5 Steps To Implementing A Mobile Data Security Policy

Mobile Data Security Policy

The safe and efficient exchanging of corporate files, is not a new problem. Not so long ago employees used USB keys to exchange information and the challenges for the IT department was locking USB ports and ensuring staff weren’t sending personal emails outside of the company.

Now everybody has 4GB of storage in their pockets that they could use to copy and access corporate information without controls, leaving IT departments stuck with the security issues that a tablet within a corporate network opens up. For instance, you can copy anything, synchronise any information you like and even take pictures of confidential documents. There are no limits to what you can do with a mobile device on a corporate network.

Allowing employees to connect any mobile devices to the company network has its advantages. For instance it saves money on hardware and software licensing, it improves productivity and the mobility of the workforce and what’s more, it improves employee loyalty.

However, the downside is that by allowing any mobile device to access the company network/infrastructure you start to mix personal and corporate environments, and start to lose control of data security. This can lead to data becoming complex to manage. All devices are different and have different origins. They run on different operating systems and this adds layers of detail that the IT dept has to manage.

Mixing corporate and personal environments

One of the biggest issues businesses have at the minute is managing the mixed environments that happen when personal devices enter and connect in the workplace. The challenge is if and how corporate strategy can be applied to devices that belong to employees.

Once an employee connects their mobile devices to the office Wi-Fi, you are facing a mobile file managment situation. Often organisations will take this a step further and allow them to connect to the corporate email. However, by doing this, you then become responsible for the management of the information and content that enters your company network from their device – and leaves the company network on their device. This can have legal implications also.

For instance, what happens if that employee has personal pictures of his partner on holiday, taken and stored on his phone? This image gets synced and backed up on your network. As a company, you need to minimise the impact of this on your reputation and on other employees.

How does that fit into your policies and are there any legal implications? It is an area that an organisation needs to exercise some control over. However, applying a corporate strategy to a non-corporate owned device is very difficult to do. Will your employees allow you to ‘lock out’ use of their own phone’s camera? It is unlikely to be a popular move.

At the other end of the spectrum, there are problems when people start bringing in different devices with different security levels and features. For instance, some older Android devices run operating systems that are not very secure, so you can have people sharing files over the company network and sending emails to themselves. Then the device will get forgotten on the bus ride or on an airplane and you have a serious data breach.

The reality of restricting

Newer devices such as iPhones or iPads do have restrictions that can be applied, such as not allowing use of Safari, email or locking the camera. Companies are able to do this if they add a small file to the device. However, the employee has to willingly provide the device for this. You can also restrict on a personal level by using a small application that is provided by Apple.

For other devices companies can provide mobile file management solutions, which enable businesses to apply their own rules. You have a remote control, which allows you to see who has an iPad or an iPhone or who has 6 tablets and 2 smartphones and so on and then you can distribute those rules to those devices.

One of the most basic restrictions an administrator can enforce is access to the server on an iPhone. You can enforce a pass code to come up as soon as someone tries to connect a smartphone or tablet.

There are also apps available that manage access to corporation information on devices. They can be downloaded from Apple’s app store or Android Market (Google Play) and allows employees access to the enterprise network. They start accessing share points and network resources on mobile devices within the restrictions of the application.

This means that devices aren’t locked, but a company is able to ensure that its employees have something efficient and that is easy to use and gives them quick and easy access. This solution stops staff being able to send themselves emails or add corporate content to Dropbox or Skydrive. The application is not there to control the device, it is just a tool that is used within or even outside a corporate network. Staff can have access to all of the information on the company network.

However you decide to approach the challenge of Mobile File Management or Mobile Device Management, the first place to start is by agreeing a strategy. This can be simpler than it sounds, however, it should be addressed sooner rather than later or you’ll be trying to undo years of poor practice.

Here a five steps to implementing a mobile data security policy:

1. Select a platform

The first place to start is deciding which platform and devices you wish to support. For example: Android, iOs or another. Most corporations pick Android and iOs. Then you start to build your strategy based around that. Remember, the platform you choose will influence the devices you allow – and want to support.

2. Select a device

You need to know what you want people to be able to do with their device inside the corporate network. Windows 8, being a Windows device, has a huge advantage because it will facilitate integration into the corporate network and ensure that all staff have a standard way to access the network. However, Apple seems to winning the hearts and minds of the average office worker currently.

3. Select participants

The next step is to think about who you want to apply the Mobile Data Security strategy to. Are you going to apply it to all staff? Will you have the same restrictions that apply to corporate devices?

4. Select what you want to share

It then needs to be decided what corporate data should be shared. MDM/MFM solutions allow users to access files securely remotely. This enables real time syncing with the corporate network whilst on the go.

5. Set a budget

The total cost involved in implementing a mobility policy quickly adds up. There is the initial cost of purchasing the mobile devices, file management and security software and then IT labour costs. In order to remain budget savvy, businesses need to work closely with value added resellers to help implement an ecosystem which covers both the MDM and MFM challenges, at the best price.

SHARETweet about this on TwitterShare on LinkedInShare on FacebookShare on Google+Pin on PinterestDigg thisShare on RedditShare on TumblrShare on StumbleUponEmail this to someone
Alan Laing

Alan Laing joined Acronis in May 2012 as General Manager, EMEA. Prior to Acronis, Alan served as Area Vice President of Western Europe for Avaya, a global leader in business collaboration systems, software and services. Prior to Avaya, Alan was Vice President and General Manager EMEA at Portal Software, a supplier of billing and customer management solutions for the telecommunications industry. Before Portal Software, Alan was CEO at Mediasurface. From 1994 to 2000 Alan assumed several senior management roles at Oracle, most recently as Vice President of Operations EMEA.