Migrated from eDJGroupInc.com. Author: Greg Buckles. Published: 2013-11-28 19:00:00Format, images and links may no longer function correctly.
Every boot camp brings me new insight, usage cases and friends. Last week’s ARMA Mobile Discovery boot camp gave me a great new phrase that encapsulated the struggle over BYOD decisions, “Cost or Consequences.” These full day ARMA sessions forced me to re-work the boot camp scope and format, but allowed us to dig deep and get specific with our fictitious stakeholder teams and the real quandaries that participants were able to share. This time I gave roughly twice the time to mobile device polices, management and upstream techniques to minimize mobile ESI even entering the eDiscovery lifecycle. Despite carrying that conversation through lunch, the topic deserves more than a four hour crash course to hammer out the tangled facets of our increasingly mobile workforce. Our representatives from the local government entities played a lively role in discussions and brought home some distinctly different priorities. They conveyed a unique willingness to hold civil employees accountable that I have not encountered in corporate or law firm clients. It was corporate executives who broke the BYOD ice by bringing iPhones and iPads to board meetings.
Because the BYOD invasion started at the top of the corporate food chain, IT seems to assume that they have no recourse or authority to resist new devices, apps and services. We commonly hear IT and legal clients say, “We can’t make our key executive custodians follow the rules, so help us find ways to protect their data.” Compensating for “non-compliance” dramatically raises the cost of defensibility, but most stakeholders find it easier to get funding than to try to hold rogue users accountable. My corporate IT boot camp participants laughed and nodded in agreement as we discussed the BYOD invasion as a fait accompli. In contrast, some of our civil servants strongly disagreed with the ‘BYOD expectation’ that disregards inconvenient policies or rules. This contrasting attitude of accountability gave me a fresh insight into an increasingly defeatist perspective from corporate legal and compliance. I have watched too many inside counsel lose the stakeholder authority to set acceptable legal requirements. The consequences of poor policies and governance are dim and distant threats compared to the wrath of remote users generating vital corporate revenue.
Is eDiscovery doomed to chase after a user driven stampede carrying corporate ESI over the firewall cliff into the Cloud? Possibly. To paraphrase Jeff Goldblum from Jurassic Park, “Tech will find a way.” I don’t believe in designing systems that try to force user behavior. The system should detect illegal, unethical or unsafe behavior, but otherwise should be based on improving the user experience. Shutting the BYOD barn door after the ESI has bolted is not an effective solution. We need mobile management solutions that identify, protect and access corporate ESI on personal mobile devices, cloud services and the next IT evolution. Luckily for consumers, information governance software companies are slowly incorporating eDiscovery and compliance features into their offerings. Mobile content security was a strong theme at this year’s Symantec Vision. Microsoft is carefully adding discovery functionality and API hooks to our core unstructured ESI ecosystems. So while I wish that corporations could just enforce usage policies to reduce eDiscovery cost, I will continue to look for flexible systems that protect user’s from their own technology enthusiasm without impacting their innovation and productivity.
Greg Buckles
Greg Buckles can be reached at Greg@eDJGroupInc for offline comments or questions. His active research topics include mobile device discovery, the discovery impact of the cloud, Microsoft’s 2013 eDiscovery Center and multi-matter discovery. Recent consulting engagements include managing preservation during enterprise migrations, legacy tape eliminations, retention enablement and many more.