The "trust-gap" is currently the lead story on MobileIron's website, calling out a recent survey that claims that "61% of mobile workers trust their employers to keep their personal information private on their mobile devices." Why on earth would I need to trust someone else to keep my personal information private on my device?
And what does it mean to "trust my employer?" Do I trust my company? Sure, it's a non-living entity. My boss? He'll probably read this post, so absolutely. ;-) But what about the people in IT - the ones that have access to the EMM system? I might not know who has access or anything about them. But I need to trust them anyway because we share the common bond of drawing our paychecks from the same account?
The site does explain exactly what the EMM system has access to. Amongst other things, location of the device and complete list of installed apps are included. Certainly things that could be used against you in the wrong hands. The list of things the employer cannot see is headlined with an asterisk, which explains in fine print, "will vary by mobile operating system and employer policy." The list says nothing of the fact that these "trustworthy" third parties can factory reset your device at any time - less of a privacy issue, but directly related to the personal information I choose to store on my device.
The question is, why is any of this necessary? A customer recently told me that with his company's prior EMM solution, the legal team asked him to avoid wiping the devices of 9 out of every 10 departed employees, regardless of the cause of termination. Crazy! Why? Privacy issues, of course - despite the fact that these employees had signed a waiver upon joining the BYOD program, giving the company the right to wipe their device.
It's time to move on to a data-centric approach to BYOD (the approach Gartner is now espousing)- one that secures corporate data, while maintaining employee privacy. No more need for user education and no more exception riddled checklists.