Key steps for establishing bring-your-own-device protocols.
It’s here. You can get in front of it, or you can chase it, but your firm’s lawyers and staff are bringing their own devices to the office— and one way or another they will use them at work. Of course, you can avoid the entire bring-your-own-device issue by supplying devices, thus ensuring absolute control when it comes to your network. But, if you want to avoid the capital expense, here are some ideas for developing a BYOD policy at your firm.
Definition of Terms
At Ward and Smith, we openly embrace BYOD, but leave your laptop at home. You are not going to connect your laptop to our network—go through Citrix as you have done for years. BYOD applies to tablets and smartphones only.
Policy, policy, policy. BYOD doesn’t mean a data free for all. Establish written policies and effectively communicate them to users. Don’t be afraid to use your respective state bar opinions on mobile devices. Users must have a pin code for their devices and auto-lock must be turned on. Because we use Netdocuments, which has a mobile app, there is no need to store documents on the device, and no other client data can be stored on the device, apart from email. We also use Box, giving users more than enough room in the cloud for secure data storage. I suspect with the proliferation of Microsoft Corp.’s Office for tablets this policy might get a little dicey to enforce, but at least the policy exists.
Most important, users must know that in the event of a lost or stolen device the firm has the right to wipe not only managed data, but the entire device. If they are unwilling to agree to those terms, then they can’t be part of BYOD.
Mobile Device Management
You’re going to need an MDM to safeguard data, manage apps, etc. We use Good Technologies, which helps us manage those apps in the Good container. There are a host of other MDM technologies out there with a bit more flexibility, including AirWatch, Aerohive, etc. An MDM has to be able to wipe the device if necessary.
What About Apps?
The big one is email, which can be set up using Exchange or in combination with your MDM. There are a number of PDF markup and annotation apps available, along with the aforementioned document management piece from Netdocuments and, of course, Office 365. A popular app at Ward and Smith is iTimekeep, which some attorneys use at their desktop instead of Webview to enter time. We also use AuthAnvil, which provides a one-time code for users to access our Citrix system using two-factor identification. Big Hand’s app enables our attorneys to dictate via their mobile devices, and our staff can check their pay stubs, time off accumulation, etc., using the ADP app.
BYOD also enables you to start dabbling in your own app creation. An easy one is a firm directory. MDM will come in handy in building your own app store.
Sooner or later your “enterprise” vendors will start to push you into mobility, which is another reason to either have BYOD in place or issue firm mobile devices. I remain convinced that when Microsoft issues the death knell for my Office 2010 my only option will be Office 365. Elite 3E will have a mobile app. And don’t discount the use of Skype via mobile for quick and easy videoconferencing.
Who Gets to Use BYOD?
Attorneys, obviously. Non-attorney BYOD policy needs more consideration. Some management professionals (and, of course everyone in IT!) will need mobility, but I question if most support staff really need firm access on their devices. You can make a case for paralegal use, but remember, as hourly staff work outside the four walls of the firm and beyond normal working hours you need to take a careful look at compensation requirements in your state(s). The overtime could rack up quickly.
Who Supports BYOD?
You do. Don’t think you’re going to send an attorney back to their respective carrier store for troubleshooting. The IT department is the first stop, so you’ll need to develop skill sets for mobile device troubleshooting and app support. Again, policy. You will need to develop a list of supported apps, preferably that are managed via MDM.
Your BYOD policy is an exercise in system security. All the best practices you normally employ for your system merely extend into BYOD, hence the use of device PINS, auto-lockout, approved apps, and the ability to wipe devices. You’ll also need to think about wireless access in your respective offices, because a fair amount of mobile use will occur when your users aren’t mobile. Most wireless access in offices have been a convenience for clients, and are pretty much unprotected. You’ll need to rethink that.
But, is BYOD Productive?
An unqualified yes. Attorneys work more, work elsewhere, and, most important, work the way they want to work. Done right BYOD can be a big win for both the IT department and the firm as a whole. Mobility is a competitive advantage. Small shops (really small) conceivably can run their entire operations with a combination of mobility and SaaS applications, reducing the data center to nothing more that routers and switches. That is your competition. Will we see total mobility in an “enterprise”-size firm? Not, in my opinion, for the foreseeable future. There are still far too many enterprise applications that aren’t ready for mobility or aren’t secure enough for mobility, but that is changing. Get in front of it.
Chris Romano is CIO at Ward and Smith, based in New Bern, N.C.