The Bring your own device conundrum for organizations and investigators: An examination of the policy and legal concerns in light of investigatory challenges
In recent years, with the expansion of technology and the desire to downsize costs within the corporate culture, the technology trend has steered towards the integration of personally owned mobile devices (i.e. smartphones) within the corporate and enterprise environment. The movement, known as “Bring Your Own Device” (hereinafter referred to as “BYOD”), seeks to minimize or eliminate the need for two separate and distinct mobile devices for one employee. While taken at face value this trend seems favorable, the corporate policy and legal implications of the implementation of BYOD are further complicated by significant investigatory issues that far outweigh the potential benefits of integrating a BYOD policy. In this paper we first set a context for the BYOD conundrum, then examine associated corporate policies, highlight the limitations to the digital investigator’s reach regarding digital evidence and review the investigatory challenges presented to the involved parties (such as the forensic examiner) from a BYOD environment. We conclude by offering recommendations such as implementing finely crafted policies and procedures (such as incident response), utilizing Mobile Device Management and other software, corporate owned devices, and enforcing signed agreements
