CIOs could be forgiven for feeling they are one sandbag away from the dam bursting, bringing with it an ever more threatening torrent: Many are too busy holding off a steady and growing flow of security threats to be able to review and reframe entire policies and strategies.
What’s more, those threats are escalating as employees increasingly use their own mobile devices to download sensitive enterprise data. It can make a Bring Your Own Device (BYOD) policy program, designed to stop a trickle turning into a flood, seem overwhelming.
Yet BYOD programs are essential to enterprise security, and should take into account the fundamental changes in how mobility lets users access sensitive data in order to become more connected and more productive.
In the past, CIOs protected data within the confines of fire-walled, enterprise-managed networks and devices. But greater mobility enables workers to use a range of devices to send sensitive enterprise data over multiple, unsecured wireless networks. They can also use and share unapproved apps to boost their own productivity, exposing enterprise data to third parties. This radical shift in how we use client computing opens up complex security issues that need to be addressed in new ways.
The first step for business leaders when formally embracing a BYOD program, is to stand back and consider what to protect and why, given that centralized, PC-based rules for IT security no longer readily apply: a mobile device should not be treated like a laptop, but should be seen as part of an omnichannel strategy to improve the user experience. Employees have a choice of millions of apps, and access to cloud-based consumer storage systems such as iCloud and Dropbox, on which they can store enterprise data. Yet these potential threats can be turned to advantage, if enterprises identify their security priorities.
Indeed, it is unrealistic to try to keep tabs on every mobile device owned by every employee. CIOs need to focus on securing the data in the enterprise regardless of which device it is viewed on, or which network it travels across.
Data reaches devices via apps, so another important part of the process is to determine which ones matter most to your employees and to secure them in ways that will ensure user buy-in. Some enterprises, for example, choose to deploy enterprise app stores so they can give employees a choice of approved apps and limit the use of third-party sites. Many companies are also opting for application management systems, which offer visibility and control over app usage, while responding to user demand for mobility and ease of use.
Mobility should be seen as an opportunity to enhance security measures, with mobile one of many channels through which to access company data. The approach to BYOD will differ according to the business needs of each enterprise. But no company can afford to overlook putting in place flexible policies that meet users’ needs for apps and tools, while also protecting valuable company data.