Consumerization Talks – Sharing the Stewardship of Mobile Data

An interview with Philippe Winthrop

Managing Director
The Enterprise Mobility Foundation

According to Gartner, the consumerization of IT is the most significant trend affecting the IT Industry in the next ten years. As the Managing Director of The Enterprise Mobility Foundation, how would you describe the impact that this trend is having on the members of your organization?

Your IT department, like IT functions everywhere, is charged with managing corporate applications, preserving the security of your company’s lifeblood, and complying with government and industry regulations. Meanwhile, a torrent of mobile devices, neither issued nor owned by the organization, is pouring down on you. Don’t feel alone. The BYOD storm has been raging for two years, and you would be surprised how many companies are struggling to put a strategy in place to manage it. For example, an enormous bank—whose name and geography I can’t disclose—is still thinking about PIN functionality and email and calendaring, rather than application development and management. In this mobile conundrum, they and many other companies are only looking to their IT department for direction.

BYOD: Besides preserving data security and managing a myriad of personal devices, what is the new set of legal and ethical issues that may arise when employees are using their own devices for work?

Beyond the onslaught of mobile hardware and software, BYOD has ignited a debate about individual versus corporate liability. Tantalizing legal questions are raised: Should the corporation have the right to track an employee’s location? How can we comply with government regulations, if the employee owns the device? Can my employer erase my personal photos if I lose my iPad? In an age where technology evolves in a nanosecond, we’ve already been debating this topic too long. Mobility is not purely a technology issue. It’s also an HR, finance, operational and legal issue. With mobility touching every facet of a business, how can a single department or function possibly be expected to manage it?

Consumerization is here to stay. IT organizations around the world are opening up corporate networks to consumer technology brought in by the employees. How do IT policies need to adapt to this new model?

It’s time we shifted the conversation to shared responsibility. Some companies are already putting joint-stewardship models in place. Envision this as something of a cross-functional steering committee, chaired by a chief mobility officer (or some other fitting title). Only a multi-faceted team can create an effective, formal mobility policy—one that every user understands, and signs off on. While each company needs to tailor its policy to the organization’s needs, every mobility policy must contain specific guidelines for employees who want to use their personal devices for work purposes. For example, “If my device is lost, I will report it within X amount of time,” and, “I understand that I cannot use questionable applications that could unleash malware, and endanger corporate data.”

Regulatory compliance is clearly a key business requirement. How about employee privacy vs. corporate liability?

The corporation’s responsibility should be equally clear. For example, “The Company shall not copy or retain personal data on a user’s device that is unrelated to business data,” or, “The Company is responsible for tracking illegal activity that threatens corporate data.” Regional privacy laws and industry/government regulations have to be considered, although regulations for the use of personal vices for work are still in a state of flux. A lot is open for interpretation. This is why companies must spell out procedures specifically, and determine what degree of access is acceptable for user-owned devices.

Looks like it is going to take a while before IT organizations can fully embrace this new IT model. Are we there yet?

Realistically, there are another 6- to 12-months of BYOD debate ahead. Forward-thinking companies are already framing the solution as a corporate-wide effort.