Network World runs the Insider Threat column bi-weekly and gave us the opportunity to contribute to today’s column.  You can find the column on the Network World site at http://bit.ly/3gPlQp .

Existing models for smartphone management take a very one-way approach to security.  IT ends up being the police force and it’s a role that is not scalable, especially since users are reticient to give up control of their phone to begin with.  Employee-owned phones just make the problem worse.

The central theme of the column is that responsibility needs to be shared in order for behavior and data to be secured.  This model of Cooperative Security requires both a change in mindset and policy, plus access to tools that support both.

I’m sitting on a plane right now.  Center seat … jam packed.  Guy on my left is asleep.  Guy on my right wants to talk way more than I do.  I don’t so much mind Left-Guy except when his head ends up on my shoulder.  But Right-Guy is getting into my personal space and it’s bugging me.

Back in corporate-land, there is no personal space.  Companies are very clear that all communication on company networks / devices is company property and the employee should have no expectation of privacy.  For legal reasons that needs to extend to employee-owned devices being used for corporate work as well.

But as an employee, that grates me.  It’s my phone and I really don’t want my employer to have access to my pictures, videos, ringtones, and [yahoo/g/hot/other]mail.  I need a data boundary that I know will be respected in all but the most exceptional situations. 

Companies are realizing this too.  @hyounpark_AG at Aberdeen Group has early data that says 20% of companies allow all employees to use personal devices.  That’s actually a staggering number.  The implication is that the need to set enterprise data boundaries is a problem of the present, not just the future.  Employers needs to protect corporate data and ensure compliance while respecting employee’s personal content.

But what boundary should my company set?  Is this type of flexibility a boon to employees or a bane to legal?   

True, it’s a question of both policy and technology, but I think most importantly it is a question of end-user satisfaction.  If you have employee-owned phones, your users need a good answer.  That answer might vary company to company but, like my Left-Guy / Right-Guy problem, it can’t be ignored.