Archive

Archive for June, 2011

Policies in the New Information Age

One of my clients just implemented a new policy within their organization. Concerned about the ease with which corporate data could be lost or stolen as a result of mobile devices, the powers that be decided all users of mobile devices needed to agree to the following provisions in order to get access to corporate email and data.
1.  The company reserves the right to wipe the mobile device for any reason.
2. The company reserves the right to install software on the mobile device for security purposes.
3. The company reserves the right to require encryption sometime in the future.
4. A password or pin will be required to access the mobile device

My initial reaction to this policy was that it was over-bearing and unenforceable. While I understand the need for companies to protect confidential email and other data, the fact of the matter is that this policy doesn’t address the key issue. It is, like many policies and laws, a knee jerk reaction to technology changes that are ahead of controls.

Wiping a mobile device as a result of it being stolen makes a lot of sense.  Wiping a device as a result of a resignation or termination for cause is like closing the barn door after the horse has already bolted.  If an employee is unhappy, there are too many opportunities for them to copy emails and data to a variety of devices prior to a resignation to worry about wiping the device after the fact.

My position is that this particular policy – as written – is too draconian and does not provide any background or explanation as to WHY the overbearing provisions are there.  Also, there is no explanation of why it is important for the owners of the devices need to back up their mobile content and data (music, pics, apps, etc.).  Backing up personal information will prevent it being lost forever in the event the company ever has to wipe the device due to termination or theft.  It does also beg the question, that if personal data can be backed up, can’t corporate data also be backed up?

Categories: Uncategorized