By GABEY GOH
PETALING JAYA: The law is trying to catch up with the rapid pace of technology, and organisations may be caught out when it does. The observation was made by security firm Trend Micro's global vice-president of mobility, Ron Clarkson.
"There are just more consequences for one's online actions today, like the recently passed Act here in Malaysia," Clarkson said, referring to the Evidence (Amendment) (No 2) Act 2012, which came into effect at the beginning of the month
The amended Act states that a person whose name or pseudonym appears on any publication as the owner, host or administrator or who facilitates the publication or re-publication of any content, is presumed to have published it unless proven otherwise.
In Clarkson's view, the Evidence Act will soon be tested, with the first case highly likely to be centred on social media activities.
But liability concerns will remain for organisations; what if an employee runs afoul of the law using company accounts or digital assets, given the blurring lines between personal and work spaces; perhaps driven by the bring-your-own-device (BYOD) trend?
This trend has recently gained much traction in the enterprise space. "This is something that companies are letting happen, to allow their employees to be more agile and thus more competitive," Clarkson said.
"Because of the macro-economic conditions worldwide, businesses are struggling to find every possible way to be more competitive and are anxious to achieve that," he said.
However, he noted that while organisations seek to understand the legal risk behind such initiatives, there is very little legislation globally that deals specifically with that.
"Organisations are taking on the risk, trying to understand the possible impact but business must and does move on regardless," he said.
It is a situation that is set to change in the next 12 to 24 months, according to him, as more legislation emerges to address these gaps. "Some will succeed, some won't and there will also be key rulings dealing with user privacy that will also occur, be it about BYOD or user data," he said.
The top concern for companies currently revolves around data, the impact of loss and leaks, and the complexity of dealing with personal devices holding company information.
"What many companies are trying to address is the inadvertent loss of data by employees," said Clarkson.
To illustrate, he pointed to Apple's iCloud offering which backs up user data to the cloud, the perfect example of this issue.
It's like this. An employee's iPhone is a personal device but the company, via ActiveSync or similar, has control over the type of data and the sites that can be accessed on it.
"But let's say my colleague sends me an e-mail with an Excel attachment containing customer contact information.
"If I then open that up on my iPhone with Apple Numbers, a copy of it is saved and backed up to iCloud; meaning the data has now gone outside the company network," Clarkson said.
According to him, the end users in a lot of cases are not actively trying to harm themselves or the company, but current technology is such that it easily allows the data to leave the corporate infrastructure and enter the cloud.
Clarkson said that in navigating the unknown territory of BYOD and legislation, it is the companies that embrace and not reject the trend that will fare the best, due to their understanding of the space and employee motivations behind adoption.
"User education on data security and safety remains a critical component to any company's approach because software can't do everything," he said.
To aid companies in assessing the best mobile platforms for their organisation, Trend Micro has released a report rating the security readiness of four major mobile platforms for enterprise environments.
Research In Motion's Blackberry was ranked first, followed by Apple's iOS, Microsoft's Windows Phone and Google's Android.
To read the full report, go to http://bit.ly/HKpDZk.