By Ted Wolcott, PhD, Chief Strategy Officer, Quokka
Mobile devices may not have changed fundamentally in recent years, but the way they are used within businesses has. The massive shift toward work-from-anywhere policies means that employees are no longer just bringing their own devices to the workplace. They’re increasingly relying on personal devices to conduct work remotely – and creating new privacy and security challenges for mobile device managers in the process.
Here’s what the work-from-anywhere phenomenon means for mobile security and BYOD management, and how administrators can meet newfound challenges while also protecting the business and respecting employee privacy.
How Remote Work Has Changed BYOD
The practice of bringing personal devices to work is nothing new, of course. For decades, businesses have allowed employees to use personal phones, tablets, and other mobile devices while working on-site, and they’ve defined Bring Your Own Device (BYOD) policies to govern exactly how those devices can be used.
What has changed over the past few years, however, is that large numbers of employees – about 45 percent, according to Gallup – now work fully or partly from off-site. Before 2020, that number was as low as 6 percent.
For today’s remote employees, BYOD doesn’t mean simply bringing personal devices into the office and using them for personal reasons. It often involves using devices to work remotely. Remote employees are likely to use personal devices to join meetings, access enterprise SaaS software, manage two-factor authentication, and so on.
Practices like these create a huge difference from a mobile device management perspective because employees are now relying on personal mobile devices to conduct work. They’re no longer merely bringing them into the office and placing them on their desks while they use other, company-owned devices to perform their jobs.
It’s worth noting, too, that even if businesses give remote employees company devices to use when working out of the office, special security challenges still apply. Those devices are typically connecting using networks that the business doesn’t control, which exposes them to additional network-borne security risks. They are also more difficult to secure physically if employees are constantly using them off-site. And if the devices never connect to the local corporate network, administrators can’t perform the same types of security scans and monitoring that they could when employees bring mobile devices to the office.
All of the above means that businesses with work-from-anywhere policies face a host of new mobile security challenges that wouldn’t apply in settings where workers simply bring personal devices into the office. Conventional BYOD policies, which assume that personal devices are not routinely used for business purposes and that they can be managed through a network that the business controls, don’t suffice for meeting these challenges.
How to Manage BYOD for Remote Workforces
Now, the question for mobile device administrators has become: How can they enforce strong mobile security protections for devices that rarely or never come to the corporate campus and don’t always operate on a corporate network?
The answer starts with developing traditional BYOD governance guidelines that spell out what remote employees should and shouldn’t do with remote devices.
But those guidelines don’t enforce themselves, which is why businesses also need a way of automatically scanning and monitoring remote mobile devices for security risks. To work well, mobile device security solutions for remote workforces should be capable of the following:
- Enforcing security policies on remote devices that aren’t connected to a local corporate network.
- Controlling which business applications, data, and other resources the mobile devices can access, even if the devices are off-site and connected via remote networks.
- Managing mobile security risks at the application level rather than the device level. This is the only way to secure remote devices that employees use both for personal reasons and for work, and which therefore host business as well as personal apps.
- Detecting and evaluating security risks without collecting large volumes of personal information from employee-owned devices. This is crucial because remote employees who rely on personal devices to conduct work are likely to resent having to expose personal data to their employers’ MDM software. Plus, collecting personal data could create compliance complications for the business.
Ultimately, the goal of modern BYOD strategies should be to detect and remediate mobile security risks in a granular way while simultaneously protecting users’ personal information.
Conclusion
The work-from-anywhere revolution has blurred the lines separating personal mobile devices from business devices like never before. Expecting employees to bring devices to work but use them only for personal purposes is no longer realistic. Nor is relying on the local corporate network to contain mobile security threats and enforce security rules as part of a BYOD policy. BYOD for remote workforces requires more extensibility, more granularity, and – last but not least – more attention to employee privacy.
