Imagine you are on a business trip to New York City. You step off of the Amtrak in Penn Station and wait in the line for a cab. After successfully hailing a ride, you sit in the back seat, ask the driver to take you up to midtown, and pull out your cell phone to make a few calls along the way. Wait … OH NO!!!! Where is my phone???? After thinking through the past hour step by step, you come to the awful conclusion that you left your phone in the seat pocket on the train.
Many thoughts and emotions could enter your brain at this point. Panic and fear are probably at the top of the list. You think through the logistics of what needs to happen. Most of your thoughts have to do with retrieving the device as quickly as possible, but that will take some time and may never happen, so what about the sensitive corporate data that is on your phone? Have you thought about that?
Bring Your Own Device (BYOD for short) is a term given to devices such as cell phones, iPads and computers which are owned by employees and used for work-related activities. In the above scenario, a breach of sensitive information could possibly be one result. Everything from corporate e-mail to important documents and spreadsheets could now be in the hands of, let’s just say, the wrong people.
IT departments both small and large have struggled with this issue for several years now. Back in the mid-2000s, many companies issued their employees corporate-owned devices such as Blackberries that were managed and maintained by the IT department. The capabilities of the devices were limited to a list of approved applications, and they were subjected to security policies crafted by IT to enforce mechanisms to keep the data stored on the device safe. Today, when it seems that everyone owns a smartphone, many IT departments have little to no control over who has access to sensitive data.
Most major corporate e-mail solutions have the ability to remotely wipe all data from a lost or stolen smartphone. But many times, that is simply not a suitable solution to the security issues surrounding BYOD. Enter Mobile Device Management (MDM). There are many MDM solutions available in today’s market and quite possibly, your company uses one to control access to corporate data via phones and/or tablets. If your company does not use MDM, perhaps it is time to investigate the options. In general, MDM solutions provide a method for granularly being able remove corporate data from personal devices, track which devices have access to corporate data, set limits on which apps are allowed to be used, and apply policies to enforce basic rules such as a six-digit PIN.
There are several subsets of MDM such as Mobile Application Management (MAM) and Mobile Content Management (MCM), but these features should be part of the complete solution as opposed to a solution by itself. There are also privacy concerns about companies applying tracking and management software to personally owned devices. The general rule when a company chooses to implement an MDM solution is transparency. Employees should know what information is being tracked, what data can be accessed by IT, and what the written policy is concerning BYOD.
Few people want to carry two devices (one for personal and one for business). IT departments have a responsibility to provide a suitable solution for that issue. That solution ideally should involve a central mobile management application, but at a minimum, a written policy should be distributed and signed off on.
Rich Kenney is vice president of Wilmington-based TechSolutions Inc., which has provided skilled technology services to small and midsized businesses since 1999.