Dealing with the disaster of a lost BYOD device

What should the reaction be if an employee loses a device? Enterprise AppsTech spoke to Fiberlink's Jonathan Dale to find out.

It’s the sort of thing which could make a CEO wake up at night in a cold sweat: an employee’s device which has been lost and is full of sensitive company information could be picked up by anybody.

But the situation needn’t be so bad.

Recent UK-based research from Sophos has revealed that one in three people had admitted to losing a device, which is a worryingly high number.

Yet the loss of device often comes under the remit of MDM companies, and Jonathan Dale, marketing VP at enterprise mobility management providers Fiberlink, dismissed the idea that lost devices were a major concern for enterprises.

“The more portable a device is, the easier it is to get lost or stolen,” said Dale, adding: “I think companies look at an MDM solution and have a simple way to take care of it, and because they have that they say, ‘Okay, device is lost...we push out the proper commands to terminate that device, we get the user a new device and we move on’”.

Don’t wipe all the data

So what are these proper commands? Dale notes that one of the most frequent commands is a selective wipe, as opposed to a full device wipe – an important component to any MDM agent.

Enterprise AppsTech spoke to AirWatch’s Victor Cooper earlier this week, who noted that “being able to selectively wipe corporate content ensures the security of the network and also comforts the end-user”.

Dale noted a different aspect. “From a corporate standpoint, [companies] really only care about the corporate information, corporate applications and the data associated with those apps.

“If a device is lost, it’s possible that the user is going to find that device, so the easiest thing to do is push a selective wipe to that device, and if the user finds it, with some operating systems like Apple you can revoke the selective wipe, and so it gets the user in almost real time back to having the corporate data in that application,” he added.

What practise should be put in if a device gets lost?

According to Dale, there are two vital things both employer and employee can do if a device gets lost:

1) The end user reports the device as lost as quickly as possible. This is self-evident, but more importantly, the helpdesk can try to locate the device – either current location, or last known location if the battery is dead, or location-based services are not turned on.

2) Verify the device had a passcode policy. This is important given that Apple devices are encrypted out of the box whereas Android devices aren’t.

Once those two facts are established, a more informed decision can be made as to selective wipe, or to give the user time to find the device.

“Once again, in this situation the ability to immediately push a selective wipe on that device, regardless of what the initial investigation showed, protects the company immediately,” said Dale.

“Selective wipe can easily be revoked, and it’s a very quick option for IT staff.”

The future of BYOD

Dale disagreed that BYOD security got a bad rap, stating that BYOD was the primary reason nine out of ten companies went for an MDM solution.

“They see [BYOD] as a benefit,” he said, adding: “The benefit does come with many security risks; however, the productivity gains around mobility and user happiness outweigh most of those risks.

“12 months from now, we’ll find there could be a percentage of companies who have tried BYOD and maybe some of them fall back on to buying corporate devices for all employees.

“That doesn’t mean BYOD failed for them, but maybe an organisation found it simpler to just buy devices of the employee’s choice, versus trying to figure out the complexity of BYOD.”

Do you think mobile device management effectively snuffs out the problems posed by an employee losing a BYOD-enabled device? Find out pertinent enterprise apps issues at Apps World North America, on February 7-8 in San Francisco. Find out how you can attend here.

Related Stories

Leave a comment

Alternatively

This will only be used to quickly provide signup information and will not allow us to post to your account or appear on your timeline.

CimarronBuser
9 Nov 2012, 2:27 p.m.

James, I would add a few more thoughts to the "lost device" approach. First, companies that use MDM or MAM (mobile app management) should ensure that their app strategy and data strategy support a selective wipe. If data is highly secure, wrapping apps with higher levels of encryption (e.g., FIPS 140-2) may be required from a compliance standpoint. Again, mobile app management approaches can provide much of the infrastructure for this.

Another best practice we suggest is that users themselves should have a "Find My iPhone" option. This allows the user to self-support if they believe they have lost their phone, but if it's found under a pile of clothes in their house they don't have to bother IT. They might also decide themselves to wipe the device if they are concerned about their personal data being compromised.

Reply