Privacy vs Security: Finding the Right Balance
How do you keep company data safe without compromising employees’ privacy?
With over 67% of employees in the US now using their own devices for work, more and more companies are beginning to recognize the benefits of BYOD policies. Allowing employees to use their own mobile devices, can help to reduce costs. Eliminating the need to provide devices, training and support increases productivity. It also gives employees more convenience and flexibility when completing work-related tasks. However, with these benefits also comes risks.
Cyber-crime and security threats pose a serious danger to company data. This includes devices on networks both inside and outside the corporate environment. As well as this, organizations can face extortionate costs due to employee data overages. Many businesses have already experienced these issues. As a result, they have deployed Mobile Device Management (MDM) solutions.
However, many think that in order to enforce these security measures, technology must compromise employee privacy. But is this really the case? Is it possible to protect mobile devices and corporate data all while respecting employee confidentiality?
Privacy, especially on mobile devices, has become a major concern for many employees. This is especially apt as the line between corporate and personal devices continues to blur. In most workplaces, employees accept that IT teams monitor activity on corporate-owned desktop devices for security purposes.
However, when it comes to mobile devices, employees often have a completely different attitude. In most cases, employees also use mobile devices for personal matters outside of the office. Therefore, employees are less likely to allow corporate IT teams to monitor their usage and activity. Activities such as text messages, social media, and internet browsing history are personal. Understandably, most employees would not be comfortable with their employer seeing this information. This seems to be the case for one company where 57% of employees recently said that they do not participate in company BYOD programs. The reason? To avoid the IT department seeing their personal data and applications.
The problem with MDMs
A report released in 2016 found that many MDM software solutions could be used to collect personal information. They could also intercept employees’ text messages, emails and other personal communications. This report also found that there was very little in the installation process of these solutions to suggest to employees that they were being monitored or to indicate an attempt had been made to obtain their consent to view their personal data.
This seems to be a genuine fear of many employees. They believe that once installed on their device, an MDM solution will give administrators access to personal device activities. Examples include GPS and location tracking, text messages, private photos, browsing history and banking and credit card details. It is also often feared that organizations will obtain the ability to remotely wipe or lock employees’ personal devices.
Despite these fears and employee apprehension, BYOD policies do not seem to be going anywhere soon. Therefore, security and controls will need to remain in place to protect corporate data. Employers need a solution that allows device security and employee privacy to co-exist without one compromising the other.
Corrata’s ‘Zero Gateway’ solution
At Corrata, we address the balance between security and privacy. In fact, we built our solution with this in mind.Our solution integrates with existing MDM services. It operates using our unique ‘Zero Gateway’ architecture. This ensures that only security-critical data is collected and analyzed.
By operating only on the device, Corrata has no need to re-route mobile traffic through a proxy or gateway. This means that Corrata’s solution operates without collecting any information about individual device activity, such as browser history or app usage. All information imported into the admin console remains anonymous and includes only relevant data. Examples include blocked malicious sites or the amount of cellular data used.
With Corrata, organizations can gain visibility, control, and protection for their mobile fleet. At the same time, employees are confident that the technology does not invade their privacy.
For many businesses today, mplementing a BYOD program as well as what exactly can and cannot be done with an MDM solution is governed by data privacy and protection legislation. This can vary depending on the market or location of the business/employee. In May 2018, the General Data Protection Regulation (GDPR) enforced requirements on any business with customers or employees in the EU. Under this new regulation, any employee data that is monitored or stored by their employer must be proportionate and must have legitimate security benefits that justifies its collection. Employees must also give their explicit consent. Failure to comply with these new requirements will result in penalties and fines from the EU.
Unlike other gateway-based approaches that run the risk of being non-compliant, Corrata is GDPR compliant by design. The ‘Zero Gateway’ architecture collects only the minimum amount of data required. By doing so on the device, administrators have no access or visibility to private, personal information. Employees must also consent to installing the Corrata app onto their mobile devices.
With Corrata, enterprises have visibility and control over mobile devices, while ensuring that they respect employee privacy. As it turns out, it’s simply about finding the right balance.