Making BYOD Work, Safely

Achieving an effective bring-your-own-device (BYOD) program has been aspirational for many IT organizations. There are explicit security and privacy concerns, which have led many admins to sour on the concept, despite its benefits. Admins have even reluctantly accepted the risk of personal PCs being left unmanaged, which leaves gaps in management and visibility.

Today, those challenges can all be overcome by new technologies and an administrative framework that reduces costs and overhead, and improves your speed of execution. It’s particularly important for IT to get BYOD right as hardware and maintenance costs rise amid a competitive market environment. 

This article will empower you to hit the reset button on how both sides — workers and the company — think about this problem. It shares prescriptive steps with solutions that make it possible to make BYOD work safely.

The Significance and Challenges of BYOD

BYOD started to gain momentum as the cloud emerged and smartphones took off in the early 2000s. Harvard Business Review observed that BYOD behavior was rising, even when it wasn’t an officially sanctioned practice. The trend was undeniable as employees sought to be collaborative, fast, and effective. The use of personal computers also rose significantly, which introduced security concerns like Shadow IT, or the use of unknown or unapproved IT to conduct business activities.

Point solutions emerged to meet the demand for a response, but many companies tacitly permitted the practice without any tool to manage the process. This approach gives personal devices considerable access and trust without any accountability. And it’s no surprise that this has become the reigning practice, as most end users are deeply concerned about their privacy and object to corporate control over their devices.

It’s understandable that most organizations still have not been able to make BYOD work effectively. Either they allow BYOD and appreciate the cost advantages, but are left insecure, or they disallow it entirely. The latter leaves users discouraged and leads to expensive hardware purchases for the business.

A New Outlook

Interest in BYOD waned pre-pandemic for a variety of factors, though most notably for security reasons, due to corporate data leakage, malware, and users having local admin privileges on their endpoints. Security incidents also increased during the return-to-work era following the global pandemic. Employee-owned devices were designated as an insider threat by many to be mitigated rather than an asset.

Despite these risks, the global nature of organizations today and cost of procuring/managing hardware around the world has generated renewed interest in making BYOD work in the post-pandemic world. Companies of all sizes struggle with employee turnover, security, and supply chain. BYOD is being revisited with a focus on doing it safely to protect applications and data.

Making BYOD Work

BYOD isn’t just a technical problem to be solved; it must be governed and managed at the people-level too. A successful program combines technology with a mutually beneficial and understandable proposition for employees. We’ll explain how to get started with just a few simple steps.

Technical Controls to Balance Privacy and Security

A unified endpoint management (UEM) service, where all devices are managed cross-OS, provides configuration options for BYOD that respects privacy and protects corporate data. This can be accomplished while ensuring a healthy device posture. Integrating cross-OS device management with identity and access management (IAM) also enables a Zero Trust security strategy.

Apple and Google have largely solved this problem for smartphones and tablets. Their systems are credible in terms of separating personal and business use. IT can help to put employees at ease by informing them about those privacy safeguards by including links to the safety information of those mobile device management (MDM) controls. Most users are comfortable with allowing their devices to be enrolled in corporate MDM programs once they’re shown the separation and privacy controls. 

Your organization needs to address the usual sticking point in BYOD programs — laptops and desktops. The solution is straightforward — end users can leverage their personal devices as long as they can be secured by corporate IT management tools which include MDM solutions, endpoint detection and response (EDR), and remote monitoring and management (RMM) tools. These tools allow the organization to ensure that devices are safe and will not cause a security risk. We’ll outline how to obtain employee buy-in below.

Other controls include security training to raise awareness about IT hygiene and phishing, as well as network segmentation for BYOD devices that are mapped to your apps and workflows. Also, consider using a password manager to keep sensitive passwords secure instead of permitting users to store passwords in their browsers or personal device keychains.

Administrative Prowess 

There needs to be a shared understanding that the organization values security and control over their corporate data. Organizational leaders need to help their users be productive, but do so in a safe way. For end users, it’s important to understand that corporate security and supporting that value is essential. Most organizations have no interest in violating their employees’ privacy, so starting with a positive message of intent helps a great deal.

Shared Responsibility

A first step to enable this shared understanding is to create a BYOD policy document that outlines the program, its intentions, and the guidelines/rules of the road. This will help both sides create clarity and build trust in a BYOD program that can work/function safely and not violate privacy. It is also important to incentivize user buy-in.

Incentivize Participation

Many workers have high-quality personal devices that can be used for work functions, but how can organizations take advantage of this while maintaining security? The short answer is to adjust the way that both sides — workers and the company — think about this problem.

The organization can compensate the end user for allowing the company to place security tools on their machine and for the right to use their machine for business purposes. This practice eliminates the need to acquire corporate laptops or desktops, which is beneficial for geographically distributed organizations or when turnover is high. This arrangement also represents an agreed-upon contract that encourages both sides to do the right thing.

This arrangement compels a choice for both sides — you can go along with an organization having more control over your personal device and be compensated, or if you opt out, the organization can procure hardware for employee use.

Establish Trust

BYOD is a win-win where the company ensures security without having to purchase hardware, and the end user receives compensation for the use of their personal machine and the placement of security software on their device. Inherent in this transaction is an organizational commitment to operate ethically, use tools to protect privacy, prevent eavesdropping, and curtail “big brother” accusations. 

This can be an elegant solution to ensuring that BYOD can work, if the end user and the organization work to build and maintain a relationship based on trust.

How JumpCloud Can Help

Cross-OS device management is a critical technical component of a BYOD strategy. JumpCloud pairs the ability to manage every endpoint with an open directory platform for IAM to secure every identity. This unified approach delivers strong access control while consolidating IT management tools into a single console for increased operational efficiency. Unified device and identity management provides detailed reporting to track events, identities, and other assets. 

Plus, its technical controls can seamlessly fit into your workflows. JumpCloud offers an optional password manager and the ability to configure phishing-resistant authentication for all PCs using JumpCloud Go™. You can try JumpCloud for free to determine if it’s right for your organization.