May 01, 2012, 7:05 AM — Mimecast CEO Peter Bauer recently found himself at the intersection of consumerization and IT management, falling victim to personal data loss as the result of the internal management policy he himself helped establish.
While on a family vacation in South Africa, Bauer's 5-year-old daughter tried to use his smartphone. After she entered the incorrect PIN code five times, the corporate-installed remote wipe capability kicked in and Bauer lost all of the photos he had taken through the first half of the trip.
The frustration among end users whose personal information can be lost at the hands of their employers' policy is one of the main challenges Bauer says Mimecast has seen as it continues to move forward with its young bring-your-own-device (BYOD) management policy. However, that frustration is both natural and necessary if IT is going to strike a compromise with employees, Bauer says.
"Some pretty key corporate information moves from the secure inner sanctum of your building onto a BYOD device, and if you don't have a way of protecting that stuff, then you're kidding yourself about having information security in place," Bauer says.
Mimecast's management team considered a partial wipe on employees' personal devices, which would delete sensitive corporate email and documents but leave others, such as vacation photos, on the device. However, even photos could present a risk, as Bauer says he and his employees have been taking advantage of their smartphone cameras to capture information scribbled on whiteboards in meetings so it can be referenced later on. With the increasingly innovative uses for smartphones, Bauer considered this tighter policy the only secure way to enable productivity while mitigating risk.
At the recent DevConnections Conference in Las Vegas, Mimecast surveyed 500 IT professionals and administrators on BYOD, finding that while half consider access to personal devices a "productivity necessity," another 21% said it has been a risk to their business. For another 26%, the perceived risk was enough to deny their employees the right to BYOD.
However, employees are likely to use whatever device suits them for work tasks regardless of their employers' policies, Bauer says. That suggests both that consumerization is occurring in more organizations than the survey showed, Bauer says, and that those without a management policy are leaving themselves susceptible to information security risks.