In the ever-evolving landscape of corporate communication, companies are faced with the decision of whether to provide employees with access to corporate data and applications as well as a corporate mobile number for use on their personal phones. This practice, commonly referred to as Bring Your Own Device (BYOD) has its advantages and disadvantages, and striking the right balance is crucial for both employers and employees to avoid future issues.
1. Cost Efficiency: One of the primary advantages of providing a corporate mobile number (either as a physical or more commonly an eSIM) and access to corporate apps and data for use on their personal phone is cost efficiency. Companies can avoid the material expense of purchasing and maintaining a fleet of corporate mobile devices. This cost-saving measure can be significant (often amounting on average to >£500 per employee pa.) and extends beyond the physical device costs to licencing, connectivity and IT support savings.
2. Flexibility and Convenience: Many employees appreciate the flexibility of using a single device and regularly their personal device is going to be their preferred device as it will provide access to all their apps, content, contacts etc. Many employees are also recognising carrying two mobile phones is not only inconvenient but it’s also not very environmentally sustainable.
Enabling access to a second mobile number (normally via eSIM) avoids the need for employees to share their personal number for work purposes, and when deployed as a secondary number on their personal phone, allows the employee to switch off the line outside of working hours. As a result, for some employees the convenience of having a single phone for both professional and personal, but with access to a separate business mobile number (or indeed a Teams DDI) use can lead to increased employee satisfaction and work-life balance.
3. Reduced Device Management: Companies can avoid the complexities of managing and maintaining a fleet of corporate devices. This includes handling repairs, updates, replacements and end-of-life recycling. By shifting the responsibility to employees’ personal devices, the burden on IT departments is significantly reduced.
1. Security Risks: One of the major business concerns associated with using personal phones for work-related communications is the potential for security risks. Personal devices may lack the robust security features, become end of life for support or when unmanaged, users may not promptly install the security updates necessary to protect sensitive corporate information, exposing the company to data breaches and cyber threats. What’s more when things go wrong, for instance with as a loss of a phone or the inadvertent download of malware, employees are much less likely to report the issue to the business if it relates to their personally owned phone. These issues can be addressed through one of two paths.
Mobile Application Management – For most businesses that deploy Microsoft technology, then we would highly recommend the use of MS Mobile Application Management (MAM). MAM transforms support for BYOD as it enables employees to have secure access to corporate apps like email without the need to enrol their personal device into the corporate Mobile Device Management (MDM) tools (e.g. Intune or Workspace One).
Instead the security, policies, and intelligence around whether employees can access corporate data at any given time are governed by the MAM technology which is deployed at the App level and the associated conditional access policies. For example a phone that has not installed a pre-set minimum software security upgrade can be automatically barred from accessing corporate data. The number of apps that are supported by MAM is growing, however today it is still primarily limited to support for the Microsoft portfolio (e.g. Outlook (Email), SharePoint, Teams etc.) and some other mainstream third party services (including ServiceNow, Slack and Zoom). As a result if your business requires that employees access specialist third-party or in-house developed applications that contain or provide access to corporate data, then MAM is not going to be suitable. Instead, you will need to either prevent access to such services from personal phones or enrol the user’s device into the corporate MDM platform.
Multi Factor Authentication (MFA) tools are however excluded from this requirement and can be deployed on personal devices without the need for MDM enrolment.
See here for the latest supported apps and services: https://learn.microsoft.com/en-us/mem/intune/apps/apps-supported-intune-apps
Mobile Device Management (MDM) – For higher risk employees like Execs, or those that require access to highly privileged or regulated information or where business apps are not supported by MAM, then it will be necessary for the business to enrol the user’s personal device into the corporate MDM (Mobile Device Management) platform. MDM provides the IT team with visibility and control over the device and enables the setting of a wide range of policies that can be used to minimise risks and to wipe devices in the event of loss.
For privacy reasons, employees are naturally reluctant to have such tools deployed on their own personal device, especially if IT can remotely wipe their personal data without their permission. As a result, we recommend the use of MAM with controlled access to specified applications as the primary route when considering BYOD, and where this is not suitable, we recommend that businesses consider the use of a separate corporate managed device. This corporate device could also be provided with the option for users to have their own personal mobile number and apps installed on that device. This support for personal use of a business device is also known as the Corporate Owned Personally Enabled (COPE) model.
2. Device Compatibility and Support: The diversity of devices and operating systems in the market can lead to compatibility issues and challenges in providing adequate support for MAM and MDM. Different operating systems, software versions, and device specifications may hinder seamless integration and support from the IT department. When considering the use of a second corporate mobile number, then today it is important to consider that eSIM is still primarily only available Apple iPhone devices and higher end smartphones, which can limit the extensive use of BYOD in businesses.
3. Corporate Mobile Data & Use of eSIMs: When providing a user with a corporate SIM for use in their personal phone it is also critical for the business to create clear and reasonable fair usage policies. These may also need to vary depending on whether the SIM is provided as a physical SIM or eSIM and whether that corporate SIM/eSIM will support data or just voice and SMS.
Physical SIMS – providing employees with a physical corporate SIM for use in their personal phone means that they will either need to have a phone with a dual physical SIM capability, or they will need to discard their personal SIM and select the business SIM for both work and personal use. Most phones do not support dual physical SIM in the UK.
As a result, businesses issuing a corporate SIM for BYOD users, must expect that the SIM will be used for both personal and business use. In the case of mobile data usage this is likely to mean that users will consume 2-3 times the level of data that would ordinarily be used in a business only use case. Typically that would mean 6GB of data for mixed personal and business use vs 2GB for business only use.
Corporate mobile phone plans and contracts will therefore need to be negotiated with this in mind, to ensure that sufficient levels of cost effective data can be accessed and to avoid “out of bundle” data usage when allowances are exceeded (which is typically at very high cost). Roaming usage must also be carefully considered, and whether the business will bar such usage or tolerate personal usage when roaming.
eSIM Connectivity – eSIMS are digital SIM cards (chips) that are embedded in some smartphones, which remove the need for physical SIMS (although most still retain one physical SIM slot). Instead the eSIM can be programmed to store multiple mobile network profiles and services (think virtual SIM cards), which makes them ideal for providing secondary corporate numbers and mobile services to BYOD users. They can also be used for a range of other use cases, including cost effectively accessing foreign mobile network services when travelling internationally, where a local or roaming eSIM service may be far more competitive then the UK SIM. They can also be used for short term services (for example given to temporary employees, consultants, or event staff) or to provide access to secondary mobile networks for fieldworkers who require high levels of connectivity when working remotely.
Most eSIM compatible phones support dual voice and SMS services, which means that both the personal and business mobile number can be active at the same time for making and receiving calls and messages. The eSIM connection can also be easily switched off at any point, should the user no longer require access to the service or temporarily not want to receive business calls (for example in evenings or when on leave), which makes them well suited to BYOD uses.
However, the main downside to eSIM deployment is that most mobile phones will only support a single data connection at a time. This means that if your business provides an employee with a corporate data enabled eSIM for use on their personal phone as a second number, then the user will need to configure in their setting whether the phone uses their personal SIM or your business eSIM for data connectivity by default.
As part of any BYOD planning it is therefore essential that businesses make the decision as to whether to enable data on an eSIM, and if they do to further consider what the implications will be for data usage (as per the physical SIM above) and what fair usage policies will apply for both use domestically and when roaming.
Where data is provided, then further consideration should be given as to whether to provide access to standard corporate shared mobile data, or whether instead to make available a standalone “unlimited data plan”, which removes the challenge, but creates new recurring charges (typically an extra £10 to £20 per month depending on the current network).
In conclusion, the decision to provide employees with access to corporate apps and data, and optionally a corporate mobile number for use on their personal phones involves a careful consideration of the specific needs and priorities of the business and the different types of users in the organisation.
While cost efficiency and flexibility are notable advantages of BYOD, the potential security risks for the business and privacy concerns for the individual should not be underestimated. We believe that Mobile Application Management can address both these challenges for many businesses.
Extending BYOD to include the use of a corporate SIM requires further thought and very clear fair usage policies, especially where mobile data is provided as part of the service. Personal data consumption on smartphones is typically materially higher than business mobile data use, and in many cases, it will be necessary to decide which SIM is use for all data. Businesses that don’t plan for this increased usage, could quickly see their expected device costs savings eroded by unexpected excess data charges, especially where mobile contracts are not flexible enough to deal with a material increase in data usage.
Ultimately striking a balance between convenience for users, safeguarding corporate interests and understanding who will pay for connectivity is essential for successful implementation of BYOD. IT leaders should establish clear policies and communicate these effectively to stakeholders and users to ensure a smooth and secure migration from corporate devices to a BYOD model, especially where the business is considering providing a corporate SIM for use on that device.
To discuss your own BYOD strategy, concerns, or plans, please reach out to the team at Utelize who will be happy to set up a discovery call with one of our specialists. Alternatively, if you’d like to learn more about leveraging your Microsoft investment by deploying Mobile Application Management or you’d like to understand how other IT leaders are developing and effective mobile strategy suitable for hybrid and modern working practices, then please get in touch.