Organisations implementing bring-your-own-device (BYOD) initiatives often forget to consider if their software licence agreements are broad enough to cover devices under their programs, according to a technology lawyer.
Speaking at the CIO Summit in Melbourne on Tuesday, Arvind Dixit, senior associate at Corrs Chambers Westgarth, claimed this is one of the most "common pitfalls" when implementing BYOD programs.
Some companies are also failing to determine if their employees have sufficient rights to use applications on their personal devices for commercial purposes.
"You need to review your licensing arrangements to ensure that the use of BYOD technologies is not going to breach the licensing arrangements that you have in place with third parties," Dixit told attendees.
"Obviously the aim here is trying to avoid exceeding the scope of your existing licenses so that you don't get hit with a large bill down the track."
Dixit said that organisations must determine if existing agreements allow for use of the software on devices that aren't owned by the company.
"This might impact on which applications you decide to make available as part of your BYOD program," he said. "Economically, it might make sense to make your email applications available but not your document management or customer relationship management systems as a result of licensing restrictions."
IT departments also need to consider the nature of the license for the BYOD software that is running the program inside their organisations, he said.
"Is it [the software] limited to one device for user or can a single user have multiple devices?" he asked.
"The latter is preferable so I can keep my phone, laptop and iPad [connected] to the [network]. But that's not always the base position because it makes it difficult for vendors to manage security threats."
Risk of copyright infringement
Dixit warned that if employees don't have the right to use software on their personal devices for work purposes, their employer could be exposed to potential copyright infringement claims by allowing staff to use software without the appropriate licences.
"The way to minimise this risk is to make sure that your [BYOD] policy doesn't permit employees to use software that they have purchased or downloaded for personal use for the purpose of performing work for your organisation."
Mitigating security and support risks
According to Dixit, employees will work out way to circumvent security measures around BYOD programs regardless of whether their employer has a formal BYOD program in place.
"This inherently exposes your organisation to a risk profile without you even knowing it," he said. "[BYOD] policies give you the tools you need to take appropriate steps if issues arise around data security and loss."
Sign up for CIO Asia eNewsletters.