In a world of mixed device ownership, including BYOD and COPE devices, there are legal concerns that extend beyond simply securing corporate data or providing access. From a legal perspective, one must also consider how these devices could be handled as part of a court case.
In an article on TechRepublic, Will Kelly interviews Chris Gallagher, national director fro Adecco eQ, an eDiscovery firm, about the challenges of BYOD in litigation. As the article notes, devices can be put on a litigation hold when an organization must preserve relevant information in anticipation of litigation, which puts forth some interesting questions. Who owns the device? How do you differentiate personal versus corporate data? Who has control over the data? How do you ensure data is protected? How can you get back the data? These are all valuable questions.
Gallagher said you need to ask, "How do you get that data back? How do you ensure that you're not losing, not only from a litigation perspective, but the other major issue is corporate information, trademark secrets, corporate secrets, confidential information that you wouldn't want to enhance?"
As noted in the article, organizations that master these control factors - over the data even if not the device - are the most protected if called into discovery. The same is true for organizations facing security incidents involving endpoint devices, whether corporate-owned or BYOD. In both cases, it comes down to visibility and control.
With Absolute Data & Device Security (DDS), your organization can maintain a two-way connection with each device, regardless of ownership, to assess risk and apply remote security measures to protect the device, but more importantly the data it contains. Devices can be remotely frozen, even automatically according to policies, with an audit log to prove data on a compromised device was properly secured, not accessed, and/or safely deleted. This audit log has many valuable uses, from a legal and compliance perspective. To learn more, visit Absolute.com