Data Security and BYOD: The IT Odd Couple?
For enterprise IT professionals, there's no avoiding the bring-your-own-device (BYOD) trend. According to a Staples Advantage survey, 93 percent of employees say the kind of telecommuting programs made possible by BYOD are beneficial, while 53 percent of business decision-makers say allowing employees to access corporate networks with personal devices increases productivity.
But as IT admins have discovered, easy access increases the risk of a data security breach. Is this an all-or-nothing proposition?
The Great Divide Between IT and Staff
Employees expect access. A recent article from HealthITSecurity notes that physicians often carry tech devices, such as tablets or smartphones, and expect immediate access to hospital networks. IT departments are told to “make things work” but struggle to manage certificates and access keys across a broad range of devices.
This can lead to a lockdown mentality on the part of IT: Users must either agree to install security-monitoring apps or restrict themselves to devices approved by IT admins. The problem? According to Harmon.ie, 41 percent of users circumvent these security measures, leaving corporate networks compromised and IT professionals in the dark.
Employees Don’t Feel Responsible for Security
When it comes to security, many employees take a “not my problem” attitude, according to Centrify survey results discussed in a recent FierceCIO article.
Fifteen percent of survey respondents said their responsibility for protecting corporate information on their personal devices was “none to minimal”; 10 percent were still using devices without passwords or PINs. And although 45 percent of respondents said they understood the need for data diligence in BYOD, 43 percent admitted to accessing corporate services over insecure public networks. In other words, even employees with the best intentions put company data at risk.
Tech Republic, meanwhile, offers some specific examples. After granting “select executives” access to company networks using their iPads and smarthphones, a European firm found 10 times as many employees using the network without permission. A health and wellness company, meanwhile, discovered employees using public email services to send sensitive consumer data, such as credit card numbers and banking details.
Never the Twain Shall Meet?
Is it possible for BYOD and data security to coexist in the enterprise environment, or are IT professionals doomed to play catch-up and patch any holes left by well-meaning or overzealous employees?
One option is biometric mobile security, which includes the use of fingerprint, voice or iris identification, typically in combination with a password, to create a form of two-factor authentication.
News24 discusses this emerging technology and its possible benefits: For users, biometric options “feel” more secure and can seem less invasive than security apps. In addition, the use of a biometric service means authentication data is stored outside the mobile device; even in the event of a loss or theft, the phone or tablet itself can't be mined for bio-identification data.
Forbes, meanwhile, offers companies more timely advice: Create backup plans. Start by making the data, not the user or the device, the priority. This means developing identity-management and remote-wiping protocols so admins always know who's using a device and can cut off data access as needed.
It's also important to engage employees and — given the power of social media — marketing departments. Education about device best practices, such as not using common passwords or relying on social media networks to transmit company data, is crucial. Ask employees what they expect from network access and get their input on mobile security; the democratization of technological power means IT staff must discuss rather than demand.
Data security and BYOD will never see eye to eye, but it is possible to maximize both access and authority with the right mix of technological forethought, backup planning and employee engagement.