Depending on who you ask, Bring Your Own Device (BYOD) – the practice of allowing employees to use their own computers, smartphones, or other devices for work purposes – is either the greatest advancement in work productivity since the personal computer, or a death knell to information security.  

The reality is that BYOD lands somewhere in the middle of these two extremes, and is not going away anytime soonSixty-five percent of mid-size and large enterprises either already permit BYOD use today or plan to permit BYOD use in their organizations in the near future. 

As we’ve seen with other technological advances, if businesses lag behind the experience their employees enjoy personally, they will go around every policy and roadblock the IT team tries to put in front of them. The result can be a tragic loss of customer data and company intellectual property.  

Here are three myths that are causing BYOD headaches in many organizations today: 

Myth 1. BYOD is just a technical challenge, focused on the actual devices employees use. 

If you think BYOD is only a technical challenge, think again. It is a people and process challenge, too. Most users already have more than one device they use on a regular basis, and don’t want to have to carry a second device or learn a new operating system. IT teams want to implement separate devices because they are generally easier to support and secure than having to worry about multiple operating systems. Human Resources teams may not like BYOD because it gives the impression that employees should be working 24/7 or force the company to pay hourly employees overtime because they can perform work duties when they are “off the clock”.  

Devices are simply a conduit for information. BYOD goes much deeper than the device. Instead of asking “What kind of device can a person use for BYOD? ask these questions instead:  

  • What is the purpose of BYOD for my company? 
  • To what information do the end-users need access? 
  • What level of protection does that information require? 
  • Can or should data be stored locally? 
  • What are the access points?  

Myth 2: Employees will accept standard Mobile Device Management and Mobile Applications Management solutions.  

Many employees view mobile device management and mobile application development as too invasive and restrictive, too much like Big Brother. They bristle at being told they can use their phones for work purposes but must allow the company the right to “remotely wipe” them  remove all data from the device – if it is lost or stolen. It’s understandable why companies want to reserve this right: The big concern around BYOD security isn’t malware and viruses, it is data leakage and loss. If your phone is lost or stolen, the company doesn’t want information falling into the wrong hands. At the same time, though, an employee doesn’t want you to be able to access personal text messages, emails, or pictures that have nothing to do with their job.  

To solve this issue, consider taking advantage of the advances made in “container” technology. Also referred to as sandboxes”, they enable companies to allocate memory on a device for a special purpose – such as corporate data and applications – with its own built in security and separated from the rest of the phone’s memory. Sandbox environments provide a safe place that have a clear and fairly minimal impact on the personal device. Employees would be more open to allowing remote wiping if they knew it would only happen to a part of their phone that didn’t contain photos from their last family vacation at Disney World 

Myth 3: You can create a blanket BYOD rule that applies to all employees around the world. 

Given the global nature of our businesses, this is impossible. Take the United States as an example. There is no single privacy policy that applies to every industry and state. The U.S. has a patchwork of privacy policies that overlap and in some cases conflict with one another. Now let’s add in other countries to the mix, each with their own set of privacy regulations, union work rules, and tax laws. Trying to create a single rule that would meet every single one of these intricacies would severely diminish its impact.   

Employees will be open to BYOD policies that are more focused on a general framework and guidelines than a prescriptive set of rulesThink of your BYOD policy the same way you do your expense policies. There are different tax laws in each state and country, so your expense policies usually have high-level guidelines by which everyone must abide, with specific rules for each jurisdiction then connecting to the spirit of the guideline.   

BYOD will continue to expand in adoption and scope as consumers use and connect more devices. It’s more important than ever to fully embrace the concept of information governance and create a policy framework that is forward-thinking and flexible, which was the whole intention of BYOD in the first place 

We can help. US Cyber Vault guards your assets with hardened security at

Written by Rob LaMear, CEO, US Cyber Vault

Once a month we share where we will be speaking in the world as well as expert opinions on cyber security, data loss prevention, and information security that we like from the larger community.  Receive our next issue by signing up here.

Keywords: BYOD, endpoint security, mobile, MAM, MDM, data leakage, cybersecurity