This content is part of the Essential Guide: Mobile endpoint security: What enterprise infosec pros must know now

How to balance access needs and mobile data security concerns

Mobile workers need to access corporate data, but giving them open access is often easier said than done. Businesses must balance users' wants with mobile data security concerns.

To provide mobile data access, IT must overcome a classic conundrum: how to strike a balance between user wants and data security concerns. From a security perspective, IT should provide as little access as possible. But from an openness and user experience perspective, data should be as accessible as possible. The two may seem diametrically opposed, but thankfully they are not.

Data security shouldn't be saved for the end -- it should be a key consideration from the beginning of the decision-making process.

Overcoming this dilemma requires assembling a team including business stakeholders, an advocate from amongst the ranks of people who will actually use the application, and personnel from the security, legal, human resources and IT teams. Furthermore, a conversation with these people must take place at the beginning of the process of providing secure mobile data access, with ongoing interactions throughout.

Mobile data security shouldn't be saved for the end. Rather, it should be a key consideration from the beginning of the decision-making process. Too often there are situations where companies invest time and money into a project just to scrap it at the eleventh hour because of some data security concerns that easily could have been addressed earlier. Figure out the minimum security needs to remain compliant and safe, then get the team together and work to provide the most user-friendly application given those restrictions.

It's important to note that not all data is equal. Many applications with file sync-and-share services do so for the purpose of basic collaboration where no sensitive information changes hands. To secure this data, a simple authentication method or security level would suffice. The next step up would be confidential information. For this data, some sort of multifactor or certificate-based authentication may be more appropriate. This is typically the starting use case for mobile content management (MCM) tools, which are traditionally pretty adept at dealing with confidential information. They offer more granular control over what data you wish to share, and with whom.

Making your business mobile

How to make mobile data available, online or off

Even further up the chain of security comes data that is regulated or contains highly sensitive information, such as payroll data. In these cases, maximum security is usually more appropriate. In addition to multifactor authentication, shops may also need data loss prevention tools. This may drive shops away from a cloud-based sync service and more toward a centrally managed MCM system. There are fewer options for more regulated industries to begin with.

Keep in mind there are millions of applications out there right now, with more added every day, so there is no silver bullet for every scenario. Companies must invest time and effort upfront in setting goals and having conversations with stakeholders. They must also build an interdisciplinary team to work on the project. They must balance mobile data security concerns with user experience and always make sure neither is sacrificed. Treating mobile data access as a part of the app development process from the start increases the likelihood of any mobile initiative's success.

Next Steps

Corporate data access: how much is too much for BYOD users?

Governance challenges with mobile data security

Data security top concern for public cloud users

Dig Deeper on Enterprise mobile security