A Bring Your Own Device (BYOD) program offers a lot of benefits, including the ability to attract talent with the perk of using their own preferred device. You also save on devices and their maintenance and management. It’s great in many ways, but it can bring challenges when it comes to security. It can also create complexity when you attempt to use a mobile device management (MDM) solution to secure your network.
Among the questions that arise when implementing an MDM solution for a BYOD program, the most pressing will likely be about privacy. When it comes to the employees’ right to privacy versus the need for the corporation to secure resources, who wins?
The line between preserving security and violating privacy versus security vulnerability and protected privacy can be a hard one to navigate. Here are the questions that tend to arise and answers you can use to address them:
How Will Employees Know What the Policies Are? Some companies reimburse for part of the cost of phone usage while others do not. And there are likely to be multiple questions about which areas of the phone the company can access for monitoring. Publishing clear policies can help employees know what to expect, and it helps hold security teams accountable for where they cannot violate employee policy.
Can an MDM Solution See the User’s Browsing History? The MDM solution itself cannot, but companies could deploy an over-the-top service designed to control and redirect traffic. If the company plans to do this, it should communicate the change to employees.
Will the Security Team See Text Messages? When it comes to Apple smartphones, the company has not provided any hooks for an MDM solution to be able to see texts. It’s possible that a security team could deploy native services to read texts, but it’s unlikely that an IT team would. Messaging apps tend to use end-to-end encryption, making it inaccessible to IT departments.
Can the MDM Solution Track Location? Yes– IT security teams should be clear about whether they are tracking location and for what purpose. In many cases, this technology is being deployed to establish a baseline for where employees typically access company resources so that any anomaly can be flagged. It’s important for employees to know how this information is being used.
Can the IT Department See Which Apps Are on a BYOD Phone? The platform takes an inventory once the device is enrolled, but IT departments would be wise to opt only to see line-of-business apps through the program. Otherwise, they may have access to an employee’s health, religious or other private information.
An MDM solution offers a way to improve security and reduce complexity in a BYOD environment, but communicating privacy policies is an important part of implementation. To discuss this and other solutions for your security objectives, contact us at Safari Solutions.