BYOD gets all of the attention in the mobile management world, but what really matters is that no matter who owns the device, the most important task is keeping corporate apps and data secure while protecting the user experience and privacy of personal apps and data. Once we figure this out, though, we realize that who owns a device matters a lot less than we might have previously thought. Let’s find out why.
First, let’s look at why we need to keep personal apps away from corporate data. Unfortunately many of the apps we love have can leak corporate data. Some apps that have access to contacts, photos, email, and other resources might innocently or maliciously export data, and other apps make it easy for users to leak data on their own by cutting and pasting text or opening corporate attachments.
To solve this these problems, IT has a few basic choices. First, they could try to keep the data safe by locking down everything else on the device. Risky apps might can be blacklisted (which, by the way, is not an elegant process with iOS and most versions of Android), or IT can simply turn off access to app stores so that users can’t install anything on their own. The only problem is that if you try this technique on any personal devices, chances are you’ll have a user revolt on your hands.
When iPhones first came into the enterprise, most of them came in as personal devices. But things are different now, and many companies are issuing corporate iOS and Android devices to their employees. It would be easy for them to think, “Well, we’re dealing with iPhones belong to the company now, so let’s just lock them down. They still get to use the devices they want, right?” And of course that would course that would cause a user revolt, too!
That’s because an iPhone is an iPhone no matter who bought it. Even if it corporate-issued, users will expect (or at least really want) to be able to use all their favorite apps in the ways that they would if was a personal device. And if they can’t do this, then they’ll turn to back to BYOD or FUIT, or in any event be frustrated.
Fortunately, to deal with this issue, we have techniques for separating work and personal worlds. Dual-persona mobile app management—where corporate apps are secured and can communicate with each other while keeping the personal apps out—is well established. Other vendors are hoping that mobile virtualization will solve the problem, too.
Now all this isn’t to say that device ownership is completely irrelevant. The party that owns a device has a vested interest in what happens to it, so that means that control around corporate devices may be a little bit tighter. But this control should mean asset tracking or perhaps expense management—not having to lock down the user’s entire experience of root around in their apps in order to keep corporate email safe.
It’s also worth pointing out that this conversation applies mainly to users’ primary devices. There are legions of second-tier personal devices that may get treated a bit differently. Think of e-readers that may only get used to check work email once in awhile, or devices of friends and family members that somebody might use to do a quick work task on occasion. But in these cases, it’s simply a matter of dialing down access to corporate resources, not deploying a whole new solution stack.
Returning to users’ primary mobile devices, though, we’ll find that no matter the ownership model, corporate apps need to be secured in a way that allow employees to use the rest of the phone as they desire and see fit. And once we realize this, then the issue of who owns the device becomes much less important. There’s no need to deploy one solution for corporate devices and then another completely different stack for BYOD—they can be almost entirely the same.