A recent survey by MobileIron found that 80% of respondents are now using personal smartphones or tablets in the work place. Intuitively this makes a lot of sense. I work in the heart of the Silicon Valley and see a ton of badged employees checking their work email on their personal devices as they wait for the salads at Specialties. It’s really easy to tell who works in marketing or BD (iPhone user) and who works in IT or engineering (Android)….or who moved here from the EU (Microsoft) and is still waiting to upgrade their device.
I still marvel at why people want to bring their own device to work…and why companies allow it with very little consideration given to data security and device management. I remember how excited I was in the early 2000s to get my company issued mobile phone. “Wow, I can make business calls AND personal calls…and I don’t need to buy my own phone! Or pay for my plan! Killer.” Now that attitude has evolved to me wanting to access my work email on my own device…and wanting my company to pay for the service plan. After all, I am using my personal service plan to make work calls and check work email. Given this use case, why shouldn’t I want my company to buy the phone as well? Seems logical to me.
We use our laptops for business and personal use and we expect the company to buy those as part of the workplace. It’s RARE that someone wants to use their own laptop at work…and is even greeted with a degree of suspicion for what kind of secrets he or she wants to steal. For example, I had an employee who wanted to write code on his personal laptop. I was adamant that he writes code only on a company laptop out of fear that we’d lose control of the code…let alone having the code physically leave when/if he left the company or lost the laptop. Clearly this was during a time when consumer facing cloud storage solutions were not prevalent.
So why are there varying employee expectations for mobile devices and laptops? I think the big difference lies within HOW the employee uses the mobile device and what technology is available on the handset. The handset is a camera, online radio, game console, and an access point to social media. All these use cases are driven by personal preference and interest. I can think of only three common use cases on the work front: check work email, make work calls on the road and dial into WebEx meetings while commuting. Conceptually, the mobile device represents an employee’s personal life…and the employee wants to connect their personal life to the company and all it’s proprietary information.
Let’s take a 15 second commercial break and ponder the significance of this and the implications it has for businesses.
Controlling how much access these “personal life” devices have to company data is MISSION CRITICAL for protecting proprietary information and conforming to regulatory environments. Controlling access is also critical to protecting customer data and preventing breaches from unscrupulous employees. Unfortunately, I can speak to several occasions where I’ve witnessed colleagues opening up sensitive data on their phone…to then upload a file to a personal cloud service. Or instructed company visitors to log on to Wi-Fi…to unknowingly providing them access to the same network files that NDA’d employees have access to. Wow, this is scary when you think about it, isn’t it?
So what to do? No matter how small the company, business must embrace the fact that employees want to bring their own device to work…or better put, want to meld their personal life with their professional life. Internet technology managers must also make implementing an enterprise mobility management (EMM) solution a top priority to control who has access to what company data and through which access points.
There are several EMM solutions out there and it’s up to IT leadership to assess their solution needs and approach the right vendor. However, the lagging IT manager will rue the day that he/she pushes off implementing a solution “until next year.” The Internet and cloud connected nature of mobile devices is a ticking time bomb for important data to leave the company. It’s just a matter of time until the data escapes.