have little interest in messing with their personal photos and data. Admins also have personal photos and data on their devices and do not have the staff or time to mine every app on an employee's phone. IT's goal is to simply protect company resources against security threats, meaning employees using their own devices for work must surrender some privacy.
Why companies need a BYOD policy
How to balance BYOD security and privacy
IT's guide to BYOD management
Dig Deeper on Enterprise mobile security
Related Q&A from Matt Schulz
Learn about the history of OAuth and Apple and how iOS 12 changed the game for authorization. There are a few things to be wary of, too. Continue Reading
Users may not hesitate to connect to a mobile hotspot, but that doesn't mean IT should always allow it. Learn what threats these hotspots pose and ... Continue Reading
There are a variety of factors to evaluate when determining the true cost of mobile devices in an organization. Unpack these factors to find the TCO. Continue Reading