better byod

Better BYOD: Maintaining Security and Employee Privacy

Categories: Workforce

The term BYOD is a bit out of date. Back in the “before times,” it used to literally mean physically bringing your own device to an actual office for improved work-life balance. Some companies allowed employees to BYOD while others simply said no because of increased security risks. Those companies that said no received pushback, often from the highest levels, because employees and executives wanted access to email and important documents when they were away from the office.

But like many things, COVID changed everything. In some cases, there is no physical building to bring a device to now. After working at home for years, employees blend their business and personal lives, which often means using employee-owned devices, regardless of where they are working. According to the Microsoft Work Index 2022, 52% of respondents say they are somewhat or extremely likely to consider going remote or hybrid in the year ahead, which will ultimately lead to an increased use of personal devices. 

This creates friction between the organization and the employees, contractors, and consultants who need to access email, files, and software to complete their work. It’s become necessary to balance network security needs with an expectation of privacy from the workforce. Before the pandemic, employees who used their own devices sometimes worried if their employers had access to private data. Now, all employees, contractors, and consultants who use personal devices for work—sanctioned or not—consider privacy a primary concern. 

Workers want and need the ability to access work networks from multiple devices—their smartphone, family computer, or even smartwatch. Palo Alto’s Hybrid Workforce Security Survey found that 60% of companies expanded their BYOD programs during the pandemic, but many of those companies added strict security procedures that did not work for employees or contractors. The survey reported that organizations that increased BYOD usage have employees who are over eight times more likely to ignore, circumvent, or disable security than those that restrict BYOD.

While prohibiting the use of personal devices for business activities may seem to be an answer to security threats, many employees will just ignore such a policy. But when they switch between multiple devices without security protocols, your organization faces serious risks. Even if your employees and contractors are the rare ones who actually follow the policy, your company still doesn’t win. Their work processes will be less efficient, productivity will be lower, and company growth will be slower. 

Fighting against BYOD simply doesn’t work anymore. Employees need the flexibility to use whatever device is best suited to the task at hand. At the same time, they want (and need) their privacy to be respected, while the organization needs to ensure strict  security protocols are used as they attempt to protect their network and data. 

The best path forward is a BYOD program that works for both the employees and the company. And that doesn’t mean just buying a platform or creating a bunch of new policies. The cost of multiple MDM licenses for each individual with access to the network is a massive expense for even smaller organizations. So how does your organization control access to your network, ensure device security, prevent data theft, maintain regulatory compliance, control software access, and still allow your workforce the access it needs? The most successful BYOD programs result when companies thoughtfully combine both tools and processes.

Are mobile device management (MDM) tools the right answer?

For years, companies solved BYOD security concerns by turning to Mobile Device Management (MDM) tools. MDM tools have been the go-to solution for organizations dealing with BYOD, but employees and contractors have voiced concerns regarding their intrusion into personal privacy. In addition, many organizations don’t realize the downsides and new issues that MDM brings.

MDM tools create a partition on employee-owned devices, separating work and personal activities. However, organizations have control of the device and can entirely wipe the device remotely. While companies are supposed to only wipe out the business portion of these devices, it hasn’t always worked that way. Cases have been reported where personal devices were completely wiped when an employee left the company or just by accident. 

Employees are rightly concerned about privacy with MDM. Most MDM tools give companies access to sensitive employee information—even outside the personal partition. With an MDM, organizations can often access employees’ browsing history, potentially learning if an employee is looking for a new job. Companies can also access location data, allowing them to inappropriately monitor employees who call in sick or track the whereabouts of those working from home. 

Beyond Identity: a balanced solution

Many organizations determine if a device is “managed” before allowing access. However, there are multiple ways to manage devices with varying degrees of effectiveness. While MDM is the most commonly used solution, other options include enterprise mobility management (EMM), mobile application management (MAM), and unified endpoint management (UEM), each of which brings its own challenges. 

Companies no longer have to make a choice between several less-than-ideal options. With Beyond Identity, companies ensure secure authentication and authorization without violating employee privacy. 

Beyond Identity takes a different approach. Unlike MDMs, the Beyond Identity Authenticator secures by using device data in the authorization decisions, but never accesses personal employee data. And most importantly, devices cannot be accidentally wiped. 

Instead, the Authenticator verifies the identity and device attempting to authenticate and guarantees only trustworthy devices can access networks remotely by cryptographically binding the identity to a device. This allows organizations to protect against security blind spots in unmanaged endpoints without overbearing MDM solutions that infringe on an employee’s privacy.

With Beyond Identity, each user and device also need to pass behavioral and security checks to gain access to networks. We use 25+ attributes (called risk signals) that we collect from users, devices, and applications. By monitoring these risk signals, the tool makes informed decisions about access from both managed and unmanaged devices. With Beyond Identity, your company can begin moving towards a zero trust security model.

With Beyond Identity, your organization is well protected against BYOD security risks while also respecting the privacy of employees. It’s easy to add new devices as your company scales and grows. And integrations are regularly added as new technologies from other vendors are released. 

Moving forward with BYOD

Now is the time to update your BYOD policy to reflect today’s realities. At the same time, you can re-evaluate the technology you are using to manage BYOD, especially if MDM has been your default. By taking the time to find the balance between employee experience, privacy, and security, your company and employees can turn your focus where it needs to be—serving your customers and growing your organization.

Need to keep your existing MDM? No problem! We can integrate with your existing MDM and provide new levels of security and usability.

Get a demo and learn how to best protect your critical resources