Skip to main content

The Globe and Mail

Risks of using your phone or iPad for work

Looking for new apps for your qfancy new iPhone 4S (or any other iOS device). These apps help manage to-do lists, scan barcodes, create music playlists, identify songs and track flights with handy apps that don’t come pre-loaded

Justin Sullivan/Getty Images

Can you bring (and use) your iPad or iPhone at work? Some companies are embracing the bring-your-own-device (BYOD) trend. But doing so brings risk. What if a device gets lost or stolen?

Some companies, including Toronto-based Hill & Knowlton Strategies Canada, allow employees to use their own devices but keep a close eye on mobile security. Its IT department sets the devices up so there is a degree of control.

"The number of Canadians who are mobile in their work in some capacity is huge, and it's growing," says Krista Napier, Toronto-based senior analyst and tracker team lead, mobile devices, with market intelligence firm IDC Canada.

Story continues below advertisement

IDC surveys show that two thirds of Canadian workers fit this description – a number expected to reach three quarters by 2015.

Ms. Napier joined us earlier to talk about the subject.


Dave Michaels, The Globe and Mail:

Hi everyone. We'll begin in just a moment. Please submit your questions in the box below.


Dave Michaels:

Story continues below advertisement

We are expecting Krista to join us in just a minute.


Comment From Krista Napier

Happy to be here. Looking forward to answering your questions!


Comment From Bob

Story continues below advertisement

Are you using your iPhone or iPad for this online meeting?


Comment From Krista Napier

Great first question! I do have my iPad beside me, with some of my research and articles on there for reference during this call.


Dave Michaels:

Here's a question from JJ.


Comment From JJ

Using an app-centric data security system, isn't it pretty easy to protect corporate info while being non-intrusive to the UX?


Krista Napier:

Corporate info can be protected while not compromising the user experience. That is correct. There are more solutions coming out now that will allow for that security, while distinguishing between "business" apps and "personal" ones. Personal apps could be kept in a personal perimeter, while business ones in the corporate perimeter.


Krista Napier:

One example would be BlackBerry Mobile Fusion, which will allow for that type of division.


Dave Michaels:

Krista, can you give us an idea of to what extent personal phones and tablets are being used in the workplace?


Krista Napier:

The trend toward BYOD (bring your own device) is still early but growing. In one survey we did at IDC with Canadian businesses last year, we found that around 28% of respondents were supporting BYOD for media tablets in their company, and 42% were supporting BYOD for smartphones.


Krista Napier:

It is interesting to note that in that survey, when we asked businesses if they plan to support BYOD for media tablets and smartphones in the next 12 months, more of them stated they were planning to support media tablets. So while people having been bringing their phones to work for a while now it's media tablets that are really helping to drive this trend forward.


Comment From Dave Smyth

As employees become more tech-savvy, they are less likely to accept one-sided policies that force them to relinquish control of their own personal device for heavy handed solutions like mobile device management. What do you think the future holds for more elegant solutions?


Krista Napier:

That is a good point. We have asked Canadian consumers in past surveys if they have concerns about brining their devices into the work place...almost 70% of respondents said there were not concerned. However, we also find that today, it's early days in terms of how businesses are managing these devices. Many companies are still using just a policy and user passwords. So more will need to be done to ensure the security of the devices, without impeding the value they deliver.


Comment From BD

An employer controlling aspects of a personal device sounds like a slippery slope. Are there legal implications? Sample scenario: If an organization integrates a personal Blackberry to a work BES server, and then applies work policies, monitoring, even the potential to reset the device...


Comment From Randy

Bottom line...if you are an Iphone or Ipad isn't secure on a corporate network without a product like RIMs BlackBerry Mobile Fusion.


Krista Napier:

That is where creating some balance between corporate and personal is important. You are right to say that if an employer is controlling all aspects of a personal device, that probably won't fly with the employee. But you need to exercise security measures as a company to control the "work" content and activities taking place on the device.


Comment From N&L

Krista, can you provide information on the percentage of companies currently investing in Mobile Device Management (third party provided) so that their IT departments have some control?


Krista Napier:

Sure. Last year, IDC Canada did a study on MDM adoption and plans among Canadian businesses. I can share some of those results.


Krista Napier:

Basic security like password policy and enforcement is the most deployed MDM feature. On average, over 60% of companies are doing this basic security. The percentage is higher for large businesses.


Krista Napier:

Where there is opportunity is for advanced MDM security, especially among small businesses.


Comment From Wayne Brooks

Seems to me that CoIT is really leveraged by using in-house apps. What is the best way to deploy corporate mobile apps in your opinion?


Krista Napier:

I think a lot of companies are still trying to figure out what apps they even need, and whether they already exist or if they need to have them built. However, once they figure out what they need, I think one approach will be for companies to use enterprise app stores, that will have "approved" apps in them for employees. These apps can include productivity apps for work as well as other approved apps, like games.


Comment From Jon L

Disagree with Randy. It's important to secure the corporate data, not lock down the entire device.


Comment From Brad

Is the BYOD trend going to eventually eliminate various corporate devices (eg, the corporate smartphones)? if so, how would a company force their controls on an employee's personal device?


Krista Napier:

Different companies will take different approaches to BYOD. For now, I don't think it will eliminate corporate owned devices, because there are some industries that are very concered about security and customer privacy, and hence, will still use corporate devices in some cases. Others may provide an "allownce" for employees and managers to buy devices, so the cost is shared, and in the opposite extreme case, employees will buy the devices themselves, which would in that case decrease corporate owned devices.


Comment From Randy

Reading along, one thing becomes VERY clear....there is a HUGE difference between the person who signs the front of the paycheque and the one who signs the back. Do you really think you can dictate or "negotiate" what employers will and won't allow on their network infrastructure?


Comment From

A thin client access solution may be the most elegant solution. If it could be configured to prevent users from saving locally, there would be no need for a remote wipe.


Krista Napier:

That is a good point. One of the big concerns is that employees will save content on their media tablets or other devices and walk out of the office with it, creating a liability. So a thin client solution can help provide a preventative solution to that versus a reactive remote wipe.


Comment From Patrick

What is the one thing that can or should be done to assess the risk and determine what level of security is needed or required when employees bring their own devices?


Krista Napier:

It will depend on the business, and the industry, but thinking through a policy is a good first step. Taking inventory of what your employees are using and what corporate owned devices are being used is important to understand what you are working with. That may seem simple in a small company but is more complex in a large one. Then, there are many companies offering services around this now who can help with strategies and solutions to get you started. The big carriers in Canada are now offering solutions around this, as are other large and small service providers, and vendors like RIM.


Comment From Randal

At some point, organizations need to evaluate the liability that goes along with the overtime, out of office work hours that they are implicitly encouraging employees to incur. @ Randy, I'm currently rolling IBM traveller, which also encrypts and can lock down devices including iPhones and iPads, amongst others, so the Blackberry server is not the only solution.


Dave Michaels:

Krista, thanks very much for taking time out of your day for us. We do appreciate it.


Krista Napier:

No problem. Thank you for the great discussion today.

Report an error Editorial code of conduct Licensing Options
As of December 20, 2017, we have temporarily removed commenting from our articles. We hope to have this resolved by the end of January 2018. Thank you for your patience. If you are looking to give feedback on our new site, please send it along to If you want to write a letter to the editor, please forward to