The front page of the New York Times’ website on Monday featured a topic that’s becoming acutely familiar to legal CIOs and IT managers. “Where Apps Meet work, Secret Data Is at Risk,” addresses the disappearing divide between work and personal data on mobile devices and the attendant attempts by IT managers to wrangle the rogue corporate information that leaks into unsecured areas.
“I’ve got Dropbox, Box, YouSendIt, Teambox, Google Drive,” the articles quotes an executive as saying of the mobile applications she uses to store work. While convenient and possibly productivity-enhancing, these applications often provide less-than-secure locations for storing confidential data. Dropbox, for isntance, has had several public hackings. Another such application that blurs the line between work and personal data, Evernote, a productivity and note-keeping application with 50 million users worldwide, has just admitted to being hacked. And those are only a few platforms-the same article cites I.T. SkyHigh Networks as having counted over existing 1,200 mobile applications that try to access corporate networks.
There is some debate in the comment section of the article. Is comingling of personal and corporate data good or bad for productivity? Is it the users’, the company’s, or the application’s responsibility to monitor security? How strict should employers be with employee capabilities? It seems that regardless of the answers to these questions, the evolution towards Bring Your Own Device (BYOD) is still underway and that monitoring corporate data and all these applications is starting to seem like more and more like a gargantuan task.
Gartner’s Research Vice President Phil Redman went further than the New York Times at the Gartner Symposium/ITxpo in October with the conclusive statement that “The era of the PC has ended.” Redman believes that the gains to be had in productivity with the advent of mobile devices is too large of a benefit for companies to ignore, and that they must adapt to the times.
Gartner largely seems to disagree with the New York Times’ minor point that adding software to limit employees’ actions on phones and tablets involves too much added complexity. The research firm predicts that this is indeed the route that many companies are going to take in the near future to monitor their data.
Mobile Device Management (MDM) is software that allows IT administrators to secure, manage, and monitor employees’ mobile device usage from a centralized location. While features vary among providers, most solutions allow IT to push out applications, configurations, and messages to employees. IT administrators can also remotely wipe devices that haven been lost or stolen, and, more interestingly, track installed applications and control unapproved ones. ActiveSync from Microsoft provides some baseline MDM functions for no extra charge for those enterprises running on Exchange servers. MDM might not eliminate all concerns inherent to mobile data, but they do return at least some of the control to the enterprise.
Gartner reported in the fall that MDM will become increasingly popular in the next several years, claiming that 65% of corporations will implement an MDM platform to protect their data. Additionally, Gartner predicts that BYOD will only become more ingrained in work culture, forecasting that in the year 2016, about half of all non-PC devices will be purchased by employees. That number may extend to include PC’s by the end of the decade.
Though results from a 2012 survey from ILTA reported that 65% of law firms do not track
mobile device use, Legal IT in particular may be looking to MDM more and more in the near future to protect its confidential data. IT leaders will need to consider how they can strike the delicate balance between allowing employees flexibility with their mobile devices and protecting their confidential data.