The evolution of mobile management and what it means for security, privacy, and the future of mobile lawyering
By Ricci Dipshan, From Legaltech News
As the Information Age evolved, the data it transported took on entirely new dimensions—no longer static or tied down, but a living, breathing and above all, moving, entity. And like a young child just learning how to walk, it had to be protected.
But instead, it took off running, and years were spent playing catch up. Until one industry finally sprinted ahead, and in doing so, pulled all those struggling behind up to frontlines.
This is, in a sense, how the legal industry came to the forefront of the effort to secure mobile data. Not out of its own volition, but as a part of the domino effect of a fundamental shift in how businesses handle mobile data.
“The financial and banking industries were the first to have to crack down on mobile data security—and regulators forced banks to make sure that their data was to be protected wherever it was in the same manner they would protect it in house,” explains Neil Watkins, vice president of security, risk, and compliance at Epiq Systems.
It was the financial and banking sector, he adds, that forced many legal firms and companies into an “overnight maturation” on mobile data security. And despite its lateness to the cause, “the legal industry is probably the most responsive industry on the planet when it comes to changes.”
The industry was, after all, a quick adopter of the bring-your-own-device (BYOD) movement, when smartphones and tablets first appeared. “When BYOD had its heyday, it was productivity at all costs,” says Watkins. “But then they said, ‘Look we really can’t go this way. We have to provide gold plate protection services to all our data as if it were in our core systems.'”
MDM: Lock, Control, Contain
And so the field of enterprise mobility management (EMM) was born, and with it the first mobile data protection software, mobile device management (MDM).
The principle behind MDM, explains Watkins, was making a “mobile device become a container in space. … Companies were saying, ‘We are going to solve this problem by creating a corporate container on that device or making the whole phone a container.'”
To Philip Gordon, shareholder and chair of the privacy and background checks practice at Littler Mendelson, this “container” is essential in being able to manage, safeguard, and keep track of a company’s data. “[MDM is] the only way the company is going to have an inventory of all the devices that are accessing its network. And it permits the employer to push security controls to the user’s device, including key information protection like password protection, encryption and remote wipe ability.”
Chris Hazelton, director of product marketing and strategy at Apperian, explains that MDM platforms are easily created by using APIs that Google or Apple published for corporate use, which also allow the installation of “VPNs for the entire device as well as corporate email and Wi-Fi access points.”
MDM’s safeguards, however, can at times come across as an overbearing, heavy-handed solution for security.
“Some employees are concerned when they read a BYOD policy, and the employer is telling them that they have the ability to wipe their entire device, and they’re going to install encryption and password protection and lockdown after periods of inactivity. There are some employees that don’t want to permit the employers to have that level of control over their personal device,” cautions Gordon.
But many get around this burden by limiting MDM to a folder, “and if we have to issue a remote wipe command, we can wipe only the stuff in the container,” he adds.
For more on this story go to: http://www.legaltechnews.com/id=1202754588308/Securing-Your-Device-BYOD-Platforms-for-Legal#ixzz45dKdwYWd