Biggest BYOD challenge: Protecting private data

Credit: hocus-focus

The dirty secret of BYOD is that employees are giving up their personal privacy in exchange for the convenience of choosing their own phone and conducting life on a single device.

It's all well and good to have that freedom, but there are ways to balance employee personal privacy with the needs of the company says, Apperian’s CTO Carlos Montero-Luque.

Montero-Luque says employees face two main challenges when they accept the BYOD bargain, and they might not even realize it.

"The first is whether or not they are willing to give the company full control of their device. By allowing the company/IT department full control of their device, they’re giving permission for those departments to view their personal content, access it, delete it, or even become involved in any legal matters (e.g., discovery in a lawsuit)," Montero-Luque explained.

The second and less obvious concern is that the controls the company puts on your device could actually make the experience worse by slowing down the phone or reducing battery life. "Employees want to experience the device they bought in the same way they expect even while they are at work," Montero-Luque said.

Given these limitations, why do employees even want to bring their own devices? He says it's not all that complicated, actually.

"Consumers feel the devices they can choose from are better than those enterprises offer to them. Users are more comfortable with the devices they purchased, as they provide an overall better experience with perks such as the ability to upgrade software and apps as they becomes available."

Employers also face a set of challenges when they allow employees to choose their own devices. Most obviously, there is the issue of how to manage a myriad of devices with different software and operating systems without compromising private information on the device. If you need to remotely wipe enterprise content, for example, there is no reason you should have to wipe out the photos, address book and personal texting history at the same time.

One way to solve this dilemma for both parties is to compartmentalize the enterprise data.

"Compartmentalizing enterprise data tries to solve BYOD issues for both companies and their employees by creating two separate personas. A corporate persona, including all corporate content, and a consumer persona, including all personal content," Montero-Luque said.

He says it's while it's a step in the right direction, this approach creates two separate machines within a single device. He says this division of labor comes with the same issues you have when you carry two phones. You eliminate one of the devices, but you are essentially running two anyway, creating a similar problem by having to switch between the two personas.

He says instead of trying to create two devices in one, the compartmentalization should be done at the individual corporate item, ap,p or document level. This way the compartmentalization is invisible as possible to the user, but still effectively secures access and content.

"Instead of this traditional solution, the goal ought to be to allow employees to access their corporate content in the same way as they would access their personal content, with the same user experience and device capabilities, while at the same time, seamless to the user, providing the full level of security, privacy, access control, and auditing capabilities that remain, more than ever, absolute requirements for IT departments as the guardians of corporate assets and data."

This approach, which not coincidentally is how Apperian helps manage BYOD devices, provides a single device with one user experience instead of two separate ones. It also enables the company to control the device at the back end and eliminate obsolete documents or to shut off access to enterprise content when an employee leaves the company or loses the device.

More specifically, Apperian uses an enterprise app store where employees can access sanctioned enterprise apps. "Because we enable the delivery of corporate assets to BYOD devices via an enterprise app store, we track every app and content delivered and this enables the administrator to track and erase each specific corporate asset from the device without touching personal apps and data," Montero-Luque explained.

In the end there are a number of approaches that companies can take to protect data, but both employer and employees should understand the issues that come with BYOD -- and should work together to find the best approach for your organization.

Free Insider Download: CITE presentations now available
Join the discussion
Be the first to comment on this article. Our Commenting Policies