Going Mobile: Device Management Policies and Mobile Device Management (MDM) Solutions

In our last post, we discussed the current landscape of mobile device discovery, including how ubiquitous mobile devices are in our everyday lives and the trend that  discovery of mobile devices has become more common in litigation cases.

When it comes to discovery of mobile devices, organizations today must consider being proactive regarding how mobile devices of their employees and contractors are managed and what rights they have regarding the storage and use of company information on those devices. In this post, we will discuss device management policies and the considerations for each policy, as well as industry recommended principles for devices that are fully owned by employees and contractors.

Mobile Device Management Policies

Many believe that workplace mobile device policies boil down to just two options: company-issued or personally owned devices. However, there are four options that range from organizational control to total employee freedom and flexibility.  The options from the most controlled plan to the most flexible include:

• Company Owned, Business Only (COBO): Organization provides the device, and their policy only permits its use for business purposes.
• Company Owned, Personally Enabled (COPE): Organization provides the device and enforces security on it, giving employees and contractors no say in the device choice. But employees can use the device for personal use as well.
• Choose Your Own Device (CYOD): Employees and contractors can choose among devices approved by the organization, for which IT will have the rights and access to enforce certain security policies on the device.
• Bring Your Own Device (BYOD): As the term implies, employees and contractors have the freedom to choose their own device and the level of control by the organization is often minimal at best.

Many organizations use a combination of these policies to meet diverse needs and preferences. Not surprisingly, BYOD policies are most favored by employees and contractors as they offer the greatest freedom and flexibility. Organizations also favor BYOD policies because they enhance employee mobility and satisfaction and help cut costs. That’s why 84% of organizations have a BYOD policy.

However, barely more than half (51%) of respondents said their organizations  have a security policy for BYOD. So, it’s not surprising that as many as 60% of BYOD companies face serious security risks. Without a formal BYOD policy, organizations often struggle to manage data from these devices for discovery or compliance purposes. Establishing a formal BYOD policy is essential to set clear expectations for device users and safeguard the organization’s interests.

When it comes to best practices for BYOD policies, The Sedona Conference^® has published a terrific Commentary on BYOD: Principles and Guidance for Developing Policies and Meeting Discovery Obligations. The Commentary (available here) is primarily focused on five principles for BYOD policies and discovery of BYOD devices. The first two principles concentrate on whether an organization should permit or mandate BYOD devices and the methods to develop and implement a BYOD program. The final three principles address discovery obligations related to BYOD devices.

The Benefits of Mobile Device Management (MDM)

Mobile device management (MDM) is a security solution used by IT departments to monitor, manage, and secure employees’ mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization. The goal of MDM is to optimize the functionality and security of a mobile communications network while minimizing cost and downtime.

MDM can be applied to any type of organization’s mobile device policy, not just to BYOD policies. Regardless of your organization’s policy (or policies), MDM offers several general benefits for organizations, helping to streamline device management, enhance security, and improve operational efficiency. Here are some key advantages:

• Enhanced Security: MDM provides robust security features such as the ability to enforce password policies, encrypt data, and remotely wipe devices that are lost or stolen. This helps to protect sensitive company information and reduces the risk of data breaches.
• Improved Compliance: Many industries are subject to strict regulatory requirements regarding data security and privacy. MDM helps organizations comply with regulations such as GDPR, HIPAA, and others by enforcing compliance policies directly on mobile devices.
• Centralized Management: MDM solutions allow IT administrators to manage all corporate and employee-owned devices from a centralized platform. This includes deploying software, managing app updates, and configuring settings across a wide range of devices and operating systems. That also streamlines the deployment and maintenance of devices, which reduces IT and operational costs.
• Better Data Management: Organizations can control how data is accessed and shared through MDM policies, which can include secure document sharing and automatic backup solutions, ensuring that data is protected and easily retrievable.

Having an MDM program also provides several benefits for eDiscovery from mobile devices, including:

• Facilitates Data Preservation and Collection: MDM enables organizations to centrally manage and monitor all mobile devices that contain potentially relevant data. This level of centralized control is key for the preservation and collection of data in response to legal inquiries. MDM systems can ensure that data on mobile devices is not deleted, altered, or tampered with once a legal hold is in place, reducing risks of data spoliation.
• Comprehensive Device Auditing: MDM tools can track and record detailed logs of device activity, including document access, app usage, and communications. This comprehensive auditing capability helps organizations determine which devices are potentially discoverable in the case.
• Remote Data Access: MDM solutions facilitate remote access to data stored on mobile devices, allowing for the extraction of necessary information without the need for physical access to the device. This helps address one of the biggest objections to mobile device discovery – forcing the custodian to give up their device during the collection.
• Data Segmentation: In environments where employees use devices for both personal and professional purposes (as in BYOD policies), MDM can segment and isolate corporate data from personal data. This separation is important during eDiscovery to ensure that only relevant, work-related data is collected, protecting employee privacy and complying with legal standards.

With all these benefits, it’s not surprising that adoption of MDM within organizations is rising significantly. One market analysis expects the MDM market to rise from $6.9 billion in 2024 to $22 billion in 2029 – a compound annual growth rate (CAGR) of 26.1%!

Conclusion

Regardless of what types of devices your employees and contractors use and who provides them, an effective mobile device management policy has become a “must have” for organizations today. Support of those policies with an MDM solution is equally important – especially when it comes to discovery of the mobile devices used by the employees and contractors in your cases.

Next time, we’ll discuss the types of data that is frequently discoverable on mobile devices – it’s a lot more than just text messages!

If you missed the first blog in our series, you can catch up here to explore how discovery of data from mobile devices has become more important, while also one of the most challenging forms of ESI to preserve and collect.

For more regarding Cimplifi forensics & collections capabilities, click here.