The quarterly publication of the International Legal Technology Association
Issue link: http://read.uberflip.com/i/80353
BYOD and Legal IT A technical and security nightmare could occur if IT takes a "sit back and see what happens" attitude or simply does not accept the BYOD movement. According to Daniel Burrus, one of the world's leading technology forecasters and business strategists, the BYOD trend is not only here to stay, it will continue to accelerate. Is your IT department prepared? The findings of ILTA's 2012 Technology Survey (data provided by ILTA from the survey-in-progress) highlight the vulnerabilities of the BYOD movement and security threats to the legal community in general. According to the survey: • 65 percent of law firms do not track mobile device use • 74 percent do not have automatic encryption of content-based email in place • 61 percent do not require laptop encryption • 17 percent do not require simple passwords on wireless email devices The often sensitive and privileged nature of information that legal workers transmit via mobile devices and cloud services should be reason enough for legal IT departments to address security issues and meet the challenges of BYOD head-on. Fortunately, several technologies are being adopted increasingly by IT departments to control data access on the wide range of employee-owned devices, and to maintain secure access to your firm's networks and data. This includes overall mobile device management, application-specific access for mobile devices and cloud service gateways. Mobile Device Management Mobile device management (MDM) is a class of enterprise software that has evolved to provide a comprehensive environment for IT to control the usage of mobile devices and ensure authorized and secure access to firm data and applications. However, MDM does require a very high level of investment, resources and administration. Most MDM systems typically involve deployment of an appliance or virtual server that manages all policies and employee access and provides a secure connection to firm data. It also requires software that is deployed on each mobile device to manage user authentication and access to authorized apps, and to control enforcement of third-party apps. According to the Gartner 2012 Report: Magic Quadrant for Mobile Device Management Software, a fully managed mobility solution should address, at a minimum, the following characteristics: • Software Distribution: Provision, upload and install authorized and firm-supported apps to employee mobile devices automatically to eliminate the need for employees • Security Management: Audit each device to ensure that only devices that comply with security policy can be enrolled in the MDM system, blocking noncompliant devices from the network. Typical policies include password protection, restricting default device apps (such as browsers and cameras) and preventing specific apps from launching on the device. Most MDM systems include secure connections for access to firm data and environments, including VPN tunnels, secure Wi-Fi and a secure browser for access to Web-based applications. • Encryption: Encrypt data stored on and transmitted via mobile devices. Most latest-generation mobile devices, such as the iPhone 4 and new iPad, provide encrypted protection of data in transit and at rest. MDM systems can be configured to allow only devices that support this type of encryption. Select MDM tools deliver their own securely contained environment with data encrypted by the MDM corporate server and with access limited to the MDM mobile app. • MDM Access to Business Applications: Implement custom apps that provide secure access to corporate email, save and manage attachments, and manage and synch contacts and calendar entries. • Data Loss Prevention: Ensure the secure distribution of content by providing a protected container on the mobile device to control access to and encrypt firm data. Policies can be defined to control file synchronization across mobile devices and with back-end applications and content repositories (i.e., Microsoft SharePoint and Office365); allow actions on files, such as save, print, send an email and copy/ paste; and control availability of files to mobile apps outside the secure container. Application-Specific Access for Mobile Devices While MDM systems provide a corporate infrastructure for managing and controlling mobile device usage, most legal-focused, to initiate their own access from a third-party store, giving IT greater control over updating and deleting authorized apps. • Policy Management: Establish user-authentication policies and control third-party applications that are either allowed or blacklisted. • Inventory Management: Track devices used by employees and service-plan expenses with the goal of allowing firms to optimize service plans and improve their negotiating leverage with carriers through a better understanding of mobile usage in real time. Peer to Peer 23