When it comes to companies managing personal devices, many people speak of making trade-offs: in return for access to company resources like wifi and email, employees allow their personal devices to be managed. But what level of compromise is fair in this scheme?
How did this come to be?
Five years ago, we didn’t have this problem: work phones did work things, and personal phones did personal things (and probably looked like this). Then when iPhones and Android phones came along personal phones got smart, and naturally everybody wanted to use them for work. The response at first was, “No, these things are insecure and unmanageable!” Fortunately that changed fairly quickly, and there are a host of vendors that can help make modern smartphones into whatever a company wants them to be. Problem solved, right?
Wrong. While it’s now technically possible to turn iOS and Android devices into well-behaved corporate devices, users still want to bring their personal devices into work, and many companies want to have control those devices.
One approach that has surfaced is to give users incentives to get them to allow their companies to manage their devices. Many people will tell you that this solves the personal device management problem. We can go home and call it a day, right? Well, not exactly.
Where do you draw the line?
The question that arises is how much control does the user surrender and how much access to resources does the company permit.
What do users want? With truly unlimited data plans going the way of the dinosaurs, chances are that they want to be on the corporate network while in the office. They’ll also want access to corporate email. Aside from those, easy setup of networks and VPNs is helpful, too.
What do users concede? The basic security measures—passwords and device encryption—are common sense. And understanding that their device may be wiped is easy, too. What may not be so clear, though, is that having an MDM configuration profile on the device means that admins can see what applications are installed. This helps companies ensure no applications are behaving in inappropriate ways (since even apps that aren’t considered malware can still cause harm), but it also might not make users happy (let alone solutions that use an agent app to track device location).
As an aside, we can note that all this assumes that we’re talking about employees voluntarily bringing in their personal devices. The whole model falls apart for compulsory BYOD. While a program like that could be spun in the direction of “Hey, you get freedom to pick your own device now” if there are tight controls on those personal devices, the company is really saying “Ha! we have freedom from paying our phone bills now!” In this case, employees might have to get a personal phone to have a device they can do any they want with (see above). At least they could get a family plan...
This is always going to be difficult
Back to true BYOD, we have a huge minefield to navigate. Each user will be comfortable with different degrees of corporate control. Finding the right balance is important, because the wrong approach misses out on opportunities at best, and leads to users doing whatever they can to get around IT (FUIT) at the worst.