Why Is It Challenging To Secure Data In A BYOD Era?
The “bring your own device” (BYOD) movement brings with it numerous challenges for organizations from all industries to tackle. Employees routinely bring their own iPhones, iPads, Blackberry and other mobile devices to work or access servers remotely on their notebooks and personal computers at home. While convenient, this practice makes enterprise data vulnerable to loss or theft. Not only is data loss a real concern, some industries, such as the healthcare industry, must comply with specific regulations and security rules – and these rules extend to data stored on mobile devices. Data encryption, including Windows and Mac encryption, can protect data residing on BYOD devices – but it’s still a challenge.
Also Read : Non-Financial Data That You Should Secure
Why Windows and Mac Encryption?
Data encryption is used to make data unreadable to unauthorized users. While corporate networks have extensive data controls in place, these controls don’t necessarily extend across mobile devices, which are often lost or stolen. A lost or stolen laptop with an encrypted hard drive isn’t going to reveal its corporate secrets, thus reducing the potential impact of loss or theft. However, in order to encrypt all BYODs, the IT department needs both a policy and access to these devices. This brings its own challenges.
Security Policies are Hard to Enforce and Met with Resistance
A study conducted by Fortinet in the year 2012 found that almost three quarters of its respondents (mostly in their 20s) regularly bring their own devices to work. 55 percent view BYOD as a “right” rather than a privilege. 30 percent admitted that they have or would contravene policies banning the use of unapproved applications on their mobile devices. Remember, these are employees’ personal phones or tablets.
Another survey conducted by Aruba Networks, found that BYOD employees overwhelmingly distrust IT departments with 66 percent of American respondents concerned about handing over and potentially losing their personal data to their employers. Concerns include allowing access to their personal data as well as potential interference with it when handing over their devices to the IT department. This same survey found that many employees (17 percent in America) do not tell their employers that they use their personal devices for work. Even with a bulletproof BYOD mobile data security policy and data encryption plan in place, a shadow inventory of personal devices could be left unsecured.?
While employees may resist being told how to secure their personal devices or what applications they can or cannot use, if these devices access and/or store corporate data, they must be subject to the company’s enterprise data security policy as well as any regulations governing the industry. There shouldn’t be any exclusion regardless of any scenarios.
Multiple Device Types Make Centralized Automation a Challenge
Not only is it challenging for IT departments to discover who is using personal devices and overcoming distrust, automating mobile data security is technically challenging. Some users use Apple iOS products; others prefer Android devices; some use Blackberry; and others use Windows or Mac devices and computers. This means you must have technical solutions for each device type. IT departments need Mac encryption, Windows encryption, and a myriad of other tools available to manage the devices its employees use.
Mobile data security is a must for any enterprise. Employee resistance and distrust may be overcome with unobtrusive data security measures such as whole disk data encryption. Not only does such a solution protect corporate data, it also protects the employee’s personal data.