With the recent rise in popularity of “bring your own device” (BYOD) policies at companies across the world, many technology leaders are finding themselves in legal binds after improperly setting company guidelines for mobile device management. CIO.com reports that in the last few years, companies found themselves in legal trouble after writing “overly broad policies or policies that went too far.” The website also reports that, in a courtroom, a judge will suppose companies are able to “preserve and collect all information created in conjunction with work that relates to litigation.” Trouble presents itself, however, when companies are unable to access this information because the company did not write employee consent into its BYOD guidelines.
How Do You Minimize Legal Risk of BYOD Policy?
Necessary steps should be taken to avoid any breach of company data and minimize legal risk for an organization implementing a BYOD policy. Firstly, employees should be informed of the terms they are agreeing to from the get-go. People routinely sign agreements without reading them, and understanding that encroaching upon their personal privacy is not a concern from the beginning will help employees enter a BYOD agreement without apprehension. Without agreements that require employee compliance in an investigation, searches through personal clouds on BYOD devices can become, according to CIO, “a highly contentious issue.”
Knowing where data is stored and from where it originates will help to assess the amount of data exposure a company may be allowing. One solution to limit corporate data exposure is to install mobile device management systems to control corporate content on devices remotely. In a mobile security survey performed by Information Week, it was discovered that, out of all survey participants, only 39% have mobile device management systems that are able to remotely wipe corporate data from an employee device. However, around 88% of survey participants stated, “their companies allow or will soon allow employees to bring their own mobile devices into the workplace to access corporate systems and store sensitive data.” Increasing awareness of mobile device management systems is sure to assist in avoiding corporate data leaks or security issues for BYOD.
F5 has industry-leading BYOD solutions, such as F5 BIG-IP Access Policy Manager (APM), which provides a single point of control in your infrastructure and grants or denies email access to mobile devices. BIG-IP APM has strong user authentication and authorization capabilities to support user and device security certificates, Exchange ActiveSync User Policy settings, and other information in Active Directory. The solution also stores device information provided in the packet flow, such as device type and device ID, to employ multi-factor validation.
Using BIG-IP APM, traffic management decisions can be made and enforced at the edge of the network and permit the use of built-in Exchange security functionality, such as ActiveSync policies and remote device wipe.
Be Cautious and Consistent
It may be too early to predict what is to come for BYOD and the law, but we know policies and guidelines will shrink that as the BYOD trend matures. Companies must create consistent guidelines to ensure that data security will improve and the threat of theft or loss will diminish. Even the most cautious companies are still at risk, but knowledge and understanding of the problems at hand will make is easier to avoid potential legal trouble in the future.
BYOD presents of number of legal, technical and financial challenges. At ADAPTURE, our expertise in the design and implementation of BYOD-ready architecture will get your policies and procedures implemented quickly, securely, comprehensively, and with the latest technologies and advancements in mind.
Disclaimer: ADAPTURE is not in a position to offer legal advice and any issues related to the legality of your company’s BYOD policy should be discussed with a lawyer.