BYOD and Enterprise Apps: Balancing Security and Employee Privacy

The COVID-19 pandemic has required businesses all over the world to equip millions of employees to work from home, and, as a result, the “bring your own device” (BYOD) model of IT has never been more prevalent.

If employees are going to use enterprise mobile apps on their own phones, enterprise IT needs to ensure these apps are secure. After all, cyber-criminals are well aware that valuable data is often stored unencrypted on smartphones. That data needs to be protected.

At the same time, IT needs to protect data without compromising employee privacy. The challenge is that many enterprise mobility management platforms are fairly intrusive. Certainly, organizations need a mobile data protection solution to prevent valuable assets, sensitive information, and intellectual property from falling into the wrong hands.

Considering potentially catastrophic reputation damage and the legal consequences that can arise from just a single breach, a complete mobile data protection solution isn’t just optional  — it’s mandatory.

On the surface, this problem may seem like an enforcement issue, causing IT to believe that they should implement new BYOD program policies that clamp down even harder on “rule-breakers” and invest more money in monitoring tools and network security staff. However, a deeper look reveals that the real issue isn’t about enforcement after all, it’s about mobile user privacy.

Employees’ fears are not unwarranted. Many BYOD program policies grant enterprises an unprecedented degree of access and monitoring rights. To achieve maximum protection, some enterprises require employees who use their personal devices for work to deploy enterprise mobility management (EMM) and Mobile Application Management (MAM) tools, which gives their employer access to all their private, personal data on the device and could, in some cases, enable enterprise IT to remotely wipe the phone.

While some CISOs and other security professionals may view this trade-off between a user’s expectation of privacy and an enterprise’s need for security as a “necessary evil” – and there can be some truth in this – the reality is that mobile users aren’t accepting the…