This post is from the Apperian blog and has not been updated since the original publish date.
Guarding Against the Legal Risks Associated with BYOD
Even though bring your own device (BYOD) has become a widely-adopted movement, many IT managers and business leaders still aren't aware of the legal risks associated with information security and customer information accessed on employees’ personal mobile devices.
As David Navetta, an attorney and founding partner of the Information Law Group notes in a recent TechRepublic article posted by Michael Kassner, “the era of legal defensibly is upon us. The legal risk associated with information security is significant, and will only increase over time. Security professionals will have to defend their security decisions in a foreign realm: the legal world.” The security differences between the management and monitoring of company-owned devices versus mobile devices owned by employees are considerably diverse.
As Kassner notes in his article, security managers have “almost” dictatorial authority over company-owned devices. For instance, security managers usually determine what types of devices can be used by employees and how they are to be configured. Corporate security teams often install security software and patches on company-owned devices and encrypt company data on each of the devices.
At Apperian, we understand the importance for organizations to mitigate the legal risks associated with BYOD. For instance, company trade secrets and other proprietary information like customer data can’t fall into the wrong hands. Employees encounter these risks all the time, whether they’re accessing a customer database while traveling and using an unsecured network or when they access less-secure cloud storage services such as Dropbox. Rogue employee behavior doesn't help. According to a study conducted by Juniper Networks of more than 4,000 mobile device users and IT professionals , 41% of employees circumvent their employers’ official mobile device and mobile security policies.
But we also believe that a tyrannical approach to device security isn't deferential to employee device ownership or usage, particularly when it comes to respecting the privacy of an employee’s personal apps and data. Mobile application management (MAM) is a more agreeable approach to securing mobile apps and data without intruding on employee’s personal apps and data.
Enterprises can inspect applications to screen for risky behavior and security vulnerabilities, such as malware, trojans, and intellectual property exposure using MAM solutions. Providing administrators the ability to inspect an iOS, Android or Blackberry application can help enterprises to ID potential vulnerabilities with specific apps and circumvent the legal risks associated with lost, stolen, or misused data.