FPA Technology Services, Inc.
Username:  Password:  

The Latest Trend - BYOD & MDM

 Permanent link

Now that Managed Services and the Cloud have had a little bit of time to percolate, without many business owners realizing it, another new wave of technology has snuck up on them. While Blackberries were once the defacto standard corporate answer to accessing email remotely, iPhones and Droids were taking over the personal device market. And while this was happening, a subtle but forceful wave has swept over the business environment changing just about everything related to remote access. The iPad came and added some serious inertia to this movement. What is this wave I'm talking about? Well, if you haven't heard - it's called BYOD (Bring Your Own Device). This is the concept of staff bringing in their own personal devices and accessing various pieces of corporate information - email, documents, even remote access right into network resources.

While this concept (remote access) isn't all that new, the capabilities of these new devices along with the concept of actually managing them and controlling them is. While BYOD has its own inherent obstacles to overcome, they can all be wrapped up into the concept of MDM - Mobile Device Management. This is the overarching concept of how the IT department goes about managing these devices - both personal ones as well as company issued. From an IT management perspective, it's becoming one of the most difficult things to control. And we're only at the infant stage of this movement.

I’ve seen estimates that the worldwide cloud opportunity is anywhere between $166 billion and $280 billion in the next few years. Compare this with the estimates of mobility representing between $1 and $2 trillion dollars! This only begins to show what we're talking about here.

Anyway you look at it, without an organized approach, a defined set of policies to implement, and the appropriate tools to do it, Mobile Device Management is just a concept to most. While MDM can be quite a messy undertaking, it's critical to understand its importance. Without the appropriate approach, hours and hours of time could be wasted setting up and managing these devices manually. Without managing and controlling access to these devices, proprietary information could now be accessed from anywhere by anyone. What would the cost be to your company if your competitor got a hold of your client list? What would the cost be if you lost proprietary intellectual property? If you were a CPA firm, could your business continue if your clients knew that all of your tax returns were in some unauthorized person's hands? If you're an investment advisor, what are you doing to ensure you're meeting your fiduciary responsibilities and SEC compliance? If you're in the health care field, what are you doing to ensure these devices are controlling access to information to ensure you're meeting HIPAA compliance?

In the old days, all of these issues could easily (relatively speaking) be controlled within the confines of the computing resources within the four walls of your office. Even with the advent of "The Cloud", these are still relatively controllable issues. Mobile devices (and the different flavors of them all) add to the level of complexity exponentially.

This is where we come in. As a Managed Service Provider we have the systems, processes, and resources already in place to take this on for our clients. Mobile Device Management is just another opportunity for us to help our clients manage and control their information resources as well as their information. This is within our area of expertise and provides a great value proposition to our clients. While this is a new trend now, I believe it's going to be the future of computing - and we're just the right guys to help our clients navigate through these waters. I'd love to hear what you think of this latest "trend".

Are You Really a Trusted Advisor to Your Clients?

 Permanent link

I was once again surprised by the laissez faire attitude I got when I was explaining to a prospect why they needed to improve the security of their network - a cheap personal firewall; everyone had administrator rights; no security policies preventing users from copying data to USB drives – these were just a few of the holes; Needless to say, a CPA firm has all sorts of information about their clients and thinking that "it’s not that big a deal" really surprised me. "We’ve never been hacked before and we’re so small, why would anyone want any of our information?" was the Managing Partner’s response. Like I said, I don’t get it. I went on to describe California’s "Database Security Breach Notification Act" and all that it’s about. Apparently, he had no idea about SB 1386…

Specifically, SB 1386, codified as Civil Code § 1798.82, et seq., requires "any person or business that conducts business in California, and that owns or licenses computerized data that includes personal information, [to] disclose any breach of the security system…to any resident of California whose unencrypted personal information was, or is reasonably believed to have been, acquired by an unauthorized person." The statute imposes specific notification requirements on companies in such circumstances. The statute applies regardless of whether the computerized consumer records are maintained in or outside California.

Basically, this means that if for any reason someone gets to personal information (SSN, credit card info, bank accounts, etc.) about your clients from your network, you need to immediately inform them that this has happened. Literally, it’s a crime to even investigate what happened if you haven’t already told them about it first. Again, I don’t know that people really understand what this all means. Imagine the impact to your position as a trusted advisor if your clients thought you didn’t even do the bare minimum to ensure their private information stayed private! I would think your business would come to a screeching halt, let alone the impact from the cost of litigating this.

I went on and asked some additional questions - Are their tax returns stored in PDF’s encrypted? Or, can anyone get to them? How is the security designed and managed around your document storage? Who has access to what information? Who can copy the files onto a USB drive? Which employees have business email on their personal devices? What would you do with that device and those emails if they left? While his head was swirling, I still wasn’t sure if he really got my point or he thought I was just there trying to scare him into action.

Needless to say, security is more complex than ever before and the ramifications are more far-reaching than most realize. While this law may seem draconian, the reality is the biggest ace in the hole is actually included in it. There you’ll find the words "reasonable effort". To me this means that if you’ve acted in good faith and have done what most in the industry are doing to prevent or reduce your exposure, then you should be covered. This is where Managed Services, Managed Security, and a proactive approach to technology comes in. This is where most companies are moving to and where the mindset for those who haven’t has to change. If you’re not managing your network proactively and aren’t working with a trusted advisor like FPA, then how can your clients look to you as a trusted advisor?

Beyond all that you’re doing for your clients, if you’re not doing all you can to ensure your network’s secure - are you really a trusted advisor to your clients?

About the Author
Craig Pollack
Craig Pollack Blog Profile Image Craig is the Founder & CEO of FPA Technology Services, Inc. Craig provides the strategy and direction for FPA, ensuring its clients, their business owners, and key decision makers leverage technology most effectively to achieve their business objectives. Craig focuses on ensuring that the technologies implemented by clients are "business centric" and key components of their businesses' success, and that this approach is shared by every staff member of FPA.
Twitter LinkedIn


RSS Feed

By Date

Recent Entries