Security at Edelman includes requirements for passwords that are secure as possible, Iatonna says. That means that all smartphones and tablets must use passwords that are complex and include a minimum number of characters, along with mandatory data encryption. After a certain number of unsuccessful passwords are entered, the device automatically resets and erases all data. This situation hasn't happened yet, he says.
Another piece of advice, from Jacobs' Carmody: Be prepared to confirm for users that any devices they are considering can meet both the security and work needs of the business. "That gives people the freedom to do what they want to do while protecting company security," she says. "It's one of those building blocks for the idea of bringing your own technology to work."
In general, the company allows Jacobs email to be viewed on personal devices, while all other key corporate applications can be accessed only via the Jacobs corporate portal. "This provides a high measure of security for managing corporate data and eliminates the need to help end-users manage data volumes on their personal devices," Carmody explains. "We, of course, also employ stringent cybersecurity practices that guard against access should a device be lost or stolen. Finally, we have a robust process for reporting lost or stolen assets that ensure immediate response to protect data in those situations."
At Carfax, access to corporate data is controlled through application privileges and passwords; users have access to corporate data and applications based on their job need and role in the company, Matthews said.
At Jacobs Engineering, employees are required to sign consent forms that allow the company to perform remote wiping of all data if the devices are lost or stolen, even personal data personal email, photos and games. The agreement says the company will delete it all if a device is lost or stolen.
The need for remote wiping has happened a few times, Carmody says.
"In those cases all data is lost," she explains. Jacobs works hard to educate the user population about its corporate policy and conditions governing end-user device use. "We also go the extra step and educate end-users about backing up and protecting their personal data" in case it has to be remote-wiped someday, Carmody says.
Some MDM tools allow devices to store critical business data in a special, secure "container," says Chris Hazelton, an analyst with The 451 Group. Business data is not retrievable outside of the container, and can only be accessed through rich passwords and other access protocols, making it much more secure. It can also be removed remotely by the business if the device is lost or stolen, without removing a user's photos, contacts and other personal information.