- BYOD policy – the issues
- Leaking everywhere
- Lack of formal policies
- BYOD in backup apps
- BYOD cloud services
- BYOD remote wipe
Bring your own device (BYOD) has become one of the most-discussed phenomena of recent years, as employees and directors alike buy and use their own devices for work.
Increasingly, BYOD policy is being seen as analogous to that governing company cars, for which companies prefer to provide allowances rather than buy and manage them themselves.
This tsunami of BYOD hardware offers challenges from the points of view of backup, security and compliance, as well as cost. Aberdeen Group's research finds that an employee-owned device typically costs the company 33 percent more than a traditional wireless-based one, such as a company laptop.
BYOD hardware generates and stores large volumes of data. It is common for smartphones, using microSD cards, to incorporate 32GB of storage or more. Regardless of who owns it, such devices used for business will contain corporate data, such as contacts, spreadsheets, documents, emails and so on.
They are also highly likely to leak data.
Gartner predicts that by 2017, 40% of enterprise contact information will have leaked into social networks such as Facebook and LinkedIn, and that twice as many employee-owned devices will be compromised by malware than those owned and managed by enterprises.
"They leak information everywhere, especially in iOS where every application has its own data storage and you end up with multiple copies of the same data," said David Willis, Gartner's chief of research for mobility and communications.
Given that mobile devices are more prone to being lost and left in public places, BYOD policy on backup and remote management, including data wiping, are essential.
Regarding backup, Willis believes end users tend to backup their devices using built-in tools such as Dropbox and Skydrive. This means leakage of corporate data onto unsecured networks.
For example, data on Dropbox is unencrypted and appears to have no internal mechanism for stopping employees accessing user data. Stories about the company mining data are widespread. Its terms and conditions say: "You provide us with information, files, and folders that you submit to Dropbox," but nowhere does the company promise not to access it.
Despite the issues employee-owned devices generate, few companies have instituted a formal BYOD policy. Gartner's research finds that only 19% of companies globally have a formal bring-your-own programme for smartphones and just 9% have one for tablets.
Additionally, Gartner finds that only 28% of CIOs believe their mobile security policies would satisfy an auditor – all of which has implications for compliance with data privacy and other legislation.
But to help implement BYOD policy there is a wide range of solutions available with a common set of capabilities. They encompass mobile policy management tools, enterprise file sharing systems, and containerised systems, while some such as Citrix use virtualisation to separate corporate and personal data.
First, let’s look at the BYOD capabilities of mainstream backup products.
Acronis Backup & Recovery Advanced Workstation
The Advanced Workstation option of Acronis' Backup & Recovery Advanced Platform provides image and file backup for laptops. Data is backed up onto a secured area of the hardware for forward transmission when connectivity allows, and the system offers fast recovery using a self-service user interface.
Simpana's Edge Data Protection module offers support for laptops, allowing users to access their protected data using either a web portal or apps for smartphones – Android and iOS – and tablets. It can automatically discover new devices and install backup agents.
ARCServe provides no specific support for mobile devices, although it does include data deduplication, which could reduce the storage demand from BYOD hardware.
This mobile data backup specialist offers continuous backup for mobile devices with data deduplication and connection awareness. It can, for example, check for network latency and adjust packet size to optimise throughput for backup. It supports iOS and Android as well as laptops, and IT can configure particular folders to be backed up as optional or mandatory. Mobile devices can also be deactivated and wiped remotely should they be lost or stolen.
Avamar supports edge devices such as laptops and desktops with deduplication and CPU throttling, working in the background and logging into the backup server as the network becomes available. Recovery is self-service, removing the need to call the helpdesk.
HP Data Protector
HP provides an optional Notebook extension for Data Protector that allows users to back up and recover data while working remotely and offline. It works in the background, backing up files as they change and transferring them to the backup server when connectivity allows.
Windows 7 allows users to configure scheduled backups for files and system images, as well as saving and restoring snapshots using System Restore. There are no mobile device-specific features.
Symantec Backup Exec 2012
Backup Exec offers an option for desktops and laptops which provides continuous, offline and online disk-based protection, managed by corporate backup policies. Users can restore their own files and keep multiple desktops and laptops in sync using a network share. It does not need a dedicated backup server.
IBM Tivoli Storage Manager
TSM does not provide features specifically for mobile devices but offers continuous file protection, with users able to flag areas of their file systems for backup.
Asigra Enterprise Cloud Backup and Recovery
This service offers cloud-based backup and recovery for any device that connects to a corporate network, irrespective of who owns the device. It supports Linux, Windows, Mac OS, iOS and Android, and provides incremental backups, data deduplication, encryption and compression. Recovery is self-service.
Carbonite for Business
Also cloud-based, Carbonite is aimed at smaller organisations and offers a continuous backup service, priced by backup volume for an unlimited number of desktop or laptop clients. Users can access and download backed up files using iOS or Android devices. A Carbonite for Home account also allows users to backup photos and videos from smartphones.
IBM Laptop and Desktop Recovery
This service backs up laptops in the background to an IBM recovery centre at intervals determined by company policy. Users can recall data over a virtual private network (VPN) with no need to involve the company helpdesk.
The two major operating systems for phones and tablets, iOS and Android, both include remote wipe facilities. Android-based tablets and phones can be remotely wiped via Google Sync, as long as the device has Google Apps Device Policy installed. It may not however remove all data on external storage, such as an SD card.
Apple's Find My iPhone service remotely erases settings and personal information such as contacts and email.
Lost laptops will need external applications to effect remote wipe. Many applications are available to track and remotely encrypt them but not to wipe data.
As noted above, Druva inSync will wipe remotely, while open source application Prey offers remote wipe and runs on all major platforms including iOS and Android. It allows you to capture an image of the remote user via the device's camera, connects to a local Wi-Fi hotspot if no internet connection is found, and offers corporate licence options.
Absolute Software offers LoJack, which can remotely locate, lock and selectively delete a laptop's data.