As employees increasingly use tablets and smartphones to accomplish work-related tasks, they have promoted greater productivity and extended the capabilities of the workplace beyond an office's four walls.
Mobile workers can send email, crunch numbers in Excel and edit company documents on the go. But despite clear upsides to what has been dubbed the bring your own device (BYOD) era, there are challenges as well. With a steady influx of new devices, concerns about corporate data security become more acute. If these devices are lost or stolen, for example, it can compromise important company data.
Comingling personal and work-related information in personal cloud-based services can pose problems as well. And despite remote wiping and other mobile device management tools, IT managers are struggling with how to control and manage these devices in the enterprise.
While technologies can aid in corporate data security and controlling user access, companies must also consider nontechnology issues in corralling users and their devices. In the era of BYOD, policies that educate users and encourage proactive security are the best defenses against a possible data breach.
A lost mobile device containing sensitive corporate data can cost a business thousands of dollars. In fact, the oft-cited Billion Dollar Lost Laptop Study by Intel Corp. and the Ponemon Institute details how much a lost laptop costs a company. The study found that companies have to pay nearly $50,000 whenever a notebook is lost or stolen. In severe cases, it may cost up to nearly $1 million. Of course, a notebook doesn't cost that much, but the stolen or lost data is valuable. The higher an employee's position in a company, the higher the cost for a stolen or lost notebook.
Indeed, with the onslaught of BYOD programs and the emergence of the consumer cloud, corporate data security is a major concern of IT administrators. What happens if an employee's mobile device gets compromised or the data he stores in the cloud gets hacked? It's an IT nightmare, exacerbated by the use of personal cloud-based services and apps such as Dropbox, Box, SkyDrive and Google applications. Employees can benefit by collaborating on documents or storing them in the cloud for later use, but the security risk can be high.
In the future, these concerns will only become more serious. Employees will be responsible for bringing their own mobile devices for work uses, further endangering corporate data's security.
But BYOD and personal cloud-based services cannot be stopped. The explosive growth of smartphones and tablets has already promised productivity and convenience gains. Employees store work files in the cloud, log on to Web-based applications using smartphones and tablets, and download the files to their devices. Mobile users now expect to be able to work anytime, anywhere.
Cloud-based services disperse data across the globe. The flip side of this potential productivity boon is an easier target for thieves and malware. Organizations must trust that their cloud providers or services have enough security measures to prevent breaches or data loss.
Even though data loss could cost a company hefty sums, it is not at the top of mind for most employees. Workers frequently use personal cloud-based services without enterprise IT's approval, so there is no control over what kinds of data leaves the company fold. For workers, being productive and meeting deadlines supersedes concerns over potential data loss, which could happen unintentionally.
More in this series on corporate data security
- How personal cloud services can endanger data security
- Six data loss prevention strategies
IT admins cannot control employees who use their own personal accounts for cloud apps and services. Files in the cloud are relegated to the minimum password for the personal cloud-based services, and every time data leaves the corporate network, there is the possibility of a security breach.
When it comes to preventing data loss, if an employee loses a company-owned mobile device, the data is stored elsewhere. An admin can remotely wipe the device so that no other corporate data, such as emails or confidential files, can be accessed.
However, a remote wipe will also delete personal files, such as family pictures. New mobile access and information management technologies try to alleviate this problem by giving IT control over corporate applications and data only.
Another potential threat to corporate data security stems from simple user error. Employees can accidentally turn a corporate document public or share it with the wrong person. Cloud-based services try to address these issues with enterprise-level versions, providing access to designated colleagues or groups.
As a result, many companies want to use private clouds, where enterprise IT has much more control over where data resides. A private cloud allows companies to define the rights for employees to use apps and access data based on their job functions.
On-premises alternatives allow enterprises to ensure that they closely comply with any relevant regulations. This is especially important for institutions in certain industries such as financial services and health care, which are subject to stringent government requirements.