Each day business and technology leaders grapple with trade-offs when it comes to user privacy & corporate device management. Unlike in years past when a new employee was assigned a desk and a PC, workers today demand choice in how and where they can be most productive. And because the expectation of privacy at home is different from what people are used to when working in the office, we must recalibrate what those boundaries mean as these lines become further blurred. We sat down with Weldon Dodd, SVP of Community, Kandji, to discuss the balance between employee privacy and corporate device management in more depth.
What are some ways a company can learn to balance giving their employees control over their work devices while allowing them to maintain their privacy?
Personally-owned devices can present control and visibility challenges to IT organizations since security updates are not being regularly applied, making it difficult to measure the level of risk associated with BYOD devices and network connections. Because the expectation of privacy at home is different from what people are used to when working in the office, we must recalibrate what those boundaries mean as these lines become further blurred. Understanding the nuances of trade-offs in the hybrid enterprise can be illustrated with the all-too common scenario of an employee losing their iPhone. Most of us who have an iPhone are familiar with Apple’s Lost Mode feature that can help you track down a missing phone and remotely wipe it if it’s unable to be retrieved. It’s important to understand that unlike with a corporate managed device, Lost Mode is designed for consumers which requires a personal Apple ID. Apple provides the framework for a corporate-owned device to be located by the organization, but that method also requires the user to be notified that someone in the organization located the device, which might leave some users feeling uneasy about being tracked. Similarly an IT admin would probably be reluctant to wipe an employee’s personal device in the event they haven’t properly backed up their private photos and data.
How has IT changed in the last few years?
Every day, business and technology leaders must reckon with such trade-offs. This is especially true for today’s dynamic enterprise environment in which more employees have now been afforded the option of what type of technology they wish to use. Unlike in years past when a new employee was assigned a desk and a PC, workers today demand choice in how and where they can be most productive. Today’s IT environment looks strikingly different than it did just a few years ago. Between the rise of Bring Your Own Device (BYOD), and a global pandemic that hastened the current work-from-anywhere ethos, the hybrid enterprise is increasingly mobile, relying on a variety of devices and connectivity options. Personally-owned devices also present other control and visibility challenges to IT organizations since security updates are not being regularly applied, making it difficult to measure the level of risk associated with BYOD devices and network connections.
How can IT professionals help engender trust between users?
IT professionals should make strides to tell users what you’re going to do and why you're doing to help in establishing and maintaining trust. By doing this you can avoid users attempting to circumvent policies and deploying their own ‘shadow IT’ solutions. In order for users to trust IT, you need to demonstrate that it’s a two way street. When you clearly explain, “here's what we're doing and why we’re doing it,” in a way that they can easily understand, that kind of open and honest communication can go a long way and will make it much less likely that a user will go behind IT’s back and potentially expose your organization to unnecessary risk such as using a personal device for work that might have security vulnerabilities.
Why should companies establish compliance in their security protocol as early as possible?
Just as software developers are now being encouraged to implement security best practices across the entire software lifecycle rather than at the end of the cycle, IT organizations should likewise incorporate compliance-related processes and controls earlier in the device management lifecycle. Companies should be thinking about providing mixed access for both hybrid workers while sensitive corporate systems should be protected by a device trust system where access is only granted from a corporate managed and controlled device (and in some cases they should consider providing employees with company-owned devices). This not only offers flexibility to use a personal device for some occasions, but provides an important layer of assurance that sensitive corporate systems can only be accessed by a trusted device.
Should IT professionals lean into multi-platform management tools for company devices or native device management tools?
Apple and Windows represent very different computing paradigms and consequently shouldn’t be managed in a way that erases those differences. By employing a multi-platform management solution to manage both, you just end up washing away the unique benefits of each platform and deny the preference originally expressed by your users. As a result, users become frustrated by not being able to take advantage of the capabilities and features they have grown accustomed to, which ultimately just ends up creating more help desk tickets for the IT team. Conversely, choosing a native device management tool – one that’s purpose-built for the best experience possible on that platform – will go a long way towards enabling the experiences that your end users wanted to begin with and will be less likely to try and seek workarounds that directly conflict with existing policies. As IT teams grapple with the complexities that come with managing these hybrid device environments, they’ll need to likewise weigh the many privacy trade-offs that users will demand and government regulators will codify into law. ###