A lot of coverage has been dedicated to BYOD and security from the employer’s side of things. Now an interesting new study out from AdaptiveMobile shows what employees don’t know about BYOD, which is mostly how much control employers have over those personally owned devices.
According to FierceMobileIT:
The study of 1,000 IT decision makers and 1,000 employees, conducted by Harris Interactive, found that 83 percent of staff would stop using their own device or still use it with deep concern, if they knew their employer could see what they were doing at all times. With 61 percent of enterprises already having this level of access in place, and with a need to increase control to address growing security threats, organizations could face a backlash in their employees' willingness to adopt BYOD.
Another issue the survey pointed out was that while 91 percent of employers say they have a policy in place to protect against security breaches, less than half of the employees using BYOD have any idea that those policies exist.
Talk about a disconnect between policy and practice!
The folks at AdaptiveMobile added that this division creates new opportunities to approach BYOD security differently. Gareth Maclachlan, chief commercial officer at AdaptiveMobile said:
To prevent employees rejecting BYOD and maintaining control over their personal device and usage, a solution is needed that maintains user privacy, whilst also keeping the enterprise free from exposure. A hosted security service, delivered via operators, would give employees peace-of-mind that their own usage is protected, while still giving enterprise administrators complete control over corporate access, usage and integrity.
I’m not sure that a whole new approach to BYOD security is necessary, though. My reading of this report shows a sincere lack of communication between the decision makers and the employees. Who is to blame if employees don’t know about a company’s BYOD user security policies? It could be the laziness of employees to learn the policy, but at the same time, it could also be that the policy was set but without any sort of directive on how to properly educate employees who are affected.
The survey also raises the question on employee BYOD and privacy. How much access should an employer have to personally owned mobile devices in the name of company security? I don’t have an answer to that because it is a tricky question. In my opinion, the issue should focus more on what employers allow to be accessed via personal mobile devices and on what end should the data be secured.
BYOD security is a lot more complicated than it appears on the surface. This survey, though, reveals the need for more openness between decision makers and employees when it comes to BYOD use and security policies.