Like most IT security risks, one of the greatest concerns of enterprises today can be hard to spot – at first. The small, rectangular outline in an employee’s shirt pocket. The nearly flat case slipped into a worker’s bag beside his laptop. The increasing amount of business being conducted on touchscreens. These are recognizable signs of the bring-your-own-device (BYOD) trend and the latest nightmare keeping CIOs awake at night. Which documents are being downloaded to these mobile devices? Which ones are being forwarded outside of the organization or synced to a cloud service? And how can IT ensure data protection on smartphones and tablets not managed by the organization?
CIOs need to answer these questions now, before one of the greatest advances in productivity – BYOD – becomes one of the easiest ways to lose control over your company’s intellectual property. This slideshow features steps that IT should take to prepare for BYOD, as identified by Ryan Kalember, chief product officer at WatchDox.
Click through for four steps you should take to prepare for BYOD, as identified by Ryan Kalember, chief product officer at WatchDox.
Your company’s BYOD aficionados are familiar with public cloud services, and chances are, they really like them. For backing up family photos, storing music, and sharing personal files, the consumer cloud is a great option. However, for accessing and collaborating over corporate documents, public cloud services can’t deliver the necessary security. IT can’t simply outlaw consumer-grade services like Dropbox; instead, you must give your employees tools that mimic the interfaces with which they are familiar and give you the visibility to maintain security.
Cisco found that the two main reasons BYOD has taken off so quickly are related to improved productivity and higher employee satisfaction. Mobile devices help your end users do their jobs better, faster and more happily. You can’t lock down their access so much that these benefits disappear. If you attempt to, you’ll not only lose these gains and the potential competitive advantage they bring, but you’ll probably also fail. Employees will simply circumvent your IT department and tap into public cloud offerings, which increases your enterprise’s security risk. You’re better off outlining a workable BYOD plan and deploying a file-sharing solution that is permission-based, and wraps sensitive documents in a layer of unobtrusive protection.
At the same time CIOs are struggling to manage the rise in BYOD, they also must consider regulatory changes that make data loss not only bad for business, but also illegal. You can’t comply with payment card industry (PCI) or Sarbanes-Oxley (SOX) standards if you don’t know whether your employees are sharing spreadsheets full of customer credit card information with outsiders or losing devices that contain unpublished financial results. The average large organization loses dozens of mobile devices every year, according to the Ponemon Institute. If those devices belong to employees, you might not have the ability (or the legal right) to wipe them clean to keep data out of the wrong hands.
With mobile devices (as with desktop computers), employees can easily download files, share or store them via consumer-grade cloud services, or email them to outsiders. The only feasible way to embrace BYOD without giving up your ability to protect and track documents is to secure your company’s data at the document level.
