Today at the typical law firm the onslaught of various mobile devices abound. The firm is now confronted with requests to support a fractious market of iPhones, BlackBerries, and Androids. Not only must they deal with devices, they also grapple with various platforms and specific (Apps) applications. This hodge-podge environment of disparate devices can be a major challenge. This session at ILTA explored how firms deal with mobile devices and policy.
Firms have taken three approaches to mobile device management:
- Big Brother: The firm issues devices to users
In this scenario a firm decides to keep things simple and provide users with one device, this typically creates the least pressure on the technology group. In the past firms chose this route because it is easiest to manage and the most secure. However, recently this “one device” management has become increasingly difficult to sustain. Users are demanding use of their own devices which are not supported.
- Free-for-all: The firm allows all personal devices to be connected to the network
This typically engenders tremendous support among users as they can use any device to their liking. The attorney is responsible for purchasing the device. However, all other aspects are placed in the hands of the firm who is tasked with managing the multitude. The downside is that the firm is responsible for dozens of varying platforms, operating systems and devices. Security can be a huge concern under this “free-for-all” policy.
- Hybrid: The firm allows for multiple devices within set limitations
This approach allows some devices to be brought in from outside, but those units are from an accepted list. This seems to be the trend among law firms as they find more flexibility with users, thus offering them a choice.
When crafting your policy consider these lessons learned from experienced firms:
- Understand your firm culture, i.e. would your firm support a single device approach, or is the “hybrid” a better option?
- Does the firm have the resources to support multiple devices, their unique security, maintenance, and associated apps?
- What happens when the user leaves the firm? Should you wipe the entire device, or just the enterprise content?
- Treat security and manageability as the primary requirements of your policy
- In the long run, supporting multiple devices will probably not be the best plan so attempt to find common ground without causing a mutiny among your users
- Lastly all firms should require: passwords, encryption and time-out periods
At the end of the day, when crafting your policy for mobile devices the juggling of security, firm culture, and manageability of the devices will be the most important variables to consider. Each of these aspects will vary depending on the firm and should be weighed and adjusted accordingly.