For me the problem with this is security, how do you make sure that they dont have any viruses or dodgy software? How do you make sure their OS is up to date? How do you make sure they are nog saving any company information in their personal devices? I guess one solution is to put them into your MDM but most people would refuse that, so from the security side it has is complications
So that's a real concern. However, mostly I think that that feeling is a lack of control, but not a lack of security. First, most shops, especially those with tight control, don't do those things. They are actually the ones that typically push out dodgy software and block patches. Not always, and the two aren't tied, so important not to let one bad decision create others, for sure. So I'm agreeing, your point is very valid. But in the real world, I think these issues aren't real. First saving info... if they wantt o do that, if you don't trust your employees, they can do it anyway. Having a company device is a completely false sense of security there. It's actually more dangerous because it makes it feel like you can trust that device, but you can't. If the employee ca work with the data, they can steal the data. If your employee is that untrusted, you can't let them have that data anyway. As far as managing their own device, you have options. From just giving instructions and trusting them (that's better than most IT departments do, so this works 99% of the time I'd say) to using free standard tools like Salt or Tactical that will report if they are out of date, to offering support to do the updates. If people aren't okay with you keeping it up to date, they can't use their own equipment. But that's a minor ask, really. Especially as it benefits them, too. It's a two way street, make it good for everyone. And there are certainly cases where it doesn't work. But the vast majority of companies have baseline security that is so bad, that this would be a step up or at least sideways. Sure, in a shop that's actually super secure, you would lose some security, but that's very, very far from the norm. A legit use case, but not the average.
Keep in mind that some of the most secure businesses in the world, the big banks on the investment sides for their internal prop trading (their own money) do this. So if they do, and trust me no one is taking security to heart like they are, then everyone else can too. Humans remain the riskiest part of nearly every environment.
For many business models adhoc home equipment is fine, but there are reasonable uses for a managed device that is administrated and supported by the organization. Removing lots of operating consistency/environment risk. For knowledge workers who are not IT experts, it can give the business more operational control (patches, updates, upgrades, hardware swap, backups). If the business has compliance requirements requiring some level of data security assurances, having a managed device is much easier than attesting to a random users home environment.
For me the problem with this is security, how do you make sure that they dont have any viruses or dodgy software? How do you make sure their OS is up to date? How do you make sure they are nog saving any company information in their personal devices? I guess one solution is to put them into your MDM but most people would refuse that, so from the security side it has is complications
So that's a real concern. However, mostly I think that that feeling is a lack of control, but not a lack of security. First, most shops, especially those with tight control, don't do those things. They are actually the ones that typically push out dodgy software and block patches. Not always, and the two aren't tied, so important not to let one bad decision create others, for sure. So I'm agreeing, your point is very valid.
But in the real world, I think these issues aren't real. First saving info... if they wantt o do that, if you don't trust your employees, they can do it anyway. Having a company device is a completely false sense of security there. It's actually more dangerous because it makes it feel like you can trust that device, but you can't. If the employee ca work with the data, they can steal the data. If your employee is that untrusted, you can't let them have that data anyway.
As far as managing their own device, you have options. From just giving instructions and trusting them (that's better than most IT departments do, so this works 99% of the time I'd say) to using free standard tools like Salt or Tactical that will report if they are out of date, to offering support to do the updates. If people aren't okay with you keeping it up to date, they can't use their own equipment. But that's a minor ask, really. Especially as it benefits them, too.
It's a two way street, make it good for everyone. And there are certainly cases where it doesn't work. But the vast majority of companies have baseline security that is so bad, that this would be a step up or at least sideways. Sure, in a shop that's actually super secure, you would lose some security, but that's very, very far from the norm. A legit use case, but not the average.
Keep in mind that some of the most secure businesses in the world, the big banks on the investment sides for their internal prop trading (their own money) do this. So if they do, and trust me no one is taking security to heart like they are, then everyone else can too. Humans remain the riskiest part of nearly every environment.
For many business models adhoc home equipment is fine, but there are reasonable uses for a managed device that is administrated and supported by the organization. Removing lots of operating consistency/environment risk. For knowledge workers who are not IT experts, it can give the business more operational control (patches, updates, upgrades, hardware swap, backups). If the business has compliance requirements requiring some level of data security assurances, having a managed device is much easier than attesting to a random users home environment.