Protection vs privacy: the problem with mobile device management
Concerns about data security skyrocketed following Facebook’s data breach scandal. Businesses must protect their data, but employee privacy shouldn’t be compromised in the process
Recently, Facebook has been making headlines for all the wrong reasons. While it’s common knowledge that social media sites gather personal data from users, the Cambridge Analytica scandal has revealed the volume of sensitive information Facebook collects. The company’s data gathering practices go far beyond users’ in-app behaviour, extending to the logging of all calls and SMS messages sent and received by devices on which the app is installed.
The uproar caused by the scandal quickly eroded the public’s trust in Facebook, leading to calls for users to delete Facebook and leaving an indelible mark on the company’s reputation.
While criticism remains focussed on Facebook, Cambridge Analytica and Mark Zuckerberg, another threat to privacy has been left unchallenged, and it exists within many organisations: mobile device management (MDM). Research suggests that the MDM market is set to reach $7.86bn by 2023, however, just like Facebook, MDM invades user privacy in several ways, which are often unknown to employees and even businesses themselves.
MDM invades user privacy in several ways, which are often unknown to employees and even businesses themselves
A security fix
MDM is a mobile security tool designed to prevent data leakage within business environments that employ ‘bring your own device’ (BYOD) policies. MDM typically takes the form of an agent that’s installed on users’ devices.
Once an agent is in place, key security functions such as password protection, remote data wiping and rejecting unsafe WLAN networks can all be enforced from a centralised admin interface. As such, organisations often see MDM as an all-in-one security solution for many of the concerns associated with BYOD.
The privacy problem
While MDM solutions can help organisations prevent data breaches, they also raise significant questions regarding employee privacy. Many MDM tools let employers monitor all device activity – including personal calls and web traffic – at any given time.
In addition to this, MDM allows IT teams to perform a variety of remote actions such as locking devices, monitoring employees’ locations through GPS and even wiping data from laptops, tablets and phones in the name of corporate security.
When an organisation enables BYOD, employees are able to use their personal devices to access data that can be used for work tasks. Naturally, the enterprise wants to secure these endpoints – with MDM as the security solution of choice. However, access to data is a two-way street with MDM, as IT teams are granted access to employees’ devices. As such, there is increasing reluctance among employees to allow MDM agents to be installed on their personal devices.
Recent stories of data breaches, such as those involving Facebook, have intensified concerns about privacy, causing many to pay closer attention to the personal information their employers can access through MDM tools. Our research suggests that MDM is facing a growing backlash, with only 44 percent of those questioned stating that they would allow MDM to be installed on their personal devices.
When organisations mandate that MDM be installed on the personal devices of resistant employees, it inevitably leads to ‘shadow IT’. Shadow IT refers to the unauthorised tools and applications that employees use in place of sanctioned options that are enabled by MDM. This practice creates a lack of visibility and control over data, demonstrating the need for a security solution other than MDM, one that preserves employees’ privacy while protecting businesses’ data.
For BYOD initiatives to work, they must ensure data security and respect employee privacy. Fortunately, there are a growing number of MDM alternatives that have found a way to strike a balance between the two. In particular, cloud-based, agentless tools allow IT teams to protect corporate data without installing invasive agents on employee’s devices.
Cloud-based, agentless tools allow IT teams to protect corporate data without installing invasive agents on employee’s devices
These solutions have capabilities historically only available with MDM, for example, data loss prevention and remote wiping of endpoints. Additionally, because there is no need to install agents on all devices accessing corporate data, agentless solutions can be deployed much quicker than MDM.
BYOD has become essential to workplace productivity for many organisations, meaning they must secure devices rather than ban them. However, intrusive MDM tools are becoming increasingly unviable; employees commonly reject solutions deemed to invade their privacy. Fortunately, agentless solutions can meet all the demands of modern business. By deploying these tools, organisations can protect their sensitive data without compromising user privacy.