In Tom Kaneshige’s article in CIO Magazine, BYOD Lawsuits Loom as Work Gets Personal, he discusses the legal implications of deploying Mobile Device Management (MDM) software to your employees’ personal devices. Tom writes that, “like most tragic love stories, the Bring Your Own Device affair has come to an abrupt end; a bitter breakup looms, and lawyers are circling”. Tom explains that employees are beginning to question the intrusion of corporate eyes on their personal devices and poses some intriguing questions on behalf of users everywhere:
- Does IT use my smartphone to track my whereabouts?
- Are they then using the device to track how many hours I am at the office?
- What other data are employers collecting?
- Can a help desk technician see my private healthcare records?
As implausible as some of these scenarios seem, they are not so implausible when you consider the innocent ways they may occur. A calendar app, for example, can track your whereabouts to determine which is the closest available conference room.
A more important issue for many is fear of the “dreaded remote wipe”, as CIO calls it. Some employees refuse to participate in BYOD programs because of remote wipe fears. Others would “wait days or weeks before reporting a lost or stolen device so that IT wouldn’t wipe it”.
In the UK a Kaspersky study found that “more than three quarters (77 percent) of UK employees would omit from telling their IT department about the theft or loss of a company owned device within an hour of its loss … These results show that if a corporate notebook, tablet or smartphone gets stolen, thieves may have several hours to access the data on it before the IT department is able to take preventative measures.”
MDM software attempts to patch some but not all of these concerns. There are efforts being made, for example, to partition personal and corporate data and applications on a device. But this doesn’t always work, particularly for applications such as Evernote or e-mail that can be used for both personal and business reasons. Other solutions turn off remote wipe for fear of lawsuits.
Beyond the legal issues, what happens when an employee leaves a company? This is a routine occurrence at all companies. What about consultants, contractors and interns? How do you provision their devices for remote access, then ensure this access is turned off and the device is clean of all corporate data?
CIO Magazine concludes that with MDM solutions there is a looming liability cloud. Companies will need to add protections against employee lawsuits.
The market needed a better solution. This is why we founded Armor5. We allow enterprises to completely side step the heavy footprint of MDM software on user privacy protection. That horrible MDM never appreciated you anyway…
It doesn’t matter whether your content is already exposed via a web interface to your intranet or in a SaaS provider’s application, whether your data is stored on a Sharepoint server or some other network device. Legal liability concerns are a thing of the past when employees enjoy virtualized access to corporate data using the browser they already have installed on their favorite device. Armor5 virtualizes all of their favorite stuff and assures IT that sensitive information never gets downloaded to whatever device they choose.
We call our solution “Zero Touch BYOD” — zero client software, zero device maintenance, zero stored on the device.
More Reading
Stephanie Blanchard at Mobile Enterprise discusses The Privacy Expectation users have for their devices. Over 80% of employees own the smartphones and tablets they use for work. But, “not only are these employees unaware of who is seeing what, a majority is rather uncomfortable with the thought of employers reading personal email, texts, attachments or even just a list of contacts. More than half cringe at the thought of employers accessing photos, videos or voicemails.”
The post User Privacy & BYOD: Why MDM Doesn’t Cut It appeared first on Armor5.
