Summer is nearly here and, as much as we don’t like to admit it, many of us will be taking our mobile devices away with us. For a lot of people, resisting the temptation to check work emails when away from the office is very difficult. Maybe something needs your approval before going live, or maybe you need to finish that project you started before you left...
Whatever the reason, this can prove to be a nightmare for IT workers. Valuable, sensitive data is flying around on networks all over the world, and the devices used to access that data are also spread across the world. Keeping things secure is obviously really important, but what’s the best way to go about that?
As I mentioned above, it is the data that is important. Devices aren’t really important, in the grand scheme of things. They can be replaced and if the data and apps are properly secured there is no real danger if a device is lost or stolen.
And that, I think, is the key. Concentrating on the applications rather than the devices themselves means the data will always be protected - if the device is lost or stolen then the data can be wiped remotely, or at the very least the device can be locked, rendering it (and of course the data on it) useless.
For IT it is important to ensure that data held on (and accessed by) mobile devices is treated in exactly the same way as data accessed by workers at their desks. Mobile - whether devices are business- or employee-owned - should essentially just be an extension of existing data protection policies.
That means controlling who can access certain data, and where they can access it from in terms of location and device. The ability to create granular access control policies covering both individuals and groups means your workers will only be able to access what they need, keeping your sensitive data more secure.
Those workers who may be using their own device can also ensure that the business and personal identities on their devices are kept completely separate. This benefits both parties: IT can manage data, apps, policies, permissions etc as if it was its own device, and the user knows that they can use the personal identity in any way they wish, with no chance of cross-contamination with the business side.
It is really important to not get overawed by the security challenge that BYOD presents. Try to start by getting an understanding of what data and applications your workers will need to access and how they are likely to be doing it. That will help when it comes to building the right solutions for your business. Also, consider educating your users so they are aware of the risks and know how they should approach accessing sensitive corporate data on their mobile device.
The summer can be a worrying time for businesses, with more workers than normal accessing sensitive data from mobile devices outside the company’s network. But approaching off-premise security in the same way as on-premise means your data is as secure as you make it.