So without any further ado, let's dive into whether you should use personal or corporate devices for your remote workforce!
For the sake of discussion, a corporate device is either a company-issued and managed device or an employees' own personal device that they elect to enroll as part of the company's mobile device management system, or MDM for short (such as Microsoft Intune, for example!).
To avoid letting your head spin moving forward, refer to this handy dandy cheat-sheet of remote work IT terms:
The most common example of corporate devices are company-issued laptops that are shipped out to remote employees or picked up and taken home by employees working remotely, but this is far from the only way that this can be done.
Pros of Corporate Devices for WFH
The list of benefits of corporate devices for WFH is large.
For starters, corporate devices using MDM are more secure than personal devices - and it's not even close. By utilizing corporate devices, the company is managing and has oversight into nearly everything from top to bottom. With corporate devices, you can institute and enforce corporate security policies on the device, monitor which devices are accessing your networks, control which apps can be used or not used on the device, and much more. If cybersecurity is vital to your organization - and if it isn't, it should be - corporate devices are the way to go.
Secondly, you have the ability to remotely wipe the device should the device get lost or stolen. An organization's #1 asset besides people is data, and corporate devices give you greater protections against mishaps such as these by virtue of being managed externally. If you're regularly backing up your data (as you should be!) then this is merely an inconvenience rather than a devastating loss or threat to your company's cybersecurity.
On top of that, using Windows Autopilot on corporate devices enrolled in Microsoft Intune also allows you to remotely set-up or troubleshoot your devices, greatly simplifying and speeding up the dreaded on-boarding or "oops!" moments so that your employees can get to work faster no matter where they roam.
Learn more about Windows Autopilot here.
Finally, corporate devices offer you the ability to push updates to your employees' computers so that they are always running the most up-to-date programs and operating systems. This is key for ensuring productivity and shoring up your cybersecurity defenses as we've outlined in detail here with our 9 Essential Cybersecurity Tips for Small to Medium Sized Businesses.
Cons of Corporate Devices for WFH
What about the downsides of having corporate devices for remote work?
The way we see it, there aren't many - and one main one is not as big of a concern as it's made out to be! Let's take a look.
One obvious negative to corporate devices is cost. Purchasing and sending out computers to your entire staff is no small expense, and having an IT team that is knowledgeable and experienced enough to configure and manage them properly remotely also adds considerable costs to the equation. Fortunately, a Managed Services Provider like BEMO (hey, that's us!) can streamline this for you smoothly and efficiently at greatly reduced costs, and let's be honest: shipping out laptops to your remote staff is much cheaper than renting out office space!
The second con to corporate devices is a perceived reduction in privacy for your employees. A common objection whenever we bring up the topic of corporate devices or enrolling personal devices in Intune is "I don't feel comfortable giving you such access to my computer."
Indeed, corporate devices signify a greater level of control and monitoring of employee computers, however this is primarily limited to company-relevant security and device management as opposed to playing Big Brother. Every MDM solution is a little bit different and every company has or can develop their own managed-device policies, but as of the time of writing, Microsoft Intune does not allow employers access to:
- Calling and web browsing history
And much more. For a more in-depth list of what your organization can or can't see on Microsoft Intune, check out Microsoft's official rundown here.
As a general rule, if you wouldn't do it on your computer back at the office, don't do it on your corporate device when working from home. And if you have any doubts about your company's policy regarding managed devices and what access they have or should have (if you're part of the implementation team), ask!
Want more info on what Managed IT could look like for your company? Book a call with us here or read up on everything that Managed IT entails for a company like yours with our resources here:
- What is Managed IT?
- Managed IT Case Study
Personal Devices for WFH
In contrast to a corporate device, personal devices are - as the name implies - devices that the employee personally owns and performs any level of work from that is not enrolled into the company's mobile device management system (MDM). This is BYOD in the truest sense of the word.
This would include a personal laptop that an employee is working from or an employee's own personal cell phone that they're using to view and respond to emails or other company data.
Pros of Personal Devices for WFH
What are some of the benefits of personal devices for WFH?
We'll go ahead and be up front and tell you that there really aren't many, and this should only be your choice if you truly can't help it.
One is undoubtedly cost, and this is a major one that leads most organizations using personal devices to do so. Issuing and/or managing corporate devices means added costs in terms of hardware and the right staff, so if your employees already have devices at home, why bother?
As you'll see in our next section, these cost savings come at a hefty price (get it?): your security, so at the minimum, we recommend utilizing Mobile Application Management (MAM) through Microsoft Intune to offer some layer of security over your employee's personal devices on an application-level for commonly used apps such as Outlook or Teams. This will provide app-level security and should the employee leave the company or the device gets lost/stolen, information from that app can be wiped remotely.
Second, this option can afford more flexibility to your employees in terms of what devices they are working from. At BEMO, we allow personal devices when it comes to accessing email or chats from employee cell phones rather than issuing dedicated cell phones for employees to use. To do this, however, we require employees be enrolled in MAM, allowing a functional tradeoff between security and practicality which has served us well so far.
Cons of Personal Devices for WFH
Unfortunately, the cons of personal devices for remote work tend to significantly outweigh the benefits.
The biggest con? Lack of security. Personal devices without MDM/MAM are highly vulnerable to security threats. It's every man or woman for themselves, and when it comes to your valuable company data, that's what nightmares are made of. It may be easier and more cost effective, but it's far from safe and leaves you at great risk. The organization simply has no way to monitor or enforce security measures.
Even if you DO have MAM on key applications, this only goes so far. There is still a gap in protection at the device level, so while application-specific data is protected, the device itself is not. Here's an analogy: Your bedroom is locked with a key, but the rest of the house is unsecured and unmonitored. Better than nothing, but not quite what you'd want with your valuable data.
Personal Devices also require more end-user work in setting up and managing their own devices. Rather than having a clean, out of the box experience such as with Windows Autopilot, employees are tasked with doing things on their own - or phoning your IT guy, a much more time consuming and headache-inducing ordeal for all parties involved!
So what should you do at your company? Here's our verdict:
Personal or Corporate Devices for WFH?
In our opinion, the vast majority of companies who work remotely should be working via corporate devices running MDM. The level of security is loads better, devices are easily set up and modified, and problems are easily spotted and fixed. It creates a more seamless, standardized experience for all of the parties involved.
Personal devices using MAM (Mobile Application Management) should be used almost exclusively for employees' own mobile phones - if you decide to allow access to company data from their mobile phones at all! This can allow employees to perform basic functions such as viewing their email when they're on the run and don't have access to their main corporate device.
No matter which solution you choose or for which devices, one thing is clear: You must have a plan and tailor your approach for your specific company and employee's needs and ensure training and transparency from top to bottom.
Interested in learning more about how to institute or manage corporate devices for your unique company's remote workforce? Book a call with one of our experts here.
As a Microsoft Gold Security Partner with over 11 years of experience in helping our client implement and manage their remote workforce policies and setups, we know exactly what it takes to get you up and running in the best way possible for your specific needs.
Leave us a comment!