This is a transcript of a podcast discussing Bringing Your Own Device,
issues and tips relating to using and creating policies for this new concept.
Speaker Key: PB Phil Brown, DW
PB: Hi, it’s Phil Brown. I’m here with
David Whelan, and today we’re going to talk about BYOD.
DW: Why do we have to talk about liquor
Exactly. Bring your own dinner. Bring your own device. So what are we
talking about when we’re talking about Bring Your Own Device?
DW: BYOD is a concept that is sweeping
enterprises, large law firms in places, and most solos and small-firm lawyers
will already understand exactly what the concept is, which is that we are
moving from an environment where all of the technology that’s used in a law
firm is provided by the law firm. And now you can bring your own device. You
can bring your own technology – BYOT – and use it at the firm with the firm’s
resources but with the comfort level of having it set up and configured the way
you want it to be.
PB: Right. The firms are deciding that
they are no longer going to buy technology for people; they can bring their own
phones and tablets and so on, use them and store firm information on them. Of
course that brings up some issues.
DW: Yes, no problems to have everybody
bring in things. The technology that is available now - maybe they use it at
home for home or personal purposes. Those different worlds are starting to
collide. You have to think about what your policies will be related to, the
types of technology you will allow to access firm systems, and what happens to
the data that’s put onto those systems if the person leaves the firm. Those
sorts of policies need to be worked out when you’re starting to bring other
people’s technologies to the firm’s technology base.
PB: Right. So one of the things that we
always go back to when we deal with technology is the human factor and policies
– what is allowable, what is not allowable, and the security that needs to be brought
in to protect everyone.
DW: Right. The challenge with BYOD is
that you can quickly create enough policies that it defeats all the benefits of
having BYOD. So you really need to be a little bit flexible, perhaps more
flexible than you would be if the person was using firm technology. But you do
need to think about the eventualities. The nice thing about BYOD is that if you
are already embracing cloud technology or web-based technology, whether it
exists by a private provider or your law firm has Exchange and it is web-enabled
email, you can get to these on all these devices and you don’t really need to
make it more cumbersome than it needs to be for those people to use their own
PB: Right, but you still have to protect
client confidentiality. And the law firm, or the lawyers at the law firm, still
have to own the information that is on that device.
PB: So that needs to be clear in the
policies. I guess also within those policies, you should make it clear that a
certain level of security has to be in place with respect to complex passwords
that are being used, the ability to remote-wipe those devices if they’re lost
or stolen, things like that.
DW: And this has been a challenge, I
think, and may have been one of the reasons that BYOD didn’t happen as fast as
it might have, which is that in general, if you had a device, whether it was a
laptop or a phone or a tablet, it was all or nothing. If someone had access to
the device, they essentially had access to everything. Sure, you can create
profiles, but that may not always have worked. If you have Windows profiles,
perhaps you left your Windows profile open and your child got on and was able
to access things through that profile. Now we have the ability to segment phones,
tablets, and laptops much better, so that you can create a work profile and a
personal profile and have different levels of security.
example, if I use Divide, which is an app for Android, I can segment my Android
tablet so that part of it is encrypted. It is secured with a password and part
of it is open, so that if all I want to do is use Angry Birds, I can get to the
Angry Birds app without using any security. But if I want to get to
confidential information, I need to go through the security layers that are on
PB: Right. You mentioned encryption. That’s
always one of the things that we do talk about. It’s a good idea if you have
confidential information stored on a device to encrypt it as well.
DW: For sure. The smaller the device, the
greater chance you are likely to lose it or drop it, and if the information on
it is encrypted already then you don’t need to worry about what happens to that
PB: And synchronisation, in terms of
firms’ being able to store and update information from their various employees
or associates is a good idea as well.
DW: Right. BYOD doesn’t mean that you
have to give all the keys to the kingdom in order to enable people to bring
their own technology; it’s about flexibility. You can create flexibility and
still have requirements, like Phil said, about having strong passwords so that
if the person is going to connect to your network, they have to perhaps install
some apps so that they can do the remote wipe, or that they are meeting the
encryption standards or password standards that you set.
PB: Now, it used to be with a lot of
firms that the BlackBerry was the standard, and part of the beauty of that was their
DW: Right. And I think that that’s going
away. But the nice thing is that where the BlackBerry Enterprise Server was
perhaps the only server that really provided that security, we now have lots of
other opportunities, whether it’s through cloud or through internal systems, to
provide web interfaces that can be used on any device with the same levels of
PB: Right. And for the longest time, and
I don’t know how many are still out there, there were hosted servers as well,
where you could buy some shared time on them with the same level of security.
PB: So one of the keys, to sort of
summarize, is the flexibility of BYOD and still being able to have policies in
DW: Right. There may be an app or a
website, a cloud service; some technology that your firm needs to use that
requires you to have everybody using a Mac or everybody to use an iPhone or
everybody to be in Windows or whatever. And so those limitations may restrict
your flexibility a little bit, but BYOD is a great opportunity for staff and
lawyers to have an environment which they’re familiar or comfortable with, with
a little bit more flexibility than sometimes happens with standardized IT.
PB: Sure. And you can still protect your
client information and your firm’s information just by having policies and
procedures in place.
PB: Perfect. That’s our look at BYOD.
Thanks very much, David.
DW: Thanks Phil.