“In my experience employee training has been one of the business drivers that introduces tablets into some organizations. Employees have indicated an interest in using tablets to review training materials and many training managers have responded well to the feedback. Typically an initial pilot program will use company owned and managed devices, temporarily loaned to employees for the purposes of training. It is not unusual for the training managers to find that the response is overwhelmingly positive and user demand quickly outstrips the capacity provided by the initially purchased company owned devices. That often leads to a discussion about BYOD. One could say for many organizations, training is the application that gets the camel’s nose into the tent when it comes to BYOD.
For many industries, the material contained in training material may be extremely sensitive. Consider the training material addressing security and IT risk management for a company in the financial services sector. The material may reveal the current threats that are of the most interest at the present time. It may reveal how the company responds, specific email addresses, roles, responsibilities, and phone numbers. All of this might be useful information for an attacker launching a spear phising attack. For other industry segments, training materials may reveal valuable intellectual property.
In such situations, the organization should determine what level of protections are necessary what will be the implementation strategy.
Some organization may decide to avoid BYOD device management, and instead concentrate on managing access to corporate content. This may work by avoiding storage of the training material on the device. However, with this approach employees might need WiFi access during the review of training materials.
The other strategy gaining the most attention in the circles of regulated industries is the use of granular device management, and containerization. By using containerization, data can be stored on the device, but the employees will be prevented from transferring the content to other parties or services. This scenario is highly desirable if there is need for the employees to be able to review the training material while offline.
In order to make an informed decision about BYOD decision makers need to understand the nature of the information and how it relates to corporate data classification and data handling policies. They also need to make decisions about usage patterns. Then they can work through the issues of specific device management strategies and review the options available.”