Buckle up -- here comes the hard part of mobile

As IT goes beyond knee-jerk reactions to BYOD and mobile management, tricky questions remain

Page 2 of 2

Encryption is the usual solution to this issue, but when you wipe a mobile device, you also clear its encryption so that the device can be set up as a new device or restored from a backup, such as from iCloud, Google Play, Windows Store, or iTunes. That's why several vendors offer encrypted application containers for managing apps developed with their APIs: They can more securely wipe their containers without affecting the rest of the device, leaving its encryption enabled.

For most people, the standard remote wipe is sufficiently secure -- there aren't cyber thieves shadowing them to steal their unattended device and recover its data.

But wiping a device does delete all its data. Given that a tool like Quickoffice or Box can be used for both personal and work data, it's reasonable to expect IT to wipe the whole device, just to be safe, if there's a loss or theft or when a person leaves the company. If you have an iPhone or iPad, your personal iTunes or iCloud backup means you can restore your personal data after such a wipe -- it's a simple task. Other devices don't have such a simple backup capability.

But some companies block use of iCloud, which means your personal data -- photos and any data in iCloud-compatible apps like GoodReader and iWork -- is not backed up for you. That can be problematic for workers on the road, as one CIO discovered when his draconian remote-wipe policy caused him to lose his vacation photos.

If an employee backs up via iTunes at home (a process Apple has largely automated), the employee is OK. But of course work data is backed up to that computer running iTunes -- including any work data stored with apps on the device. Yes, iTunes has an encryption option for those backups, but if a company wants to wipe all company data that an employee may have, such as when an employee leaves the company, there's no surefire way to do so.

The lack of backup on other mobile devices in a way reduces the risk, but you can expect users on those devices, as well as on iOS, to use cloud storage -- Windows Phone and Windows 8 even come with SkyDrive storage by default -- so you still have the possibility of corporate data in the the wild. Without true information management, you're left to best-efforts methods and a need to trust -- or provide no access at all.

Managing e-discovery
If you're dealing with a lawsuit's discovery motion, the use of mobile devices complicates the already complex e-discovery process. If you use server-based email such as Exchange or Google Apps, you have the emails received and sent from the user without needing to access the employee's mobile device. But if an employee used a personal email address to communicate something being sought through discovery, you may need to get that device and review its contents. This raises all sorts of messy issues related to user privacy.

The law around such access is murky, though courts have more often than not decided that work information on personal devices is subject to e-discovery. Realistically, that means users' devices could be taken for legal discovery and all the contents rifled through. Making that clear in employee policies is probably a good idea. For employees who don't want their personal devices accessed by their company or opposing lawyers, the one true option is to use a work-only device for work and not mix personal and work to begin with.

These mobile questions extend beyond mobile
By now, I bet most readers have realized that all these issues could apply just as well to personal computers, such as home PCs. In fact, they can.

Whether you use home email on a home computer, a personal smartphone, a work computer, or a work smartphone, the e-discovery issues and privacy-invasion possibilities are the same. Whether you work with information on a home computer, a personal smartphone, a work computer, or a work smartphone, the deletion and backup are the same.

When it comes to information access, most companies give their own devices a pass, assuming they are safe and trusted. I think that's naive in the day of work and personal blending of hours, location, and tasks, especially for workers who travel frequently. It may be best to apply whatever segregation and access policies you can regardless of whose device is in use -- because the notions of "mine," "yours," and "ours" are further blurring.

This article, "Buckle up -- here comes the hard part of mobile," was originally published at InfoWorld.com. Read more of Galen Gruman's Mobile Edge blog and follow the latest developments in mobile technology at InfoWorld.com. Follow Galen's mobile musings on Twitter at MobileGalen. For the latest business technology news, follow InfoWorld.com on Twitter.

| 1 2 Page 2