Bring your own device or BYOD exists practically everywhere, whether your enterprise has a policy for it or not. Any employee with a personal smartphone can and frequently does store some business-related data on it. The ideas behind deliberately encouraging BYOD are often cost reduction (employees fund their devices, rather than looking to the enterprise) and increased flexibility for employees in the way they work.
Laudable as these ideas sound, their real-life application may lead to certain challenges. Disaster recovery is one such challenge, as businesses try to find a solution to ensuring data scattered over personal devices can be recovered if needed.
When control weakens, trust must increase. Trust about data on personal mobile devices must flow both ways. The enterprise trusts the employee to take reasonable precautions about data safeguards.
The employee trusts the enterprise not to bust into the mobile device and wipe out files, or accidentally(?) back up personal data files to corporate servers. However, trust also needs to be backed up by clear information on expectations, usually in the form of a written agreement that both parties must respect.
The agreement may define which types of devices are acceptable within BYOD working, which software is legitimate, and which security precautions are to be observed by the employee.
Scheduled backup operations (preferably one-click or one-tap) may also be laid down, or an agreement for automatic backups to be made whenever the employee’s device is connected in a way that permits this. It probably won’t hurt either to suggest ways of partitioning data and activities on the devices, such as ensuring personal email is stored and managed separately from professional email.
Each organisation managing BYOD will need to find its own balance between control and trust to optimise data safety and recovery in case of disasters, remembering all the time that in certain circumstances disaster recovery failure for just one device could be immensely damaging for a business.