Risks of Extending Document Management to Mobile

By Dan Surowiec, Global Director-Technology, Baker & McKenzie

Dan Surowiec, Global Director-Technology, Baker & McKenzie

So it turns out, it isn't just the phone that needs to be smart. To say that mobile devices can cause security breaches is somewhat unfair. It's a bit like saying a car can cause a traffic accident.

In either case, when an event occurs, it is usually because somebody did, or didn't do, something that was required of them to prevent the event. Whether that was failing to stop at a stop sign, or failing to put a passcode on a smart phone, most events result from some shortcoming in the human interaction with technology, not solely the technology itself.

"Extending the document management system to mobile devices presents a set of risks that any businesses must weigh up"

In other words—don’t just blame the tools.

You need only glance up from your smart phone on your walk to the office to see everyone else, well, glancing down at their smartphone. Today's workforce is a mobile one. We want and often need access to critical information wherever, whenever, or however, we are working.

Of course we need to be careful.

Extending the document management system to mobile devices presents a set of risks that any businesses must weigh up. An organization must balance and in some cases off-set those risks against the potential benefits gained, available compensating controls, and the organization's risk tolerance.

By applying risk management processes and the appropriate controls, companies can arm their workforce with mobile tools that enable productivity anywhere and manage risk to an acceptable level. In analysing the risks, companies must identify what can and cannot be done with their data, and set policies to enforce these behaviors.

And of course then there are technical solutions, such as mobile device management (MDM) platforms which can then be implemented to enforce the firm's policies, such as requiring encryption and application sandboxing, which minimize the risk of a breach when an event does occur. The technology is available, it is relatively straightforward and, most important of all - it works.

When a person is learning to drive, we don't simply hand them the keys to the shiny new car and say "good luck." More challenging, but much more effective at preventing a data breach, is preventing worrisome events from occurring in the first place. Appropriate training and awareness are the tools to effectively manage the human element of risk.

Similarly, companies must invest in training for the employees 'driving' this new technology to ensure they are best equipped to prevent an 'accident,' and knowledgeable about what to do should one unfortunately occur. A trained user population operating with technical safeguards in place creates an environment where companies can safely extend data to mobile devices while effectively managing against the risk of a data breach. That way, we can sit more comfortably in the driver seat and, securely, perhaps even take in the view.