Channels

10:53 AM
Ojas Rege, MobileIron
Ojas Rege, MobileIron
Commentary
50%
50%

Preparing Your Bank for BYOD

There are some issues related to trust and liability that banks must not forget to address before implementing a bring-your-own-device program.

Understanding Liability
All enterprises have long-standing approaches to assessing the risk of employee actions and the corresponding liability. These actions range from unsecured use of company data to accessing inappropriate applications or websites. BYOD introduces a new wrinkle: The device on which these actions may take place is not the property of the company. Now, the company must figure out whether moving device ownership from the company to the employee increases or decreases corporate liability.

There are several important considerations around BYOD liability that financial institutions should address:

  • Defining the elements of baseline protection for enterprise data on BYOD devices: All companies must protect corporate data on the mobile device, but different protections may be required on different devices. For example, more protection against overprivileged consumer apps might be required on the Android operating system compared to iOS.
  • Assessing liability for personal web and app usage: Employees expect to use their personal devices however they wish. Is inappropriate use still a liability for the company, even if it doesn’t affect enterprise data?
  • Assessing liability for usage onsite vs. offsite and during work hours vs. outside of work hours: When and where should mobile device usage be monitored within a BYOD program? The boundaries of work time and personal time blur for many workers, so this can be a difficult analysis with hard-to-enforce outcomes.
  • Evaluating whether the nature of BYOD reimbursement (partial stipend vs. full payment of service costs) affects liability: Many organizations have assumed that the level of payment doesn’t impact the level of liability, but this can vary by region.
  • Quantifying the monitoring, enforcement and audit costs of the BYOD compliance policy: If liability is lower then the corresponding compliance costs should also be lower, which could potentially contribute significantly to cost savings.
  • Assessing the risk and resulting liability of accessing and damaging personal data: For example, what if IT inadvertently wipes a user's personal data instead of just the corporate data? Most organizations will cover themselves legally in their user agreement, but at minimum, this type of situation can create employee frustration.

I have seen many large organizations, including financial institutions, decide that their liability on personal devices is limited to protecting corporate data, and that they are not liable for personal web, app, or other activity on those devices. In other words, their corporate liability decreases when they move to BYOD. However, I've also seen organizations decide that their corporate liability remains unchanged when they move to BYOD. Each organization should seek its own legal advice on how to frame and assess liability variances between BYOD and traditional mobile programs.

Ojas Rege is the vice president of products and marketing at MobileIron.

Previous
2 of 2
Next
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AG4IT
50%
50%
AG4IT,
User Rank: Apprentice
6/13/2013 | 3:10:18 PM
re: Preparing Your Bank for BYOD
Security risks (lost devices, access to sensitive data) are definitely a part of BYOD, particularly for financial organizations. However, these risks can be reduced by keeping data and applications separate from personal devices. That means that there's no sensitive data exposed if an employee's device is lost or stolen.

This can be achieved with solutions like Ericom AccessNow, an HTML5 RDP client that enables users to connect from most types of devices to any RDP hosts (such as VDI virtual desktops or Windows Remote Desktop Services) and run full Windows desktops or applications in a browser tab.

There's nothing to install on the end user devices, as you only need an HTML5-compatible browser so using AccessNow also reduces IT support costs, since IT staff don't need to spend time installing software on so many different platforms. All they need to do is give employees a URL and login credentials.

Download this free white paper for some additional ideas on securely managing the mobile workforce:
http://www.ericom.com/WP-Mobil...

Please note that I work for Ericom
Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology - August 2014
Modern core systems are emerging as the foundations of effective channel integration and customer engagement initiatives.
Slideshows
Video
Bank Systems & Technology Radio