{"id":59297,"date":"2013-09-24T19:15:34","date_gmt":"2013-09-24T23:15:34","guid":{"rendered":"http:\/\/rbachnet.wwwmi3-ss40.a2hosted.com\/index.php\/"},"modified":"2021-07-04T13:44:37","modified_gmt":"2021-07-04T17:44:37","slug":"byod-love-affiar-waning","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/byod-love-affiar-waning\/","title":{"rendered":"BYOD Love Affair Waning?"},"content":{"rendered":"

\"BYOD<\/a>Tom Kaneshige at CIO.com<\/em><\/a> warns that the “Bring Your Own Device” love affair is coming to an abrupt and bitter end<\/strong>, and the lawyers are circling. He argues that in the early days of BYOD, say, last year, employees, especially Millennials, fell madly in love with the idea of using their own Apple<\/a> (AAPL<\/a>) iPhones, Google<\/a> (GOOG<\/a>) Android<\/a> smartphones, and newfangled tablets<\/a> for work. Finally, they could finally ditch corporate-issued\u00a0BlackBerrys (BBRY<\/a>).<\/p>\n

\"Bring<\/a>BYOD ushered in a new era of consumer tech in the enterprise, one that promised employees and employers will live happily ever after. But the BYOD romance has suddenly turned sour<\/strong>. Employees are questioning corporate intrusion on their personal devices<\/strong>. Did IT turn their beloved smartphone into a spy that tracks their whereabouts? The article says employees are beginning to sense companies taking advantage of BYOD<\/strong> by intruding on personal time to get free work time.<\/p>\n

Now they’re thinking about suing<\/strong>. John Marshall<\/a>, CEO at AirWatch<\/a>, an enterprise mobile device management<\/a> (MDM) vendor with 6,500 customers, told CIO, <\/em>“I anticipate a bunch of little [lawsuits], then something big will happen that’ll be a class action and become headline news.<\/em>”<\/p>\n

\"Air<\/a>CEO Marshall reports that the suits have already started. A federal case in Chicago is winding its way through the courts which claims that the city owes some 200 police officers millions of dollars in overtime back pay. The case centers on allegations that the city pressured officers into answering work-related calls and emails over department-issued BlackBerrys during off-hours.<\/p>\n

There’s no question BYOD blurs the line even more between work life and personal life<\/strong>. The Airwatch<\/a> CEO not surprisingly recommends a Mobile Device Management<\/strong> (MDM) application to control email delivery to BYOD devices. This way an employer can set a business rule that won’t allow delivery of corporate email to a subset of users during off-hours. Or a CIO can address this issue in the BYOD terms-of-use agreement<\/strong>. (rb<\/strong>– Both would be best<\/em>)<\/p>\n

\"SmashedThe CIO<\/em> article offers up another legal nightmare scenario: Lacking MDM tools to block out what can and cannot be seen on a BYOD smartphone, a help desk technician notices that an employee’s device has a lot of personal apps about a health problem\u2014and mentions his concern to the employee in the cafeteria.<\/p>\n

The employee can say, ‘How in the world did you know that?<\/em>‘” Mr. Marshall says. “All of a sudden, something that’s very benign and innocuous turns into something that’s blown out of proportion.<\/em>” (rb-<\/strong>\u00a0Help Net Security<\/em><\/a> cites recent U.S. DHSS<\/a> seven-figure settlements from healthcare institutions that failed to protect patients\u2019 health information under <\/em>HIPAA<\/em><\/a> regs<\/strong>.)<\/p>\n

\"terms-of-use<\/a>Mr. Marshall recommends a comprehensive BYOD terms-of-use agreement<\/strong>, along with transparency<\/strong> about the capabilities and limitations of the technology, will help ward off such scenarios. The IT staff also needs to be educated about their role in a BYOD environment.<\/p>\n

However, this doesn’t mean problems won’t crop up. Part of the problem, the article indicates, is that BYOD often puts business unit managers who aren’t well-versed in technical user agreements in a leadership position with mobile apps<\/a>. They’re likely to give the green light\u00a0to rogue mobile apps that violate such agreements<\/strong>.<\/p>\n

\"location-based<\/a>For instance, employees are chiefly concerned about privacy and especially location-based services<\/a><\/strong> with BYOD, and so many user agreements stipulate that apps will not collect location-based information. But someone who wants to be helpful, builds a map app for the corporate campus that allows employees to schedule conference rooms and find safety information, such as where to go if there’s a tornado. Airwatch’s Marshall explains:<\/p>\n

Maybe there’s also a button on there that says where you are in the campus … <\/em>All of a sudden people wake up and realize that every single device using that app is collecting location-based information\u2014that’s an issue.\u00a0<\/em>These are really plausible scenarios … There’s so much copy and paste and reuse of all these components that these things can happen very innocently.<\/em><\/p>\n

\"remote<\/a>Then there’s the dreaded remote wipe<\/a><\/strong>, which can land a company in some legal hot water according to the article. Help Net Security<\/em> says there is little to no case law in this area. CIO.com <\/em>reports that just last year, CIOs said they felt comfortable with BYOD because they held security’s holy grail: remote wipe, a scorched-earth capability for wiping all data on a mobile device<\/strong>.<\/p>\n

But employees weren’t happy with the idea that the company can wipe personal data on their personal device<\/strong>. Some employees refused to take part in the BYOD program for this reason. Others waited days or weeks before reporting a lost or stolen device so that IT wouldn’t wipe it.<\/p>\n

\"waitedMDM software advanced quickly and seemed to come up with a fix. Now companies can wipe only corporate apps from a BYOD smartphone or tablet, leaving personal apps untouched. In fact, AirWatch won’t even allow a full device wipe anymore for legal reasons. While this helps tremendously, it doesn’t completely solve the problem.<\/p>\n

Mr. Marshall proposed a scenario where a company buys the popular productivity app<\/a>, Evernote<\/a>, for employees to put on their BYOD smartphones. Since the company paid for the app, the company can remove it at any time. The note-taking app collects company data but also might store personal data<\/strong>, too. An employee can use Evernote to create a shopping list, recipes, vacation plans, or perhaps something more critical to their job.<\/p>\n

\"Finger<\/a>Guess what happens to this personal data when the employee leaves the company? The app, along with all the data, is wiped from the device and account. If the BYOD terms-of-use agreement<\/strong> about Evernote wasn’t spelled out clearly, who is liable for the lost data?<\/p>\n

The bloom is off the BYOD rose, and so companies had better add protections against employee lawsuits in the BYOD terms-of-use agreement and leverage MDM to make sure the agreement is followed.<\/p>\n

Truth is, employees tend to get a bit emotional when their privacy is violated or their location is tracked<\/strong> via a mobile device that they personally own. They don’t like their personal data to be wiped, either. When these things happen, companies can expect the wrath of a scorned employee. “That’s where it gets tricky,” Mr. Marshall told CIO.com<\/em>.<\/p>\n

Tony Busseri, CEO of Canadian digital security firm Route1<\/a>, told Help Net Security<\/em>:<\/p>\n

\"Angry<\/a>Along with security concerns, BYOD has brought the potential of major legal issues for the Enterprise … Many current BYOD corporate policies leave enterprise data unprotected in the event of a security breach and during an employee\u2019s exit from the company. The policy of tracking and wiping an employee\u2019s personal device opens the enterprise up to the potential for mass litigation<\/strong>.<\/em><\/p>\n

rb-<\/strong><\/em><\/p>\n

Misco<\/a> in the UK reported<\/a> that the majority of employees will not cooperate with employers’ BYOD efforts. According to the data:<\/em><\/p>\n