May 16, 2016 How to Balance Employee App access and security

How to Balance Employee App access and security

The atmosphere at workplaces changed drastically when the concept of BYOD (Bring Your Own Device) was adopted by some companies. The faith of companies in this concept was rewarded when they started experiencing an increase in employee productivity. The reason for this is that employees are much more comfortable in using their own devices for carrying out tasks in the company premises than to adapt to using the corporate devices provided to them.

How to Balance Employee App access and securityCredit: Hillyne / Pixabay

Since the need to learn using new devices and their features was taken away and replaced with employees using their own devices, the rise in productivity was rather predicted by many. Everything seemed good in the beginning, with employees happy to use their personal devices in the workplace and the corporate officials happy to experience the rise in employee productivity due to BYOD’s introduction.

However, as time passed, companies started backing off from BYOD. The reason for this was the highlighting of a flaw in the concept. The personal devices of employees were susceptible to being hacked, and if that were to happen then, the company data would be compromised along with the user’s personal data. Employees access, store and share corporate data through their personal devices. Doing this made their devices simple points of attack for hackers looking to access sensitive corporate data, and many cases of this taking place were reported.

These devices do have their own antivirus software, but their effectiveness is not even half as much as the desktop versions. People are not knowledgeable in the dangers their smartphones and devices face as well, making hacking these devices easier than it should be. It is not even necessary for an employee’s phone to be hacked by a malicious user. If for instance, the employee does not have a passcode on his or her device and their device is stolen, then all data on it is at great risk. Another threat is the employee retaining the corporate data even when he or she has quit the company.

They might not misuse it, and their device might be safe, but the company’s data is at risk perpetually. This brings one to a standstill, for the goods of BYOD are cancelled out by its bands. This makes things understandably difficult for IT personnel, with the only logical solution being better management of employee devices control over how they access and use corporate data.

How is this being done?

The realization of this issue has led to Enterprise Mobility Management becoming a trending field in today’s world. IT personnel experience some control over employee devices under enterprise mobility management. This control is related to how company data is accessed and used. From the viewpoint of maintaining the confidentiality of data, this looks good, but employees have something else to say on the matter. That something is issued about their privacy being invaded.

Employees believe IT personnel can snoop around in their devices all they want and access their personal information. Drawing a line between company and personal data in employee devices, therefore, is the obvious solution here. Security officials are of the view that it is their right to ensure that company data is secure. Remote erasing of data and managing data on user devices, according to them, are necessary things to maintain the confidentiality and integrity of company data.

However, what the employees say is not outright wrong either, which resulted in companies like AirWatch producing tools to make amends. Using their tools employees can onboard their personal and corporate devices without requiring assistance from an IT admin.

They also provide the feature for employees to know what is being pulled from their devices dynamically so that they always know how their devices are being accessed by IT personnel. AirWatch also said they will support two-factor authentication for tracking an employee’s GPS. This would need entry of two separate passwords by two different administrators. The employees will also be notified that their GPS is being tracked.

How can it be improved?

Things have surely gotten better, thanks to AirWatch’s tools. They have also provided security and privacy tips to the admins in addition to this. Keeping the two sets of data separate in employee devices is suggested as a good practice. This would prevent IT personnel mistakenly deleting a user’s personal data whenever he or she quits the company but the corporate data is still on their device. Employees have been provided guidelines as well, like providing the IT admins knowledge about their device if they have corporate data stored on it.

A lot more improvements can be made than what have been done already, as per the discussion above. Currently, EMM systems do not have the feature of managing the email clients used by employees on their device, which is something that should change. As of now, employees have total freedom to use their native email clients without the IT admins having any control on it whatsoever.

The instances of mobile devices being hacked via email clients are numerous, which puts corporate data at great risk. Managing secure browsers and app stores for employee devices for the duration of them being in the company premises is also highlighted by many as an important requirement.


BYOD boosts employee productivity; there’s no doubt about that. However, it also puts corporate data at great risk, which gives the concept a different perspective. The need for striking a balance between employee device privacy and security of corporate data stored on it is apparent from this article.

Some companies have good protocols in place for managing corporate data, but many companies have systems that can be called non-existent or absolutely insufficient. With cybercrime increasing at an astounding pace, now is a good time to make clear cut policies about managing corporate data on employee devices, what applications they access while they are on the company premises, and the overall security of their devices.

Leave a Reply

Your email address will not be published. Required fields are marked *