Today I have been reading an interesting article about Bring Your Own Device. I loved the title; The Dark Side of BYOD and it covered Privacy, Personal Data Loss and Device seizure. Do read it for the complete story. It is spot on!!
The article covered what could happen to your personal device, like a phone or tablet when you also use it for work related activities. Companies will enforce ActiveSync policies like use of a password, remote wipe and lock. What happens when a relative doesn’t know the password and used the wrong password 3 times? Your phone could get wiped because of company policies. Your company data is sensitive so I do understand the policy. Most likely company data can be restored but what about your personal data like music and pictures?
Also, think about privacy. What when an investigation is going on at your company and they require your device? What about your personal data, bookmarks, music (legal/illegal), pictures of your family and also data around location tracking? Do you really want your company to know/see all that?
So, how do you handle “the dark side”? I have to say, this is keeping me busy. Is there a perfect way of handling BYOD and can you use this for all different devices? Perfect might not be the right word. User freedom/usability and security/privacy are competing and how strictly do you want to separate the personal and corporate side?
Let’s start with mobile devices; phones and tablets. I wrote and article about VMware Horizon Mobile a while ago. Still in beta but I do believe this is the solution for mobile devices. VMware Horizon Mobile is basically putting a corporate virtual Android phone on someone’s private Android phone. IT only controls the vPhone and can only monitor what’s happening on there. Also, wiping the vPhone is the only wiping they can do. Privacy shouldn’t be an issue as well. Personal data and corporate data are separated and it should be possible to have separate billing of voice and data. Even without separate billing of voice and data, privacy should be covered in my opinion. The company being able to find out where you have been isn’t that big of a deal to me.
VMware Horizon Mobile is about Android but what about iPhones? I don’t have a answer on that. Maybe Horizon Mobile will become available for IOS as well. Maybe companies can provide specific, more intelligent applications, which they can manage individually instead of just wiping the complete phone. But then again, what about privacy? Just accept that part?
Another challenge are BYO-laptops. What solutions are there today to separate personal and corporate identity and secure privacy?
Of course, email is most likely accessible with an application and you can generate data when you want locally. You probably won’t have the remote wiping issue because I can’t see my company wiping my MacBook. But, it isn’t secure and also privacy can be an issue. IT can’t set policies on my personal device. Also, there are applications, which for example don’t run on Mac OSX.
VMware Fusion and Workstation could be used. Everything will be separated perfectly but is that the way to go? I have to say, from a user perspective it works, at least for me. I have a MacBook Pro, which I use personally. I ran VMware Fusion and on Fusion I have my corporate vDesktop. The only downside it, that I use Windows as my corporate VM. It isn’t about Windows specifically but I can’t use the OS I’d prefer when I want complete separation. From a company perspective I can imagine this isn’t what they want. Companies give employees an amount of money for them to buy a personal device and on top of that companies need to develop, roll out and maintain vDesktops to remote devices. I can see a win for companies but is it significant enough?
What solutions are there when you leave Tier 2 solutions like Workstation and Fusion out of the picture? Yes, of course, VDI!! Complete separation, secure and privacy secure. But also in this case, Windows might not be the OS users want to use. Also, connectivity might be an issue. Offline desktop/Local Mode isn’t available for Mac devices.
Anything else, that might help? Well, Horizon App Manager might be the solution for BYO-laptops. “Might be” because in-depth details are still unknown or not publically available. Also not all planned features are currently in Horizon App Manager. Horizon App Manager is a central user portal with strong identity management, which has different techniques to bring applications to end points. VDI might be a technique but also, ThinApp, XenApp, Terminal Service etc. On top of that policies can be set; which application will be available, when, on which devices, from which location. Integrate Octopus for data and this could be a secure solution for BYO.
It’s interesting to see, in my opinion that the security/privacy and data loss risk with BYO-mobile devices, currently is high for the user and not for the company but this is vice versa when you talk about BYO-laptops. Today, secure BYO is difficult to realize on mobile devices and laptops. It’s either, take that risk of wait for a complete solution. I will try to be careful, separate as much as possible and use Cloud services as much as possible. Now it is time to stop thinking about it and wait patiently. Now, that’s a challenge.