As more employees seek to bring their own devices into the workplace, companies are struggling to find a balance between device usability and the protection of enterprise data. The recent Webroot-commissioned "BYOD Widening Employee-Employer Trust Gap, Survey Finds" survey from Harris Interactive validates other figures and percentages about BYOD acceptance levels, but it goes further than other reports to include a "bill of rights" for the employee.
The findings point toward a trend of the employees accepting fewer compromises in how they use their devices both at home and the office.
The past several years have seen a lot of energy put into the creation of BYOD policies, and IT consultants will suggest that these policies are needed before the first mobile device management (MDM) solution is put in place.
The issue is that the content of these BYOD policies is designed to protect the company and its information from the misuse or abuse by the employee.
But the BYOD shift means that employee wields much more decision making power than ever before. Employees are demanding that their rights are just as important as the company’s rights to the protection of information.
Employees can, and should, be involved in the decisions that will impact their personal information. While the concept of a bill of rights is understandable, the necessity for one is questionable.
What is undeniable is the reason a BYOD bill of rights has become an issue—the current capabilities, and limitations of our mobile technology is forcing corporate IT to require them. The root of this necessity is the design limitation of current mobile technology.
Most phones and tablets are single user devices; they do not have the capability to isolate personal data from business data. Managing to this device ecosystem, companies are trying to design a one-size-fits- all approach to the use of business and personal data.
But what if we changed the ecosystem?
What if a singular device could support all of the contexts of our lives—work, play, banking, healthcare, parenting—and allowed each context to have its own space on the phone or tablet.
In this ecosystem, the apps and data in one space could be managed separately and remain entirely separate from all the other spaces; rendering a bill of rights obsolete. If corporate IT could delete the company data from a personal phone at the discretion of the enterprise, without impacting or seeing any other personal data on the personal device, would that not satisfy both objectives?
If we knew that personal data was not visible to the company and IT staff, and that if someone changed jobs all of their personal data would remain intact on their phone would that not satisfy their needs?
Awareness of the information rights of the employee and device owner is a good thing. Not having to create a bill of rights and process-driven workarounds by having the proper supporting technology is a better thing.
Building trust in BYOD is not about being less intrusive; it is about restoring control to the owners of the data.