Mobile Benefits Drive BYOD Security
The proliferation of smartphones and tablet computers has brought into sharp focus the security problems that were becoming more serious even prior to the BYOD movement. Laptops, remote workers, and portable memory sticks raised similar issues when there was a danger of company data leaving the secure corporate perimeter. BYOD security forces corporate IT departments to address these questions and develop secure solutions for mobile data.
A Government Perspective
Governments face security challenges similar to companies, but some departments have to deal with more sensitive information than the average business. At a government IT conference this week, the Department of Defense and the National Security Agency addressed BYOD security questions. CIO reports on the panel discussions at the conference. The government departments are aware of the productivity advantages and employee convenience that having one mobile device represents, but they are not ready to embrace BYOD. They need the certainty that use of employee mobile devices will not compromise security. They are investigating the use of various devices in the face of increasing employee demand. As with business employees, government workers want to have only one mobile device, and want to work in the same way as they operate their mobile device in their private lives. According to deputy CIO at the Department of Defense Robert Carey, RIM's BlackBerry has the required security built in while other devices are still working at upgrading from consumer-level systems. Eventually the departments expect to approve specific devices without allowing broad BYOD.
Midsize businesses, while not generally handling data as sensitive as these government departments, have similar data concerns. ZDNet has an update on secure BYOD policies. Companies have to think through how to protect data on mobile devices. Appropriate policies and a mobile device management program helps address data falling into the wrong hands or data loss.
A key factor is separating company and personal data. If an employee stores company data on his mobile device, it may not be secure when the device is also used for social networking and personal apps. This question is relevant for both corporate data and the data of customers and suppliers. If an employee's mobile phone holds a supplier's proprietary data, the company is responsible for its security. A possible solution is to avoid using local storage for company data. If all such data is stored in the corporate cloud and mobile devices can look at it but not save it, the data will be more secure.
Such a process also addresses data loss. If an employee records customer data and credit card numbers when processing a sale, loss of the phone through theft, accident, or component failure means loss of important data. The mobile device management program can make sure that data is saved to the corporate cloud so loss of a mobile device does not mean loss of data. Securing mobile data and avoiding its loss lets companies benefit from increased employee productivity and satisfaction with their work.
This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.