Bring your own app (BYOA)

Use of private mobile software for corporate purposes

With bring your own device (BYOD), IT consumerization extends not only to hardware, but also to software.

If mobile applications (apps) purchased privately and licensed for private use are also used professionally, this is referred to as “Bring your own App” (BYOA).

Mobile working in the cloud

Employees often use cloud services for mobile working–no wonder, because storing documents, presentations and spreadsheets in the cloud makes content available and editable regardless of location.

So these solutions are great for productivity: remote access facilitates formats such as home office or desk sharing and creates positive user experiences – which in turn ensures high employee satisfaction. Cloud storage such as OneDrive, Dropbox or Google Drive are particularly popular as a result.

Security aspects of “bring your own app”

Nevertheless, the BYOA approach is not without its critics. Here are a few aspects.

Data security

Business data stored in a personal cloud account is, of course, no longer under the control of the IT department. If a mobile device goes missing, for example if the company phone is stolen, sensitive company data is at risk of being compromised. Unlike productivity apps administered by IT, which can be managed remotely using MDM software and allow sensitive data to be deleted remotely (“remote wipe“), IT admins cannot intervene with private apps. This can become a security problem.

Data protection

BYOA can also be a problem when it comes to data protection. Not all apps are suitable for professional use under data protection law. One example we frequently encounter is WhatsApp.

If you want to comply with the provisions of the GDPR, using the popular messenger for professional purposes is actually taboo – WhatsApp transfers data to servers outside the EU. For this data transfer of personal data, written consent for data processing is required from the contacts concerned. In everyday business, however, this consent is almost never obtained. Read also: DSGVO and WhatsApp – what’s the problem?

Licensing

There is also the threat of trouble with licensing: most apps intended for private use do not include business use, which usually has to be licensed separately. If this is not done, the use of the software is an infringement of copyright. There is also another aspect of data security: For example, Google products such as Google Docs and Google Presentations automatically evaluate content for marketing purposes.

Alternatives to BYOA

With BYOA, there are similar concerns and security issues as with bring your own device. Ultimately, neither option is really recommendable. Supposed savings on the company side due to privately used devices or applications are bought with a loss of data sovereignty and a decrease in company-wide IT compliance.

It is better to also roll out productivity apps in a controlled manner by corporate IT. This is done, for example, by using suitable company cell phones and MDM software. The MDM sets up a separate area for private and business mixed use of the device. This containerized workspace is managed by IT – but not the private part of the device.