Can you be compliant with data protection requirements if your employees use their own devices?
As budgets continue to get squeezed, it is time to say goodbye to company-provided mobile devices. No more employer provided cell phones, smartphones, tablets, and laptops. No more tracking hardware assets for inventory.
Don't get me wrong, the enterprise should contribute at least a portion of the funds needed to acquire the mobile devices used for work purposes. Yet, with today's rate of technological advancement in the consumer-focused market, companies no longer need to try and keep up with the latest advances in the mobile device space while dictating a company standard set of devices.
Blasphemy, you say? I think not. Your employees will love you for it.
Most companies have a device refresh cycle somewhere between two and four years. This usually equates to two years for a smartphone and three to four years for a tablet or laptop. Have you ever met an employee with a four-year-old laptop who raved about the performance of their company-issued machine?
Do your employees love their personal netbooks, laptops, iPhones, and Android devices? Indeed they do. Would your employees rather use their own mobile devices to be more productive at work? Yes they would.
Are you wondering how you could be compliant with myriad local, state, federal, and international requirements if your employees used their own devices?
The answer: focus on safeguarding the information. Protection of the information is what really keeps us up at night, not the laptop or smartphone hardware. Here are some examples of how you can do that. The following are not meant as product endorsements, but rather to give you an idea of types of solutions available.
For smartphones, Good Technology provides a solution that enables your employees to utilize their smartphone device platform of choice (iPhone, Android, BlackBerry, Windows Mobile, etc.), while you maintain control and protection of the organizational information. Good Technology provides for the separation of the device user's personal information from organizational information.
For laptop, netbook, and tablet computing devices, MXI Security and Lockheed Martin, among others, provide solutions that focus on protection of information and not the computing hardware. The MXI Security Stealth ZONE and the Lockheed Martin IronClad plug into a USB port and securely boot their own operating system, applications, and user data. Worried your user's consumer focused device may be infected with the latest malware? No worries, The Stealth ZONE and IronClad run independent of the device's hard drive.
Go ahead, see what happens when you enhance the satisfaction of your mobile workers by letting each choose his or her own device.
Ben Halpert CISSP, is an information security researcher and practitioner and writes monthly about security. Comments, questions and requests can be sent to him at firstname.lastname@example.org; please include SECURITY in the subject line.