With over 67% of employees in the US now using their own devices for work, more and more companies are beginning to recognize the benefits of implementing BYOD policies in the workplace. Allowing employees to use their own mobile devices, including smartphones and tablets, for work purposes can help to reduce costs by eliminating the need to provide devices, training and support, and can help to increase productivity by allowing employees more convenience and flexibility when completing work-related tasks. With these benefits however, also comes risks. Cyber-crime and security threats pose a serious danger to company data, especially as it becomes accessible on many different devices and networks both inside and outside the corporate environment. As well as this, organizations can face extortionate costs due to the huge amount of data inevitably used by increasing enterprise mobility. Many businesses have already realized these issues and have deployed Mobile Device Management (MDM) solutions to provide protection and controls in response, however it seems to be commonly accepted that in order to enforce these security measures, employee privacy must be compromised. But is this really the case? Is it possible to protect mobile devices and corporate data all while respecting employee confidentiality and right to privacy?
Privacy, especially on mobile devices, has become a major concern for many employees as the line between corporate and personal devices continues to blur. In most workplaces, it is widely accepted that activity on corporate-owned desktop devices will be filtered and monitored by an IT or security team in order to prevent exposure to cyber attacks or access to inappropriate content. However, when it comes to mobile devices, employees often have a completely different attitude and set of expectations. In most cases, mobile devices are used by employees for personal business outside of the office as well as for work and therefore, employees are less likely to allow corporate IT teams to monitor their usage and activity. Activities such as text messages, social media, and internet browsing history are very personal and understandably, most employees would not be comfortable with this information made available to their employer. This seems to be the case for one company where 57% of employees recently said that they do not participate in company BYOD programs in order to avoid the IT department seeing their personal data and applications. A report released in 2016 found that many MDM software solutions, intended to monitor general security and protect against threats, could be used to collect personal information and intercept text messages, emails and other personal communications of employees’ from the admin panel. This report also found that there was very little in the installation process of these solutions to suggest to employees that they were being monitored or to indicate an attempt had been made to obtain their consent to view their personal data. This seems to be a genuine fear of many employees, that once installed on their device, an MDM solution will give administrators access to personal device activities including GPS and location tracking, text messages, private photos, browsing history and banking and credit card details. It is also often feared that organizations will obtain the ability to remotely wipe or lock employees’ personal devices, a concept which obviously does not appeal to many employees. Despite these fears and employee apprehension, BYOD policies do not seem to be going anywhere soon and therefore security and controls will need to remain in place to protect corporate data. A solution is needed that can allow device security and employee privacy to co-exist without one compromising the other.
Corrata’s ‘Zero Gateway’ solution
At Corrata we recognize that there is a balance to be found between security and privacy, and we built our solution with this in mind. Both our Mobile Internet Security solution and our Mobile Data Control solution integrate with existing MDM services and operate using our unique ‘Zero Gateway’ architecture which ensures that only security-critical data is collected and analyzed. By operating only on the device, mobile traffic is never re-routed through a proxy or gateway meaning that Corrata’s solutions operate without the need to collect any information about individual device activity, such as browser history or app usage. All information imported into the admin console remains anonymous and is restricted to relevant data, such as whether access to a malicious site was blocked or the amount of cellular data used. With Corrata, organizations can gain visibility, control, and protection for their mobile fleet, while employees can rest assured that their privacy will not be invaded or compromised.
For many businesses today, implementing a BYOD program as well as what exactly can and cannot be done with an MDM solution is governed by data privacy and protection legislation, which can vary depending on the market or country in which the business or the employee is situated. In May 2018, the General Data Protection Regulation (GDPR) enforced requirements on any business with customers or employees in the EU. Under this new regulation, any employee data that is monitored or stored by their employer must be proportionate and must have legitimate security benefits that justifies its collection. Employees must also be informed and give their explicit consent to their data being stored and failure to comply with these new requirements will result in penalties and fines from the EU. Unlike other gateway-based approaches that run the risk of being non-compliant, Corrata is GDPR compliant by design. The ‘Zero Gateway’ architecture ensures that only the minimum amount of data is collected and by doing so on the device, administrators are never given access or visibility to private, personal information. Employees must also consent to installing the Corrata app onto their mobile devices and are made aware of exactly what information will be made available to their employers.
With Corrata, enterprises have now discovered that it is possible to have visibility and control over mobile devices, all while ensuring that employee privacy is respected and legal requirements are met. As it turns out, it’s simply about finding the right balance.
To find out more about how Corrata’s solution could help protect your organization’s mobile devices and your employees’ right to privacy, visit www.corrata.com or email us at firstname.lastname@example.org.