That data recovery threat has gone mobile

A closer look at the opportunity in consumerisation and mobile tech, by Robert Winter

BYOD is now well under way and corporations are looking for ways to embrace consumer devices in their overall IT strategy. There is a clear opportunity for the channel to develop services to help their clients throughout their BYOD journey, so it is vital to understand the risks involved and the importance of a clear user policy.

One of the biggest risks when allowing employees to use their mobile devices to access and process corporate data is that phones and tablets are generally replaced or upgraded more regularly than PCs, which are normally subject to strict disposal policies.

Many users choose to cash in on their high-value smartphones by recycling them. In the UK alone, the recycled mobile phone business was estimated to grow 20 per cent to 18 million units by the end of 2012.

Many sellers could be unintentionally giving away highly sensitive data along with their outmoded phone. Personal emails and photos are not the only information at risk – corporate data is also extremely vulnerable to theft.

Perhaps 10 per cent of employees in Britain now carry work data on their personal device – a device that could easily be sold on eBay for some extra cash to purchase an upgrade in a few months' time.

It is not just recycling that poses a threat to corporates with a BYOD policy. Phones can get lost, damaged and forgotten about when it comes to thinking about backup. Data on mobiles is normally a mixture of personal and corporate information, and when employees leave the company that data goes with them.

Unfortunately, clicking a delete button or removing a SIM card before recycling their handsets does not safeguard the information saved on the phone, leaving personal information easily accessible by the next owner. Erasing data requires a bit more work.

Retrieving information is easy for IT professionals, and it is not only possible to recover files that are deleted but also to retrieve data from damaged handsets or from formatted or corrupt volumes – even from initialised disks.

Smartphones have different settings, depending on the model, so consumers need to follow the specific steps in the appropriate phone manual if they are to erase their data records successfully.

How should resellers advise their corporate clients?

IT support requires careful consideration. If problems arise when accessing data or programmes necessary for work, employees using private devices turn to the company IT department for support. This means IT experts can be suddenly confronted with a variety of devices and software versions with which they were not previously expected to be familiar.

It makes sense to restrict the range of devices permitted when it comes to BYOD. Maintenance and service issues also need to be clearly defined, even though employees are usually more careful with their own devices than they might be with company phones or tablets.

The smaller the company and the more recent the introduction of BYOD, the more likely it is that issues will arise that have not been clarified sufficiently in advance. In this case, all those concerned – management, IT and employees – need to work together to set up the best possible procedures, and this is where a savvy IT partner can help.

For larger companies, HR and legal departments should be involved at the outset of BYOD adoption to raise the important considerations and define guidelines that cover the aspects mentioned above, allocating responsibility for each procedure.

Employees should study these guidelines thoroughly before agreeing to them, and company management should offer regular training on the topic, so staff comply with the policy and are not caught out unexpectedly by standard operating procedure.

Before rushing into a BYOD scheme, employees and management must prepare for the risks associated with bringing personal devices to work. A well-conceived policy would include preparedness: disaster recovery planning that incorporates a relationship with a reputable data recovery provider in case the worst happens.

This is a win-win situation for everyone involved, leading to cost savings, employee satisfaction and business growth.

IT channel partners can play an important role in advising clients on how to develop and maintain a BYOD policy, including software solutions and recommendations for third-party data recovery services.

When selecting a data recovery service provider for the mobile environment, it helps to ask how long the provider has been in the mobile device data recovery business, what specific expertise on mobile device recovery the engineers possess, and if the provider maintains a dedicated research and development team that refreshes skills when necessary.

Can they deal with a wide range of mobile devices?

The BYOD genie is now well and truly out of the bottle. From now on BYOD must be managed carefully, rather than resisted. Channel partners must be ready to provide services and consultancy to help their clients manage the new data storage environment.

Robert Winter is chief engineer at Kroll Ontrack