BYOD: What Are You Liable For?

As of October 2014, there are officially more mobile devices in the world than humans. Let’s think about that for a moment. There are 7.22 billion devices on Earth, while the number of people hovers somewhere between 7.19 and 7.2 billion. This might seem a little eerie, but it’s not surprising: consider how many of your employees waltz into work on their smartphones, turn on their personal computers, and take their iPads into meetings. There’s no question that we live in a multi-device world.

Having all of these devices at our disposal certainly is convenient, but it has started to cause a lot of headaches for IT. Not only do they have more devices to manage, but now they must decide whether to manage their employees’ personal devices, too. That’s the whole dilemma behind “Bring Your Own Device” (BYOD): Do you allow it? Do you police it? What if employees choose to access company materials on their devices, anyway?

In this post, we sat down with Inkling’s Head of Information Security, Marc Winner, to help answer these types of questions. He explains what liabilities companies should consider when it comes to BYOD, as well as some of the ways to mitigate risk.

1. What is IT responsible for when employees use their personal devices to access corporate content?

As soon as any device connects to the company’s network, IT is responsible. Plus, any time employees access corporate content outside of the office, IT has the responsibility of protecting that content.

2. Where do employees typically access corporate content?

Email, of course, is the biggest way that employees access company data. But there’s also file-sharing services, such as Dropbox or Box, content management systems, or other cloud software, such as Salesforce.com.

3. What are the risks of relying on file-sharing services and email for document management?

Especially with email, the company doesn’t know who has the content or how many copies of that content there are in the “wild.” But even with file-sharing services, it’s so easy to reproduce that content—you can simply drag it onto your desktop, print it off, or email it off to a third-party.

Not only is this a security risk, but it’s an annoyance, too. At least for me, it seems like I always spend the first ten minutes confirming that everyone has the same version. These days, with outdated versions circulating throughout inboxes, desktops, and shared folders, it’s hard to keep everyone on the same page.

4. Where does IT support come in?

Basically, IT has two options: they can accept that people will likely use their own devices for work purposes and support those devices, or not. But by choosing the latter, they’re only inviting more work for themselves. Once employees do use their devices, IT has no choice but to support any work-related request.

IT would be better off delivering solutions where employees feel like they have a partner, not an adversary. In doing so, IT can provide tools that are supported by the organization to ensure that their content is properly managed.

5. What solutions would you recommend?

Ideally, any solution should be centrally managed, meaning it has a one-to-many relationship. That allows your IT team to distribute content out to hundreds or thousands of devices, while also easily removing that content should an employee leave or lose their device.

Inkling is a great example of centrally managed content—employees have access to content anywhere, on any device, but there’s also strict permissioning in place to prevent that content from circulating elsewhere. Once an employee leaves the company, it’s easy for an administrator to deny access and wipe that content from their device.

The bottom line:

Over the past few years, there’s been a lot of debate over BYOD and whether or not to allow it at your company. But, as Marc points out, refusing employees the ability to access work materials on their personal devices is fighting an uphill battle—the number of devices is only growing, as are people’s expectations for on-demand content. Instead, look for solutions that go with the BYOD grain so that you can both please your employees and protect your data.