Suspicious Minds

In the film The Dark Knight, Bruce Wayne and Lucius Fox build a mass surveillance system which shows the location of Gotham City citizens, using their own mobile phones.

It’s a drastic measure to try and catch The Joker who, after a blowing up a hospital, is now holding multiple hostages on two separate boats.

The film sheds light on some major privacy themes (something director Chris Nolan says he actively intended with the Batman trilogy), which have also been highlighted by some recent BYOD (Bring Your Own Device) lawsuits springing up in the US.

For the employee, the BYOD trend started out with such enthusiasm.  It was “new toy syndrome” and “please let me get my work emails on my smartphone”.

For the employer, the 24/7 mindset was difficult to resist.

The trouble seems to be that in many instances, the rules of engagement weren’t properly set out, leading to a high level of risk that expectations would be mismatched rather than mutual.

Many of the current US lawsuits centre around privacy issues.  It seems some workers are nervous that their smartphones might be chipped with some sort of spy software, blowing the lid on their whereabouts or private activities (one particular scenario could be an employee who has downloaded several health apps to his BYOD smartphone – a systems technician notices and asks the employee if everything is ok….leading to the inevitable ‘How did you know that?!’ situation).

As is often the case, balance seems to be the key.

Businesses do need to know what’s happening with their systems and protect their data (after all it’s one of their most precious assets).  As Steve Cox highlighted in a previous post (Never Mind the Buzzwords,) workers could theoretically download the entire company database on something the size of a cassette tape.

Equally, employees need to be comfortable using a device that’s best suited to carrying out their job, without feeling like they have the agents of S.H.I.E.L.D watching them.

Regardless of the security issues, businesses also need consistency and repeatability – and the chances are that everyone has their smartphone or tablet set up in a slightly different way; if they were actually conscious of ‘configuring’ it in the first place. (Although ignorance is no defence, on either side.)

In fact anything that poses a threat (such as an unknown device tapping into a company network), or simply shouldn’t be happening, can impact on system performance and that leads to user-frustration.  Not a recipe for productivity or success.  It’s about knowing what’s going on in your system so that it doesn’t get clogged up.

It’s also not about a ‘big brother’ approach.  It’s perfectly legitimate to have a usage policy in relation to company owned equipment, so what’s the problem with extending that to user owned devices?

A lot of it comes down to trust, and setting out expectations at the beginning.

I suspect that many large organisations are steering clear of BYOD.  They still recognise the huge benefits of mobility, but prefer to provide company devices.

There’s also a fine line between having the right tool for the job, and having so many devices that it becomes too unmanageable.

I think the next piece of the jigsaw will see a boom in mobile device management (MDM) – a way for companies and users to agree the playing field, and helps to create a more secure environment.