I know, I know…it’s been a while since you’ve seen me ramble on about something in enterprise mobility. The truth is, I’ve been unbelievably busy with work and getting the last minute details sorted out for my impending nuptials. The other fact of the matter is that people are heads down implementing enterprise mobility (it is Q4, you know), which means we’re not going to be hearing anything net new for a couple more months (sorry, as interesting as it was to see the new Nokia devices, that has little to do with the enterprise).
Now all that said, I did stumble upon a nice little article over at PC World today regarding the legal impact (specifically e-discovery) of allowing employees to bring their own mobile devices into the workplace.
Here’s one quote from Paul Martin, Baxter’s CIO:
“The discussion we have had is how to do e-discovery with other people’s devices. If it’s a personal device, can we wipe it? This gets gray,” he says. “We’re trying to determine how to draw those lines.”
Dear Mr. Martin. Let me save you a LOT of time and money trying to answer this question. You can’t wipe the entire device….especially in countries like France and South Korea where there are laws that specifically forbid you from doing so. You’re going to have to find an alternative means of managing your corporate data all the while allowing your employees to keep photos of their loved ones on their devices. The way I see it, you have three main options:
- Use an enterprise mobility management system that gives you both mobile device management and mobile application management functionality; or
- Use a sandbox approach where your employees will need to enter a username/password each time they access the secure container; or
- Use some of the emerging mobile virtualization tools that basically clone the OS and create a dual persona for the device.
In more and more scenarios, full blown remote wiping is becoming too much of a blunt instrument – particularly if the device was not lost or stolen, but rather that the employee has changed roles or (un)willingly left the organization.
Now, back to the article. Here’s my favorite sentence of the entire story:
“Employees have to understand their corporate responsibilities related to data and allow IT to implement certain management controls, even if it is a personal device,” says Joe Oleksak, a security assurance manager at the consultancy Plante and Moran.
Amen!!! We’ve spoken at length here in this little corner of the interweb that we need to shift the conversation from a question of individual vs. corporate liability into one of joint responsibility….all predicated on the development of a holistic mobility policy. It’s nice to see others (those who do not visit this e-watering hole) starting to agree with that vision.