hi, does anyone have a policy around BYOD mobile devices and blacklist apps? if so, how well do your users respond to it.? Our challenge is that we have a number of apps we'd like to blacklist, and concerned they will revolt
Sort by:
Yes we allow BYOD. Employees can use BYOD with MFA and use only Authenticator enabled applications. No VPN access to corporate is allowed. We have a separate guest wifi for outsiders and BYOD devices. Some applications are not BYOD enabled and those cannot be used from a BYOD.
As a CTO - I am one person who does not have a corporate device. I work only on my BYOD. Eat your own dog food.
👍 that’s the way to do it.
Yes, we require that BYOD users install our endpoint security software. Since these devices access company and customer confidential data, my company reserves the right to inspect these devices, and remotely brick the device if the device is lost or compromised. Other requirements are that the devices cannot be rooted or jailbroken, and that OS/security patches are kept current. I am not aware if we blacklist apps, but there is a prohibition against using the devices for socially unacceptable (my words, not the company's) purposes. So it's possible that some apps are blocked. I'm not aware of anyone complaining.
Will they really revolt? Or just complain?
If they are corporate issued devices, you own them and dictate how they can be used.
If it is their devices, they can only access data and/or apps since you allow it.
Ultimately, it comes down to educating them about the risks, and management understanding how they are going to deal with these risks.
In regulated industries (finance, banking, healthcare, government, etc.) they understand that there are limits with BYOD.
There’s a lot going on here. Without knowing the industry or how the company is segmenting & protecting data, hard to say how users would react.
But generally if the company needs to control a device they need to do their job, a corporate device should be an option if they don’t agree to the controls.
If there is low enough risk to use their own without those controls, I prefer *not* to know what they have on their own device to blocklist, as I don’t need the company to know who has Tinder, Grinder, OnlyFans, or any other number of apps, and don’t want to see their messages. Context - too many conversations & internal affairs meetings for me to care about.
Assuming the need for control is this high on a mobile device, is the same done if they log into Office 365 in a web browser, or are users just going to think this is silly and not understand why these two devices are treated differently?