company resources other than through the VDI solution.

               Users need to understand the benefits, restrictions, and consequences
               of using their own devices at work. Reading and signing off on the

               BYOD, COPE, CYOD, etc., policy along with attending an overview or
               training program may be sufficient to accomplish reasonable
               awareness.


               Data Ownership

               When a personal device is used for business tasks, commingling of
               personal data and business data is likely to occur. Some devices can
               support storage segmentation, but not all devices can provide data-

               type isolation. Establishing data ownership can be complicated. For
               example, if a device is lost or stolen, the company may wish to trigger a
               remote wipe, clearing the device of all valuable information. However,
               the employee will often be resistant to this, especially if there is any
               hope that the device will be found or returned. A wipe may remove all
               business and personal data, which may be a significant loss to the

               individual—especially if the device is recovered, because then the wipe
               would seem to have been an overreaction. Clear policies about data
               ownership should be established. Some MDM solutions can provide
               data isolation/segmentation and support business data sanitization
               without affecting personal data.

               The mobile device policy regarding data ownership should address
               backups for mobile devices. Business data and personal data should be

               protected by a backup solution—either a single solution for all data on
               the device or separate solutions for each type or class of data. This
               reduces the risk of data loss in the event of a remote-wipe event as well
               as device failure or damage.


               Support Ownership

               When an employee’s mobile device experiences a failure, a fault, or
               damage, who is responsible for the device’s repair, replacement, or

               technical support? The mobile device policy should define what
               support will be provided by the company and what support is left to
               the individual and, if relevant, their service provider.