Get started Bring yourself up to speed with our introductory content.

Confidential data is harder to secure in the mobile era

For all the benefits of supporting mobility in the enterprise, it has also introduced one of the biggest challenges for IT pros today: safeguarding the flow of confidential data on employees’ smartphones and tablets.

Government agencies, healthcare facilities and law firms are just a few examples of environments where workers access and process people’s personally identifiable information. Many companies are required to obey federal, state and local laws and policies to secure that data, such as the Health Insurance Portability and Accountability Act, which mandates the confidentiality of patient health information. When employees use personal or corporate-owned mobile devices to handle that type of data, it throws a wrench into the equation.

In the latest issue of Modern Mobility, senior managing editor Alyssa Wood examines compliance in the mobile enterprise and ways IT can better secure mobile data, such as encrypting sensitive information.

“When [organizations] had conventional desktops, they controlled it — installed the software, locked it down, and you couldn’t alter it in any way,” said Nat Kausik, the CEO of cloud access security broker Bitglass, in this month’s cover story. “With mobile, all of that is essentially obsolete.”

One way for IT to maintain compliance on corporate-owned mobile devices is using mobile device management (MDM) software, which allows administrators to monitor and restrict user behavior. But many companies either don’t want to shell out the money for MDM, or they have too many employees to purchase and manage devices for all of them. And even if companies provide approved mobile devices, workers might still be tempted to access confidential data on their own device out of familiarity or convenience.

To make things worse, IT administrators, management and other department such as legal often don’t communicate about compliance needs.

“I still see a big gap with management,” said Kevin Beaver, a security consultant at Principle Logic. “That’s the missing link, and that’s how businesses get into trouble … [IT admins] are trying to do their jobs, but often they don’t have the backing of upper management, so they just let it be.”

Enterprises shouldn’t follow the Beatles’ advice and let it be, though, because compliance violations can result in fines or even criminal charges. Take a look at the January issue of Modern Mobility to find out more about mobile compliance and ways to enforce security requirements.