Sean Ginevan, director of strategy with MobileIron, said IT has, for years, been perceived as "big brother." He added the world is rife with stories in which IT installed spyware, key loggers, web traffic filters and other technologies onto users' devices. Often this was in the name of "security," but it was perceived as a way for the corporation to intrusively snoop on what employees were doing at the office.
“Rather than be the long arm of human resources, IT needs to act as an enabler for employees. Before deploying a BYOD program to employees, make sure there are tangible benefits for the employee,” he said. Provide tools for productivity beyond simple e-mail access; this can come about as cool applications that let the user be productive both inside and outside the office, secure web access to corporate intranet sites, or easy mechanisms to access business documents.
He said IT needs to proactively communicate these benefits as a part of rolling out the BYOD program and continue communicating the benefits of the mobility program inside the business as improvements are made.
“Be sure to also communicate early and often about privacy – not just what IT will and won't monitor but also why. As new features are introduced, like Apple's HealthKit, be sure to allay any concerns employees may have by proactively addressing what these technologies mean to the BYOD program, even if business has no plans to leverage these new features internally,” he said,
How would you set up a company network to make employees feel safer?
Ginevan said that can be accomplished with tools like the use of certificates that can help ensure that any information the employee transmits over the corporate wi-fi can’t be intercepted by attackers. Moreover, many of the corporate security tools, for instance monitoring that the operating system is up to date and whether it has been tampered with, ensure that end users' private data is protected alongside corporate data.
Hoyos reiterated security awareness training is the number one way to secure all of the endpoints, including those not owned by you which are clearly authorized to interact with your assets (read: BYOD). Nevertheless, there are several technical tools available to secure those interactions.
"But, it is imperative to find the right balance between security and the friction your end users must deal with, especially if those tools are impacting employees' own mobile devices," he said.
Sign up for CIO Asia eNewsletters.