In the security expert’s dream, no data ever leaves the office. There are no remote workers walking out the door with corporate laptops. No contractors accessing internal networks. And certainly no ‘bring your own device’ (BYOD) movement with its plethora of smart phones and virus-riddled home computers.
However in the real-world, the situation is more complicated. The mobile workforce in the UK keeps rising – from at least 30 per cent in 2012, to an expected rise of at least 50 per cent in 2013. Today’s professional worker is called upon to work anywhere, any time, and, increasingly, on any device.
And yet, a 2013 survey of IT decision-makers in the UK, undertaken for Imation by Harris Interactive found that confidence in data security drops significantly the moment the data leaves the building. When UK IT decision-makers were asked if they were confident that the data accessed by employees was protected from loss or theft:
- 73 per cent said they were ‘extremely confident’ or ‘very confident’ that data was protected when workers were in the office
- 60 per cent said the same for when employees are working from home
- 52 per cent had that level of confidence in their data security when workers are ‘on the road’.
Closing the Confidence Gap
How do we bolster confidence in data security, whilst not complicating the user experience? The solution is a combination of policy and technology. Organisations must establish policies and a culture of security in how they work, especially outside of the office. Further, the technology tools must be put in place to enable flexibility for the user with the control and visibility that IT requires.
What is the root cause of this lack of confidence and how can it be resolved? In our experience, even in situations where secure network access is in place, IT decision-makers often lack visibility and control over the technology being used by the remote worker.
For example, USB flash drives and hard drives are nearly always at hand – the Imation survey found that 88 per cent of UK IT decision makers reportedly allow external hard drives and 79 per cent permit flash drives. This makes sense: USB devices are an easy and convenient way for carrying data to and from work, or exchanging large files between devices. But although convenient, USB devices do propose a significant risk of data loss or theft.
The solution is relatively simple: equip mobile employees with hardware encrypted devices that can be managed centrally by IT, and can even be remotely disabled if lost or stolen. An encrypted memory stick can be used with the same ease as an unencrypted device. It is also possible to include software to automatically avoid transferring viruses and malware between machines. Most importantly this approach provides peace of mind for the IT team and can be applied to workers in the office or working remotely.
The ability to enforce security policy is critical. Management systems can be used to monitor, set and enforce policies across the company, down to departments and even individual users. At the same time management software can also track and monitor what devices are permitted and what data is downloaded.
Secure Transportable Workspaces
One approach to security for the remote worker or traveller is supplying a secure corporate computing workspace that an employee can take to multiple host devices. Many organisations are looking at portable workspaces like Microsoft’s Windows To Go, that provide a fully functioning Windows 8 Enterprise workspace, booted from an IT managed, hardware encrypted USB drive.
Crucially, this kind of ‘PC on a Stick’ provides the same experience as the in-office desktop, while all corporate data is kept separate and secure on the certified USB stick. Using Windows To Go, a business could potentially ‘go BYOD’ at a fraction of the cost of deploying notebooks to every worker.
The Correct Policies Must be in Place
Technology is an enabler of security, but it takes people to make it work. If the technology for gaining network access, sharing and transporting files is easy, seamless, and secure, it will be successful. The key to strengthening security is prevention. Fortunately, businesses are getting the message. The Imation survey found that a reassuring number of UK IT decision-makers report that they have a mobile device usage policy in place and it is enforced – 90 per cent.
Solutions should address the very different environments for employees working outside the office by providing consistency and familiarity of experience. Only then can IT professionals close the confidence gap wherever their workers are working.