The new breed of handheld gadgets is making it easier than ever for legal professionals to access sensitive documents away from their desks. But it is important to keep security in mind when trying to stay productive on the road.
Walk into almost any office and you’ll find file-sharing services like Dropbox or Google Drive lurking in the background, syncing important documents outside the firewall – with or without the blessing of management. It’s not that staff are trying to be subversive; they’re simply trying to do their job and stay productive while they’re away from their desks.
Rather than simply locking things down even tighter, the key to managing mobile security is to offer staff secure business-grade alternatives. There are two key ways to approach mobile security.
1. Mobile device management
This involves locking down devices with passwords and encryption, as well as remote management features such as remotely locking and wiping lost devices.
Many organisations use BlackBerry or Microsoft’s Exchange ActiveSync to manage email, calendars and contacts on handheld devices. These platforms can also let IT departments enforce mobile device management security policies such as the need to lock devices with a password.
One of the limitations of BlackBerry and Exchange are their all-or-nothing remote wipe options. Wiping the contents of a lost or stolen phone can be an issue when it’s a personal device, containing family photographs and other personal data. Some of the third-party mobile device management platforms offer more flexibility if BlackBerry or Exchange don’t meet your needs.
2. Mobile application management
The alternative involves providing secure access to documents and other corporate data from almost any device. It’s an approach that offers greater flexibility for organisations running bring your own device (BYOD) programs.
Sandbox-style services such as Good Technology’s suite of apps create secure containers on end devices. These containers can be wiped remotely, leaving the rest of the device’s data intact. Meanwhile, secure access services such as Citrix’s Receiver offer remote access to applications running on a server, without storing sensitive data on the end device.
Legal professionals looking to protect sensitive documents on the go should certainly weigh up both mobile application management and mobile device management services.
3. Lay down the law
Mobile security is as much about people and policies as it is about technology. It’s important for organisations to develop detailed acceptable usage policies for mobile devices and remote document access – detailing the rights and responsibilities of both staff and the business. It’s also important to spell out exactly where jurisdiction over work-issued and BYOD devices starts and ends.
