Legal and technical BYOD pitfalls highlighted at RSA conference
Companies that don't protect themselves through policies place themselves at risk
IDG News Service - Allowing employees to bring their own devices to work is causing new challenges, including what happens when a device needs to be wiped or employees want to sell their smartphone or tablet.
Mobile security and BYOD (bring your own device) are main themes at the European edition of RSA's security conference, which takes place this week in London.
Letting employees use their own smartphones or tablets for work represents a loss of control for IT departments. Also, if personal data isn't handled correctly, the company may end up being sued, said Cesare Garlati, vice president of mobile security at Trend Micro and the moderator of a conference session called "The Dark Side of BYOD."
"If companies don't protect themselves through policies they are really exposed," said Garlati.
For example, using Microsoft's ActiveSync technology to remotely wipe a device becomes more complicated because when data is deleted from the device everything is removed, including the user's personal photos, videos, songs and so on, according to Garlati.
"The question is who is responsible for that," said Garlati.
So, initiating a remote wipe when a user has entered the wrong password too many times, when an employee has been let go, or simply by mistake could have serious repercussions.
There are both technical and legal ways for an organization to address this.
More advanced mobile device management products allow enterprises to create containers that separate personal and enterprise information and can delete just the latter, according to Garlati.
However, for that to work, information has to be tagged correctly or stored in the right place and some enterprises feel they can't trust that is the case, according to Leif-Olof Wallin, research vice president at Gartner.
"For example, on an iPad there is a good chance that the employee has stored notes from a sensitive meeting outside the container. So to be on the safe side, they wipe the whole device," said Wallin in a separate interview.
The solution is to put in place an acceptable-use policy that clearly states employees can connect to the enterprise network, but if something goes wrong, the IT department can initiate a remote wipe that also deletes personal information, according to Garlati. The rules of the policy then have to be reiterated on a regular basis, he said.
Part of that is also telling users to back up personal data if they don't want to lose it, Wallin said.
People and their devices can also be affected if their employer gets involved in litigation.
"The other party can go to the judge and say that to preserve and discover evidence, I require all the devices involved in the litigation to be seized and sent to a forensics expert for analysis," said Garlati.
Consumerization of IT
- With BYOD smartphones on the rise, IT headaches will become migraines
- Apple plays defense and offense with free software, upgrade strategies
- The three extremes of corporate BYOD policies
- IT departments won't exist in five years
- The time is right for an 'IT petting zoo'
- The next corporate revolution will be power to the peons
- Dual persona smartphones non grata at Starz
- Google Glass breaks into business
- BYOD, or else. Companies will soon require that workers use their own smartphone on the job
- 'Dual personality' could morph into Jekyll and Hyde for Samsung and BlackBerry
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
- HP HAVEn: See the big picture in Big Data HP HAVEn is the industry's first comprehensive, scalable, open, and secure platform for Big Data. Enterprises are drowning in a sea of data...
- Piecing Together the Business Intelligence Puzzle Business intelligence (BI) technology collects and analyzes company data, delivering relevant information to corporate decision-makers in an effort to produce favorable outcomes.
- Harness IT -- An Introduction to Business Intelligence Solutions Learn the key selection criteria required to provide your organization with the capability to address structured data, unstructured data and mobile demands so...
- Business Intelligence Shows its Smarts Today's Business Intelligence (BI) tools provide a new way to think about data with self-service capabilities and user-friendly analytics that can be used...
- Cloud Knowledge Vault Learn how your organization can benefit from the scalability, flexibility, and performance that the cloud offers through the short videos and other resources...
- Testimonial: Cystic Fibrosis Trust Peter Hawkins, the Head of IT for Cystic Fibrosis Trust, discusses the role CommVault's Simpana software platform plays in improving the company's information... All Data Center White Papers | Webcasts