Over the past few years, Bring Your Own Device (BYOD) has entrenched itself in many large companies’ IT policies and become a part of their organisational culture. CIOs acknowledge that BYOD has enabled the workforce to become more mobile, productive and efficient, yet they also have nagging concerns about information security.
They worry about devices with important corporate data getting lost or stolen. Information threats are also multiplying, with nasty new forms of malware such as ransomware, adding to the well-known dangers of Trojans, viruses, phishing attacks and so on. With data privacy laws and regulations such as the Protection of Personal Information Act (POPI) prescribing tough standards for data protection, CIOs know that they cannot take any chances.
Yet any attempt to rollback BYOD and dictate what devices users should use at work would harm the business’s productivity and incite rebellion in the workforce. Introducing ever-tighter restrictions and policies would have the same effect, and perhaps even give users incentive to manage their own IT needs outside the watch of the IT department.
The appropriate response for IT is to recognise the risks of BYOD and address them with solutions that are as unobtrusive to the end-user as possible. Mobile device management (MDM) closes some of the security gaps, but it’s not enough on its own to keep all the organisation’s data safe.
Organisations should be looking at how they can use cloud-based data protection solutions to ensure security of corporate data on personal devices. In particular, they must consider backup solutions that protect data on endpoints, including smartphones and tablets. They also need a data loss prevention (DLP) strategy, including encryption and remote wipe capabilities.
Some features to look for in an ideal platform include:
Anytime, anywhere, any device data access: So that users aren’t tempted to use personal Dropbox or OneDrive accounts to store files and data while working from home or the road, the solution should give them instant access to their data from all devices. A user should be able to create a document on his corporate-issued laptop and then edit it from his personal smartphone, with all data is constantly in sync and protected.
Easy classification of corporate and personal data: A complete platform will allow organisations to separate users’ corporate and personal data, so that they can backup and remotely wipe only corporate data. This ensures that corporate assets are protected while giving users the privacy they desire.
DLP with remote wipe: So that lost or stolen personal devices don’t become a source of worry for the business, the platform should allow remote removal of corporate data. It should eliminate the potential of data breach and leakage by monitoring the location of employee-owned devices and allowing data to be wiped from those that are lost or stolen.
Strong encryption: Only the organisation should have access to the encryption key so that no one else can access it.
Backup policy configuration: It should be simple to automate backups in a way that is seamless to the end user. The solution should have granular device-based controls for backup schedules, data types, preserved system settings, user access and privacy rules.
Such a solution means IT always knows who is accessing corporate data, which devices they are using, and where they are located. All corporate data created or modified on personal devices is backed up and accessible on the central server. This balances the productivity gains from BOYD while eliminating the possibility of data loss or breach.
By Kathryn Tindale, Director of sales, Tarsus On Demand