BYOD Concerns: Data Protection and the Controls Imposed

A high percentage (about 58 percent) of business owners and IT decision-makers are still “very concerned” about BYOD adoption and the need to store corporate information on employees’ personal mobile devices. According to IT research and advisory company Gartner (News - Alert), BYOD is here to stay, with roughly 78 percent of organizations now allowing employee-owned mobile devices in the business environment. Gartner’s research finds that BYOD can be a disruptive phenomenon without proper accountability or oversight for the security of both a corporate network and its data. This is confirmed by Global Corporation IT Security Risks 2013, which gives a unique analysis of IT security concerns and trends regarding BYOD usage and threat literacy.

Despite the concerns, enterprise mobility is, and continues to be, one of CIOs’ top initiatives within their organizations. Yet by leveraging mobility to drive higher levels of productivity and efficiency among operatives, it will need a proper recognition of the risks associated with bring-your-own devices, such as to protect devices and the information/data/apps now installed on them, writes Paul Steiner, GM of EMEA at Accellion.

Last week, Steiner presented an editorial piece on the SC Magazine UK website, titled “BYOD: Protect the device, or the data?” that conveyed three key security concerns that companies should consider when supporting a BYOD program. In his post, he suggests that “the BOYD focus should be on securing data wherever, rather than being preoccupied with specific devices.”

The three key operational challenges and concerns:

If data is at rest in a device not properly used or stored, sensitive corporate information can be placed at a higher risk of a breach. The device and/or the data must be secured, safeguarded and protected from prying eyes. This is also true for public cloud storage, which many companies choose to use for mobile access. Steiner suggests that private cloud architecture offers an apt solution, one where data is only synced when an employee chooses to sync.

If left unmanaged, BYOD can lead to loss of control. Steiner recommends using access strategies and policies to secure the BYOD environment. Such an approach can ensure that only authorized employees, no matter the device, are accessing data from the network with a protected system.

Steps taken to address BYOD protection of the data or device, such as applying a security password combined with multifactor authentication, for instance, can “[reduce] the risk of data loss, no matter how many devices are accessing the network,” reports Steiner.

According to Steiner, 65 percent of companies that have adopted BYOD believe that it represents a threat to the security of their business, and possible reasons for data loss are of real concern. Steiner stresses that unmanaged devices can indeed impact network availability, and cause data loss and/or leakage. He explains the key to a secure BYOD-enabled enterprise is having well-managed content.

To effectively embrace BYOD, IT administrators need to properly manage the devices connected to the enterprise network and limit the execution of applications that can be run outside the company. By implementing basic IT security measures, like configuring both corporate and BYOD settings in ways that comply with the enterprise policy, and mandating device passwords or key locks on personal devices, can all serve to protect organizations from security breaches.

According to a "Mobile Workforce Adoption Trends" report from research firm Forrester (News - Alert), a number of "anytime, anywhere workers" – those working from multiple locations and using native apps on personal-owned tablets, laptops and smartphones – are already placing a great effort in separating personal and company information in an attempt to protect company data.

What’s clear is the importance of mobile device management (MDM) in today’s companies’ IT setup. It is strongly suggested that MDM be adopted as a means for data control, which is central to their security, to face the many threats to the safety of stored or exchanged information. Monitoring is also key to ensuring those devices accessing company data have access controls in place.