Many organisations understand the need to protect and secure their data, even on employees’ private devices (if Bring Your Own Device policies are implemented) – the main threats which trouble the IT and security managers are potential loss or theft of data and lack of user awareness (based on a report we’ve done together with Computerworld in 2018 ).
The enterprise mobility market already offers tools and mechanisms which allow our private data to remain unavailable to the IT admins of our employer or other 3rd parties. Examples of such tools are the Android Enterprise Work Profile (which only allows the IT Admin to manage and access the “work part” of the device, allowing no access to the private part – the IT admin is not even able to remove all of the data from the device if it is lost or stolen in this scenario – just the company data container), Samsung KNOX Workspace or the iOS built-in data separation mechanism.
Luckily – yes. Although deep down inside many IT and Security admins would prefer to have full control over any device that can access the company data (as this way it is easiest to ensure manageability and enforce security) there are organisations which do put the comfort and privacy of its employees first. Based on our customers – organisations using the FAMOC platform – we can say, that the trend is on the rise to allow an increasing amount of freedom to the end users. It is important not to forget that company data access is nowadays critical in enabling a truly mobile workforce, but it is even more important to make sure this data is accessed in a very secure manner.
So what are some examples of making sure that both the end user privacy is respected and corporate data is protected? The main item is to use a private / company data separation (e.g. based on Android Enterprise Work Profile), but to enhance it even further organisations can:
– enforce a more complex passcode or login method to the work profile (either imposing no requirements on the lock screen settings of the device itself or making it a lot looser than access to work data)
– set up a VPN connection (or private APN from the network carrier) to only work for the corporate part of the device – this way only managed company apps will have access to the organisation’s network, while the user’s private apps will not)
– be sure that if the user for whatever reason decides to get rid of the company part of their phone (which is many scenarios they are able to do) all of the company data, applications, VPN connections are removed as well
– if the companies are still concerned about the security of the whole device (e.g. because of the sensitivity of data processed on the device) the private part of the phone can also be monitored (without enforcing strict policies or limiting the applications the end user can install) by enforcing a Mobile Threat Defence agent to monitor the applications installed by the end user.
So, from my perspective both privacy and security are equally important. And Today there are tools to enable both for the employees. I am sure this will be the trend in the coming weeks and months.