It goes without saying that hybrid and remote work are the new norm, and organisations’ workforces are now spread out among not just the country, but the world: the number of digital nomads worldwide is expected to grow to 45 million in 2026. And, even if employees are still in the office five days a week, today’s ‘always-on’ workforce still wants the ability to catch up on emails on their way into the office or while they’re out on their lunch break – 70% of office workers use their smartphone for work purposes.
As employees embrace a more flexible working style that sees them combine work with their personal lives, it’s inevitable that they’ll adopt BYOD (bring-your-own-device) – whether this is permitted by their organisations or not. 82% of organisations currently have a BYOD programme in place, with most driven by the potential for cost savings. By tapping into an existing resource: employees’ existing smartphones and laptops, organisations can save on hardware costs and improve employee satisfaction.
For organisations considering embracing BYOD, cybersecurity is a huge factor. Concerns around security aren’t unfounded: as many as 70% of BYOD devices used in the workplace aren’t managed. This means they fall outside the visibility and control of IT teams, and likely lack standard protections like mobile device management, endpoint detection, encryption, and patching protocols.
This isn’t a future risk. Most of these devices already hold access to email, shared drives, and internal messaging tools, often alongside personal banking apps, social accounts, and family photos. A single compromised credential on a personal phone can move just as easily into a company’s systems as one on a corporate laptop, and most IT teams have no visibility into when that happens.
When friction becomes a security risk
In response to concerns around BYOD, many organisations have upped their security measures – requiring users to repeatedly enter their password or approve multi-factor authentication requests.
But this can be counterproductive. Beyond frustrating employees and hampering employee productivity, excessive manual authentication steps can lead to users abandoning security systems altogether and creating risky workarounds. For instance, employees might opt to reuse the same password again and again – or create an overly simplistic password that’s easy for them to remember, but equally easy for hackers to guess. It’s telling that individuals with high levels of password fatigue are more than twice as likely to experience a data breach compared to those with low fatigue levels (62% vs. 29%). Frustrated users might also choose email or messaging apps instead of a secure corporate communication platform, or store work documents on their personal cloud drive instead of the company’s file-sharing system.
By embracing silent authentication, organisations can reap the cost benefits of BYOD, increase employee productivity, and free up IT teams to focus their efforts elsewhere.
This frustration compounds over time. Employees aren’t trying to undermine company policy, but responding normally to a system that asks a lot of their mental capacity. Every additional prompt is a small tax on attention, and security teams that ignore this dynamic end up designing policies that look robust on paper but collapse under daily use.
It seems organisations are stuck between a rock and a hard place: leave employees to their own devices (quite literally), or introduce stringent new systems to enforce security and risk users flouting them. How can organisations reap the benefits of BYOD without opening themselves up to a huge new threat vector?
No password? No problem
Silent authentication is a new way of looking at identity verification. Instead of interrupting users with password prompts or confirmation codes, this approach verifies users in the background using ‘invisible’, real-time signals from the user’s device and network.
Provided the employee’s behaviour appears normal, they are able to move seamlessly from one application to another. If anomalies are detected – for instance a SIM swap or an unexpected location change – the user’s access can be automatically paused, or the situation can be escalated for manual verification.
Crucially, none of this requires the employee to do anything differently. There’s no app to install, no extra step to learn, and no behavioural change to enforce across a workforce that’s already stretched. Security improves without adding to anyone’s workload, which is precisely why it’s more sustainable than policies that depend on consistent human compliance.
One effective approach here combines real-time mobile network data with device-level intelligence. This approach doesn’t rely on user-entered credentials or cookies – which can be compromised – but instead uses passive, environmental signals that are difficult to fake and are unobtrusive to the user. This draws on data sources like SIM swap detection, carrier network data, device consistency checks, IP intelligence and velocity checks.
This approach not only keeps organisations safer and protects employee satisfaction, but also takes the burden off IT and security teams, by creating fewer false positives, less help desk load, more visibility, and adaptive risk-based authentication. In the age of staff and budget constraints, silent authentication is also a scalable solution that doesn’t require additional resources.
Finally, with growing regulatory pressure from legislation like GDPR, ISO, and SOC 2, organisations need to be able to authenticate employees without over-collecting user data. Traditional authentication methods – especially those that rely on passwords, biometrics, and personally identifiable information, often require organisations to store sensitive user data in centralised systems. This expands the organisation’s attack surface in the event of a breach and creates compliance risk if the data is mishandled, or kept longer than it needs to be. Silent authentication eliminates this risk.
The future of authentication is invisible
Security shouldn’t come at the cost of productivity. As identity becomes the new security perimeter, the most effective strategies will be the least visible ones that don’t get in the way of employee workloads or create frustration.
By embracing silent authentication, organisations can reap the cost benefits of BYOD, increase employee productivity, and free up IT teams to focus their efforts elsewhere. Meanwhile, employees gain the ability to work from anywhere – on the go or in the office – on the devices they know and are familiar with, giving them the flexibility to switch between their personal and work lives.
Andy Ulrich
Andy Ulrich is Chief Information Security Officer at Vonage, responsible for protecting Vonage’s infrastructure and information, as well as customer and partner data. He has been a cybersecurity leader for over 20 years, with notable experience in the telecommunications, financial, and government sectors.


