BYOD compliance is headache for most DevSec teams. BOYD policies aren’t just enhancing the way things get things. They’re fundamentally changing the nature of work itself in terms of what’s possible. And while this is leading to unprecedented levels of productivity and versatility (not to mention a few mid-meeting Candy Crush and Angry Bird sessions), it’s also forcing IT departments to implement new security policies that are, unfortunately, being greeted by employees with anger or amusement — or sometimes both.
Historically, there has been an unspoken, yet generally effective deal between employees and IT departments: employees sacrificed a degree of convenience and functionality when using employer-supplied computers and devices, in return for not getting yelled at by IT departments for breaking the rules (or worse, having to wait extra-long for IT support!).
However, the bonds that held this deal has begun unravel. In fact, some organizations are experiencing a kind of cubicle warfare between employees and IT departments — and it can be all traced back to an acronym that was supposed to be so friendly and cheerful: BYOD.
Why? Well, first let’s focus on why not. It’s not that employees have “gone rogue” and want to put their organization at risk. It’s a lot less convoluted, and a lot simpler than that: they just want to do their jobs and that has made BYOD compliance a headache for IT.
That is, organizations expect more preparation, productivity and performance from employees who avail themselves of BYOD programs. Yet, IT departments are forced to restrict employees from accessing certain functions and features on their mobile device, in order to keep the organization safe and compliant with data security and privacy regulations. Some of these restrictions include:
Making cloud backup services such as Google Drive, Dropbox, and others off limits.
- Only allowing access to corporate email.
- Deploying containers that force employees to utilize specific or proprietary apps, instead of those available on the market that would enable them to do their jobs faster, easier and better.
The result is that good employees — including some of the best performers in an organization — are being forced to choose between compliance and circumvention. Naturally, in a highly competitive workforce where the “next performance review” is often more influential than the last one, employees are choosing circumvention. Not because they want to; because they have to.
Fortunately, there is a better way. Organizations can adopt a data-centric approach that make BOYD compliance easier and allows:
- Employees to access the entire mobile eco-system and enjoy a native mobile data experience, so that they’re positioned to achieve their elevated preparation, productivity and performance goals.
- IT departments to grant access to employee-owned mobile devices, while ensuring that data is protected and controlled at the end point
- Organizations to get the peace of mind they need from knowing that their internal network is protected from all types of malware, and that corporate data accessed by employee-owned mobile devices cannot leak.
- Organizations can remain compliant with industry standards including FINRA, SOX, HIIPA and any other industry specific regulations
Ultimately, a data-centric approach gives employees, IT departments and organizations what they need in order to succeed. Plus, it replaces employee vs. IT department combat with teamwork, mutual understanding and a shared sense of purpose. How’s that for a nice bonus?
