There’s a variety of methods IT departments use to manage bring-your-own-device (BYOD) users. It ranges from limiting access to the internal network – no different, say, than accessing your business email from home – to putting managed apps on devices to installing a ring-fenced operating environment. SAP, for example, provides companies with a way of creating a sealed-off area on consumer-grade phones.
Limiting access isn’t intrusive, but it greatly limits the company resources an employee can access with his or her phone. You might be able to read your email but not access the company’s CRM (customer relationship management) system, for example.
Creating a sealed-off area on the phone gives the most security and offers the greatest access to corporate resources. It’s also the most expensive way for a company to do it. It is intrusive, in the sense that you don’t have the same level of control over what’s in the sealed off area as you do over your own apps, but it has little or no effect on those apps. And the IT department, in theory, can’t access your data, just the stuff that’s inside the ring-fence. Most people might even like it – they don’t have to worry about their kids picking up the phone and accidentally emailing clients.
It’s the middle ground – installing corporately managed apps – where IT management can be intrusive, because security is provided, in part, by usage policies rather than largely invisible technology. It’s frustrating for both employees and IT managers. Companies will eventually move to one end of the spectrum or the other, or both, and get out of the middle ground. No one likes the arm wrestling involved and ultimately it’s doomed to fail.