Eugene
Raynor

Is it safe to enroll my personal phone in a UEM? 

Eugene Raynor

May 3, 2021

11 min read

This is a question every corporate employee must have pondered over at some point in time or the other, and with good reason.
It’s completely justifiable that people dislike being monitored 24/7 by a mysterious entity, that keeps note of all the shady stuff they do. Neither do they like the idea of having a UEM solution gain access to their device information.
To some, especially new employees, enrolling their personal devices in a UEM might feel like a breach of user privacy. However, that is certainly not the case.

“A UEM solution isn’t designed to infringe upon user privacy. Rather, it’s designed to enforce it.”

In this blog, we shall cover the importance of user privacy in the enterprise, what information can a UEM solution actually view, and how UEMs can help secure data and resources stored on your personal devices.

BYOD and User Privacy

User privacy is something that must not be taken lightly. Especially among enterprises. According to the Federal Trade Commission’s Consumer Sentinel Report, there has been a steady rise in the number of Identity theft cases in the United States.

Discussing with IT over User Privacy in BYOD
Discussing with IT over User Privacy in BYOD
 

As part of a BYOD policy, when employees enroll their personal devices for corporate use, enterprises take it as their utmost priority to protect their employees’ personal data. In fact, there are quite a few regulations in place – such as GDPR and HIPAA – that directs organizations to recognize and enforce user privacy, and severely penalizes companies that violate these directives.

What is GDPR?

General Data Protection Regulation (GDPR) is a set of regulations designed to provide EU citizens with better control over their personal data, and to increase the constraints on enterprises that handle this data. According to the directives laid out by GDPR, organizations that store user data must not only ensure that personal data is gathered legally and under strict conditions, but also make sure that the companies who collect and manage it will respect the rights of the data owner and protect it from any misuse. Failure to do so will result in severe penalties and fines. GDPR covers personal data including employee name, identification documents, age, and race, along with online information such as location, IP address, cookie data, and more.

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a United States regulatory compliance policy created to protect sensitive patient health information, and make sure that the hospitals who collect and manage this information are bound to protect it from any misuse.

Why should I Enroll my Personal Device in a UEM?

Let’s get this straight. If you’re bringing your personal device to work and using it to access corporate resources, it is crucial that they be secured by a UEM solution.

Personal phone in the Office
Personal phone in the Office
 

In addition to securing employees’ personal devices, a UEM also provides additional benefits to your enterprise including,

Enforce Endpoint Security

Regardless of whether it is personal or corporate, securing work devices is extremely crucial for enterprises. According to Varonis, over 64% financial service companies have 1,000+ sensitive files accessible to every employee. This highlights the need to set up effective endpoint security measures to protect corporate data on employees’ personal devices.

Simplified Application and Content Management

By enrolling your personal device in a UEM solution, your enterprise can easily distribute and manage apps and content on their employees’ personal devices, set up app catalogs and block harmful apps from being installed on the devices’ work container.

Reduction in Asset Management Costs

Making use of a Unified Endpoint Management solution along with a BYOD policy enables IT to easily manage all their corporate devices, apps, and data remotely, from a centralized console. This greatly reduces the asset management costs for your organization, as they do not need to purchase work devices for their employees.

Effective Troubleshooting and Reduced Downtime

By providing constant device monitoring with the help of compliance checks and reports, IT can track the health and status of all corporate devices from a remote location. This enables them to identify and resolve device issues with minimum downtime.

Increased Workforce Productivity

With the help of proper BYOD management policies using UEM, employees can use their personal devices for work purposes, thereby encouraging them to work more hours from literally anywhere and increasing overall productivity.

Try out BYOD Management with Hexnode

Does a UEM violate User Privacy?

People falsely believe that UEM solutions are a deterrent to user privacy. They believe that the UEM agent installed on your enrolled personal devices has the ability to access and monitor your personal data and information. However, this isn’t quite accurate.

“Peeking
Peeking IT
 

Here, we’re going to list out exactly what information is actually accessible by a UEM software on your personal device, and what information is not accessible.

What Information does a UEM ‘NOT’ have Access to?

Can a UEM see my Device Screen?

If it’s a personal device, then no. It cannot. Neither can the UEM agent remotely control your device.

However, it is possible for IT admins to view and/or control the device screen for corporate-owned devices. UEM solutions like Hexnode can also configure policies, set up device restrictions and network configurations, and push remote actions to personal devices, including enable lost mode and corporate data wipe.

Can a UEM see my Personal Messages, Calls and Chats?

Regardless of whether it’s a personal device or a corporate device, a UEM software cannot view your messages or make calls on your behalf. Such an act would be an invasion of user privacy, and is not possible.

However, it is possible to remotely ring your device and broadcast messages from the UEM console.

Can a UEM collect my Web Browsing History?

A UEM software does not possess the ability to collect information on the websites you visit. This includes your IP address, browsing history, cookie data, and other such personal data.

However, it is possible to block access to specified websites that are deemed dangerous by your enterprise, with web content filtering policies.

Can a UEM view and Access my Apps, Files and Pictures?

Nope. Enrolling your personal device into a UEM solution does not provide IT with access to your personal Photos, Files or Apps.

However, your enterprise can push content and install managed apps to your device. Also, they can block apps that are deemed dangerous or unproductive, with the help of UEM blacklist and whitelist policies.

Can a UEM see my Passwords?

This one’s pretty obvious, but nope. A UEM software cannot store or view your passwords. That would be a violation of user privacy that would be punishable by law.

Your passwords are completely confidential and the UEM software installed on your device will have no access to any of your passwords.

What Information can a UEM Access?

Device Details, OS and Version

A UEM Software can identify and send your device’s Manufacturer name, model, Platform, OS version, IMEI, and quite a few other details including storage space and battery level to your IT. This is usually done for the purpose of identifying and cataloging the enrolled devices and easing up the management of these personal devices.

SIM Details

Your device’s SIM details, including your phone number and your ICCID will be visible to your IT, when enrolling it into a UEM solution.

ICCID – Integrated Circuit Card Identification – is an 18-22 digit that enables you to identify your SIM card’s Country, Home Network, and Identification number.

Managed App Inventory

A UEM solution like Hexnode can view all the managed apps on your personal device. They have the ability to silently install, update and remove these managed apps, as well as to blacklist or whitelist a set of apps deemed unsafe.

Managed Apps are those apps that have been installed remotely via the UEM solution, or are managed through the UEM console.

Location Details

Hexnode, like many of the UEMs in the market, provides the option for IT to track your location history. This feature is crucial to securing sensitive data in case a device is lost or stolen. However, most enterprises do not require the need to set up real-time location tracking. Rather, the UEM will scan the device location at specific intervals. This is done to ensure that your device and its data are secure.

Network Information and Data Usage Details

A UEM software can view your Network status including Wi-Fi and Bluetooth MAC, Hotspot activity, and more, and track data usage for both the device as a whole and for individual apps. It can push notifications via email, on exceeding data usage limits specified by your enterprise.

How Hexnode Protects User Privacy

With its suite of features and functionalities, Hexnode’s Unified Endpoint Management solution possesses the ability to secure your employees’ personal devices and ensure user privacy in the enterprise.

A Personal Device Secured by UEM
A Personal Device Secured by UEM
 
GDPR and HIPAA Compliance

With its robust security policies, Hexnode equips enterprises with the ability to achieve and maintain consistent GDPR and HIPAA compliance for their personal and corporate devices.

Compliance Checks and Reports

With Hexnode, enterprises can set up compliance settings to ensure that enrolled personal devices conform to the corporate requirements. By generating compliance checks and reports, devices failing to meet the requirements can be easily identified and flagged. This enables IT to maintain a level of security and ensure user data protection.

Containerization

Hexnode enables enterprises to set up containerization policies for their enrolled personal devices, enabling IT to separate and secure both corporate and personal resources residing on the device. With Hexnode, you can configure Work Profile for Android Enterprise devices and Business Container for managed iOS devices.

Password and Device Encryption

Passwords are crucial elements in protecting both personal and corporate data that’s present in managed devices. With Hexnode, you can enforce strong password policies for both the device and the work container, and set up restrictions on password complexity, age, history, auto-lock and tries after device wipe. You can also push Device encryption policies to further secure the data on these devices.

Device Wipe and Lost Mode

When it comes to personal devices, they’re being used 24/7 by your employees. This results in a bigger chance for these devices to get lost or stolen. This poses a big security risk to both user and corporate data. With Hexnode, IT can remotely push lost mode and corporate data wipe actions to your enrolled personal devices, and prevent your data from falling into the wrong hands.

The Verdict – Should you be concerned?

By now, you’ll have a pretty clear view of what a UEM solution can see on your personal device and what it cannot see.

Should I be Concerned? Nope
Should I be Concerned? Nope
 

However, if you’re still concerned with the infringement of user privacy when enrolling your BYOD devices in a UEM, I’d recommend trying out Hexnode UEM for yourself to find out. Besides, the best way to clear your queries is with hands-on experience on how a UEM really works.

Share
  •  
  •  
  •  
  •  
  •  
Eugene Raynor

Seeking what's there lurking over the horizon.

Share your thoughts