How much corporate data access should BYOD users have?

Mobile access to company data is one of the surest ways to boost productivity, but IT often has to weigh those benefits against the security risks of bring your own device (BYOD).

Workers participating in a bring your own device policy expect the same corporate data access on their personal...

devices as on company-owned machines. IT should come up with a measured approach toward BYOD users that balances accessibility and security.

According to an IDC survey, only 40% of IT decision makers allow workers to access corporate information from employee-owned devices under BYOD policies. Yet 70% of those employees are actually accessing corporate information from their mobile devices despite directives telling them not to do so, the survey found.

That means BYOD users are skirting security restrictions by sending business data to unsecured locations via email or by saving content to one of several cloud-based storage options. IT’s need to maintain security is often viewed negatively, leaving workers with the alternative of overlooking policies and bypassing technological constraints.

There are two primary ways IT can prevent that from happening and help manage sensitive corporate content: You can control access to confidential data, or you can manage mobile devices.

Controlling data access via mobile content management

Mobile content management (MCM) must satisfy productivity and accessibility needs while keeping the content itself secured, regardless of its location. If employees feel that they can access corporate data and systems easily from wherever they are, at any time, their satisfaction -- and ultimately, customer satisfaction -- will be higher than if they had to spend time in the office hunting for information.

Furthermore, more rapid and trustworthy customer response is one example of potential productivity gains. For example, an enterprise-level, corporate file-sharing system designed for remote access could allow BYOD users to securely access content through an encrypted tunnel. Industry-hardened tools such as Active Directory can enable administrators to manage content access in a multi-tenant environment.

Since employees want access to not only shared corporate documents, but also their own work materials, a mobile content solution that allows for storage of both is a must. Many companies already have products such as Microsoft SharePoint and have already invested heavily in this on-premises infrastructure. A tool like SharePoint can remain the enterprise-approved content repository, while admins can use Active Directory to control and manage access.

Along with service providers such as Accellion, Box, Dropbox, EMC and IBM, there are enterprise-grade products like BigTinCan, Citrix ShareFile and Byte Squared. They can encrypt and manage the use of sensitive data.

In addition to mobile viewing of documents from anywhere, robust collaboration tools should allow for remote editing on any device. Mobile file-sharing methods that lack editing and annotation capabilities are seen as restrictive, potentially leading BYOD users to turn to unsecured methods to complete tasks.

Unfettered corporate data access and the ability to create and edit documents are part of basic employee expectations. The more seamless the transition back and forth can be, between a desktop PC or laptop and a mobile device, the more satisfied workers are likely to be.

Of course, enterprises need to have full control of certain content from a security and regulatory compliance perspective, so they will have to address potential data sharing in the cloud. Several SaaS and desktop as a service products provide an easy-to-manage interface for security controls.

Mobile device management and related approaches

Enterprise IT leaders know that they cannot just open the floodgates on devices and provide carte blanche access to the corporate network. It's not easy to figure out how best to manage the proliferation of mobile endpoints, though.

A good method for ensuring the success of mobility policies is to implement enterprise mobility management (EMM). Numerous providers offer a host of tools to manage policies, standards and restrictions, including the following:

  • Mobile device management (MDM): Such tools handle acceptable device types and mobile operating systems. They can also deny enrollment for devices and apps that don't meet the minimum standards set by enterprise IT.
  • Mobile application management (MAM): This allows an enterprise to create a list of acceptable and unacceptable apps on corporate-managed devices. MAM utilities also apply security parameters such as the authorization level required to access approved apps.
  • Mobile content management and mobile email management (MCM and MEM, respectively): As mentioned above, these detail what types of content can be accessed from the corporate network and stored or used on a mobile device. The organization can also specify the required level of encryption on private or confidential data.

When looking for a strong EMM provider, Gartner's Magic Quadrant research is a great place to start. In particular, the service providers in the 2014 Leaders quadrant provide extensive mobile management, security capabilities and have an excellent record of keeping up with the rapid changes in mobile devices, apps and operating systems.

Gartner Magic Quadrant

Enterprise mobility should pave the way for a more productive and satisfied workforce, but the risks are real and should not be dismissed. With the right technology and governance, approved app underuse and security vulnerabilities can be mitigated.

Dig Deeper on EMM tools | Enterprise mobility management technology