Establishing a Successful BYOD Corporate Strategy Policy
The bring-your-own-device (BYOD) revolution in the workplace has thrown a curve ball to those responsible for safeguarding your company’s data. Your colleagues are now accessing corporate data from their own computer, a tablet, even their mobile phone. Although the corporate finance groups are singing the praises of the trend, due to its inherent reduction in costs, it’s not all rosy in the BYOD world. It’s crucial to format a corporate strategy policy that will be inline with your goals.
Here’s why: With so many of us bringing more and more smart devices inside our office environments and hooking them to our corporate networks, the potential for data leakage grows exponentially. Combine that with the tablet revolution and the mobile/remote employee trends, and it adds up to a potentially dangerous data-leak train wreck. Technology is now mobile.
In a study conducted by the University of Glasgow, 63 percent of used smart devices purchased through eBay, other online marketplaces, and in second-hand stores, still had data on them. This data included personal information as well as sensitive business information. We can only imagine the increase in sensitive data leaks when you include the road-warrior’s best and newest smart device as they trade in for the next best thing.
The problem is there’s no chain of custody in the BYOD world. Think about it. When the corporations owned your cellphone and your PC or laptop, they controlled its issue to you, how you used it, what software you put on it, and when and how it was turned in and destroyed. A solid internal tracking of electronic assets coupled with a solid electronic asset disposal solution provider meant that, for the most part, the corporate crown jewels were safe.
In the BYOD world, the corporation does not own the IT equipment. Personal smart devices are being hooked up to corporate IT environments. This mating of personal and professional equipment and data is happening everywhere. Your corporate data is being commingled with secure and non-secure access points to the Web, cloud, etc. Not to mention the fact that those devices metaphorically walk in and out of your office every day, and you have no control.
Unfortunately, there is no easy answer to this problem. I have seen it addressed via software solutions at the enterprise level (think Blancco or BlackBerry enterprise), at the device level (think solutions like Apple Find My Device, etc.), and at the human resources and legal levels with policies and procedures that prohibit users’ use of corporate information. But the truth is, without a chain of custody model incorporated with these other solutions, once the corporate data is accessed or downloaded, it’s already gone — you just don’t know it yet.
The reality is that it’s going to take some time for the corporate world to catch up with what I like to call the “semi-private information revolution” like the cloud, Facebook, or social media. Secure file sharing, essential for an organization’s BYOD guidelines, is one of your best options. Services are now available to help with cloud encryption and it’s changing the way we share and monitor files. Encrypting data is crucial and minimizes the risk of sharing sensitive data and having it tampered with. And rely on your electronic asset disposal provider to help develop a strategy and process that is aligned with your corporate information sharing guidelines. Right now, your corporate data is only as safe as the process that you create.