As BYOD (Bring Your Own Device) programs are adopted and established, management concerns were real and valid. Is an organization able to access personal data and apps on managed devices? Is enough being done to actually secure the device and corporate data on personal devices while supporting the needs of the end users? It’s critical to support a secure BYOD program and experience that neither over manages nor underserves the organization and its users.
What is BYOD?
- Better security.
With no organizational URL needed to enroll, there is less potential for a phishing attack.
- “Just right” IT management.
IT manages and secures corporate data on the device by automatically deploying configurations for access to Wi-Fi, VPN, email and other corporate services.
- Employee protection and privacy.
By separating personal data from corporate data, users' privacy is protected, and IT can only manage corporate information and not access personal apps or data.
- Streamlined enrollment.
Users enroll their personal device into your mobile device management (MDM) instance with a few simple taps, and with a workflow that is familiar to them - using the Settings app on their device.
Who should support BYOD?
Spoiler alert: You.
Organizations without a BYOD strategy will have under-managed devices in the wild, which means they’re vulnerable to security risks with real consequences. Healthcare orgs that have had mobile device management (MDM) solutions in place for years, may experience the other side of this issue: Employee-owned devices that are over-managed by IT.
In particular, some organizations enroll employee devices into their company’s MDM tool as though they were corporate-owned devices. While this provides IT with the functions they need to push out apps and settings, it also exposes additional management actions which are not appropriate for a personally owned device. For example, IT would have the capabilities to see all applications installed on a device and even remotely lock or wipe it, which are certainly over-reaching in the context of employee-owned hardware.
How does BYOD work?
With a heavy focus on security and privacy, Apple’s Account-Driven User Enrollment is a BYOD method for iOS and iPadOS devices that streamlines the user enrollment onboarding process and focuses on providing corporate access to BYOD users while maintaining user privacy on their personal devices.
Account-Driven User Enrollment keeps personal and institutional data separate by associating a personal Apple ID with personal data and a Managed Apple ID with corporate data. Apple’s Service Discovery feature allows for use of a set of configurations that associate management with the employee and how they use the device for work, not the entire device itself. With your MDM solution and Apple’s Service discovery, the process for the user to enroll their device is simple and similar to what they’ve done many times before on their personal device. In just a few taps in the iOS Settings app, the device can be configured and provide the user with the corporate applications and resources they need.
With a modern Apple BYOD program, the user is empowered to set up their personal device for work purposes without IT ever having to touch the device or send them an enrollment link. Your organization’s security needs are met in the enrollment process by automatically deploying VPN configurations or Zero Trust Network Access (ZTNA) for even more secure, network-tunneling. This BYOD enrollment process provides a zero-touch deployment experience for IT with the perks of secure access to their organization’s resources without sacrificing the user experience.
Why does this matter for healthcare?
According to a 2018 HIMSS Analytics Industry Benchmark Study commissioned by PatientSafe Solutions (now Vocera Edge), collaborative care teams within health institutions around the globe were surveyed on the state of communication modalities used throughout the day. In each survey group — Environmental Services, Case Managers, Transport, Therapists, Lab, Physicians, Nursing — there were sizable reports of unsecured text messaging across all groups. For Physicians, upwards of 20% of communication reported was in this category.
It’s clear that employees across healthcare opt for the faster, simpler form of communication when they need it: the device that’s in their pocket. As consumer-simple technology continues to evolve, the capabilities we have available on personally owned technology will only increase in scope, so this text messaging example is only a leading indicator of additional BYOD demands.
While many healthcare organizations see Apple devices dominating their BYOD landscape, we know that not everyone uses iPhone or iPad. And for those organizations that are just beginning to formalize their approach, a mobile device management solution may not yet be deployed. While an MDM is fundamental to a solid BYOD strategy, network security solutions for ZTNA can also be manually configured for personally owned devices.
Make BYOD your MVP.
As healthcare adapts to the technology trends, the best thing you can do is implement and support a BYOD program and allow users to work how they work best with their device of preference. But the best part, and perhaps the most important, is that a BYOD program supported by an Apple-focused MDM helps keep your organization and users secured and protected.
Although devices will change, your BYOD program is equipped to adapt, protect and support the needs of today and tomorrow.
Have market trends, Apple updates and Jamf news delivered directly to your inbox.