Technology Practice Tips: BYOD (Transcript)

This is a transcript of a podcast discussing Bringing Your Own Device, issues and tips relating to using and creating policies for this new concept.

Speaker Key:   PB Phil Brown, DW David Whelan

PB:  Hi, it’s Phil Brown. I’m here with David Whelan, and today we’re going to talk about BYOD.

DW:  Why do we have to talk about liquor licenses, Phil?

PB:  Exactly. Bring your own dinner. Bring your own device. So what are we talking about when we’re talking about Bring Your Own Device?

DW:  BYOD is a concept that is sweeping enterprises, large law firms in places, and most solos and small-firm lawyers will already understand exactly what the concept is, which is that we are moving from an environment where all of the technology that’s used in a law firm is provided by the law firm. And now you can bring your own device. You can bring your own technology – BYOT – and use it at the firm with the firm’s resources but with the comfort level of having it set up and configured the way you want it to be.

PB:  Right. The firms are deciding that they are no longer going to buy technology for people; they can bring their own phones and tablets and so on, use them and store firm information on them. Of course that brings up some issues.

DW:  Yes, no problems to have everybody bring in things. The technology that is available now - maybe they use it at home for home or personal purposes. Those different worlds are starting to collide. You have to think about what your policies will be related to, the types of technology you will allow to access firm systems, and what happens to the data that’s put onto those systems if the person leaves the firm. Those sorts of policies need to be worked out when you’re starting to bring other people’s technologies to the firm’s technology base.

PB:  Right. So one of the things that we always go back to when we deal with technology is the human factor and policies – what is allowable, what is not allowable, and the security that needs to be brought in to protect everyone.

DW:  Right. The challenge with BYOD is that you can quickly create enough policies that it defeats all the benefits of having BYOD. So you really need to be a little bit flexible, perhaps more flexible than you would be if the person was using firm technology. But you do need to think about the eventualities. The nice thing about BYOD is that if you are already embracing cloud technology or web-based technology, whether it exists by a private provider or your law firm has Exchange and it is web-enabled email, you can get to these on all these devices and you don’t really need to make it more cumbersome than it needs to be for those people to use their own technology.

PB:  Right, but you still have to protect client confidentiality. And the law firm, or the lawyers at the law firm, still have to own the information that is on that device.

DW:  Right.

PB:  So that needs to be clear in the policies. I guess also within those policies, you should make it clear that a certain level of security has to be in place with respect to complex passwords that are being used, the ability to remote-wipe those devices if they’re lost or stolen, things like that.

DW:  And this has been a challenge, I think, and may have been one of the reasons that BYOD didn’t happen as fast as it might have, which is that in general, if you had a device, whether it was a laptop or a phone or a tablet, it was all or nothing. If someone had access to the device, they essentially had access to everything. Sure, you can create profiles, but that may not always have worked. If you have Windows profiles, perhaps you left your Windows profile open and your child got on and was able to access things through that profile. Now we have the ability to segment phones, tablets, and laptops much better, so that you can create a work profile and a personal profile and have different levels of security.

For example, if I use Divide, which is an app for Android, I can segment my Android tablet so that part of it is encrypted. It is secured with a password and part of it is open, so that if all I want to do is use Angry Birds, I can get to the Angry Birds app without using any security. But if I want to get to confidential information, I need to go through the security layers that are on the device.

PB:  Right. You mentioned encryption. That’s always one of the things that we do talk about. It’s a good idea if you have confidential information stored on a device to encrypt it as well.

DW:  For sure. The smaller the device, the greater chance you are likely to lose it or drop it, and if the information on it is encrypted already then you don’t need to worry about what happens to that device afterwards.

PB:  And synchronisation, in terms of firms’ being able to store and update information from their various employees or associates is a good idea as well.

DW:  Right. BYOD doesn’t mean that you have to give all the keys to the kingdom in order to enable people to bring their own technology; it’s about flexibility. You can create flexibility and still have requirements, like Phil said, about having strong passwords so that if the person is going to connect to your network, they have to perhaps install some apps so that they can do the remote wipe, or that they are meeting the encryption standards or password standards that you set.

PB:  Now, it used to be with a lot of firms that the BlackBerry was the standard, and part of the beauty of that was their Enterprise Server.

DW:  Right. And I think that that’s going away. But the nice thing is that where the BlackBerry Enterprise Server was perhaps the only server that really provided that security, we now have lots of other opportunities, whether it’s through cloud or through internal systems, to provide web interfaces that can be used on any device with the same levels of security.

PB:  Right. And for the longest time, and I don’t know how many are still out there, there were hosted servers as well, where you could buy some shared time on them with the same level of security.

DW:  Right.

PB:  So one of the keys, to sort of summarize, is the flexibility of BYOD and still being able to have policies in place.

DW:  Right. There may be an app or a website, a cloud service; some technology that your firm needs to use that requires you to have everybody using a Mac or everybody to use an iPhone or everybody to be in Windows or whatever. And so those limitations may restrict your flexibility a little bit, but BYOD is a great opportunity for staff and lawyers to have an environment which they’re familiar or comfortable with, with a little bit more flexibility than sometimes happens with standardized IT.

PB:  Sure. And you can still protect your client information and your firm’s information just by having policies and procedures in place.

DW:  Exactly. 

PB:  Perfect. That’s our look at BYOD. Thanks very much, David.

DW:  Thanks Phil.