<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=381391698926062&amp;ev=PageView&amp;noscript=1">
//mega nav ctas

Enterprise Mobility vs. User Privacy and IT Security

Posted On: May 18, 2016

Topic: Security

blog_mobility.jpgAs mobility and the Internet of Things (IoT) converge, and cyber threats continue to loom large, the need to focus on balancing data security with employee and customer privacy is top of mind for IT departments around the world. At the same time, IT departments are struggling with how to meet user demand in the age of everything connected, from devices to wearables. In addition, IT must find ways to meet compliance regulations and assure senior leadership that the company’s sensitive data is safe and secure.

Privacy issues are at the forefront of the discussion. IT policies that will keep data, such as location tracking, safe while disabling unsanctioned apps on devices, are often seen by end-users as an invasion of privacy.  Employees want to know who can access their data. They worry that with too much leeway, their employer will be able to monitor personal texts, emails and social media posts. On the other side of the discussion, IT departments worry about data breaches and possible leaks of personal information like names, addresses, account numbers and health records.

A 2105 report from Gartner points out that management misinterpreting mobile risk, and organizational structures that do not allow enterprise mobility projects to cater to security leads, are causing the security gaps to grow in enterprises. So, the question becomes, how can organizations avoid furthering this gap with mobile users? And, at the same time, meet their ongoing needs, protect their privacy and maintain a high level of security for their sensitive data ?

Establish a Privacy Policy

The increasing tendency to mix personal and business data on mobile devices highlights the need to establish a strict privacy policy for mobile devices. Decide what information to collect and who within the organization should have access to that data. This should be based solely on business needs. Once the policy is defined, clearly communicate the mobile device policies to your organization. Be sure to state the reasons for implementing the policy and the consequences should someone disregard the set policies such as jailbreaking phones. Be certain you can justify the reason to store and track personal data and establish procedures for storage, archiving and restricting access. You might consider implementing a mobile device management (MDM) application for much of the heavy lifting, but establishing and enforcing the policy falls squarely on IT’s shoulders.

Hold End-Users Accountable

More than 80 percent of survey respondents admit to using non-approved Software as a Service (SaaS) applications in their jobs, according to a report by Stratecast. This practice opens up vulnerabilities in the network and further exacerbates IT’s privacy and security problems. To combat this situation, user accountability needs to be increased in order to reduce the need for locking down devices.

In a recent Gartner survey, 71 percent of respondents said that mobile security is an area of high interest. At the same time, only 38 percent planned to invest significantly to lessen the risk. But wouldn’t it make sense to invest in such a critical area of the business?

IT needs to make a greater investment to protect enterprise data by separating business and personal data on mobile devices. IT will also need to look at offering enterprise mobility applications that have the look and feel of mobile apps employees have become accustomed to. They cannot just port legacy applications directly. To do so would be like putting lipstick on a pig. In fact, it will cause mobile users to quickly grow frustrated and turn to other solutions.

Secure Business Assets

For attackers to get to your data, they target mobile applications. Gartner recommends that organizations abandon device-centric security models in favor of app-centric models to give the IT administrator more freedom to act. This move will help eliminate device lockdown routines by migrating many controls to the application layer. Establishing an app store for your employees to download enterprise-sanctioned apps goes a long way to controlling the connections and offering enhanced protection of business assets.

Mobility and Security Solutions

While mobile platforms are still relatively new, the world is quickly advancing toward a purely mobile workforce with end users who want choice and control over devices and apps. Now is the time to take a hard look at your organization's mobile solutions, policies and practices in order to protect your sensitive assets and employee privacy.

Companies such as OneNeck have experience helping businesses find a balance between keeping mobile users happy and their data secure from breach. Our team of experts can help define what your mobility strategy should look like. They can help you develop policies that securely enable device expansion throughout your organization. They can also help lay the groundwork for an effective Enterprise Mobility Management strategy that enables your workforce to take advantage of all the freedom and productivity mobility has to offer.