With the rise of mobile devices in the workplace, businesses face a dilemma. Most want to gain the obvious benefits of mobility, yet they are uneasy about the significant risks involved. As you can see by walking around any public or business location today, everyone uses phones, laptops and tablets to get work done. There are proven benefits to mobility, which include happier employees, increased productivity, and greater business agility. Risks include everything from critical data losses to devastating reputation damage, legal action and stiff fines.
Mobile devices are already in use by executives, IT and anyone who travels within your business. In the past most organizations focused on locking down laptops, phones and tablets. This is similar to protecting the perimeter in a network with firewalls, intrusion detection and protection systems. While this is important, it’s not the end goal of your security. You need to focus on securing the data itself, since that is what’s valuable in your business.
When smartphones and tablets began emerging a few years ago, organizations scrambled to manage the devices themselves. As more and more employees chose to use their own devices to get work done, companies began to realize that it wasn’t the devices they needed to secure as much as the information on those devices. To protect corporate data from mobility-related risks, you must effectively prevent:
- Unauthorized access to corporate data
- Data leaks through unmanaged mobile devices
- Data leaks through cloud applications
Think about a typical work day where you need to access sensitive documents on a phone or laptop. This might include email attachments and content downloaded from a content repository, such as Microsoft Sharepoint or IBM FileNet. You also need to think about accessing documents from cloud applications, like Dropbox or Google Drive. You might have a secure network connection to these documents, but once the document is on your mobile device, it’s wide open.
The best approach to a secure mobile work environment is to encrypt the content itself and control it through dynamic security policies. This should include strong authentication options, view only options to prevent inadvertent cut and paste and the ability to prevent a user from accessing content on a mobile device. An administrator or document owner should also be able to revoke access completely to a document that’s already distributed.
The mobility trend can overwhelm you because the stakes are high. You must protect sensitive corporate and customer data, yet take advantage of the significant agility that is available. None of us want to go back to the days before we could work from anywhere at anytime. But with that freedom comes risk. Devices are commodities that are lost, stolen or replaced frequently. Your data is the lifeblood of your business. By focusing on who has access to the data, you can better manage that risk. You can increase productivity without sacrificing security and wind up with a more secure mobile enterprise.
Worry about who has access to the data, not the device.
Photo credit Cameron Neylon