I don’t want to scare you, but are you using the cloud to share information and resources among employees? Are they accessing that data on personal devices? Can you control that data wherever it goes? No? It’s time to take control of your cloud resources through security protocols that will allow you to keep ownership of data; ensuring employees don’t walk off with it or lose it.
Recent research says that 82 per cent of companies allow BYOD devices, with many of them encouraging or even demanding the practice. Yet 40 per cent of companies admit they do a poor job of managing identities and access to cloud information. That’s a scary situation to be in for a company – sharing your data while being powerless to protect it.
Risks vs Rewards
Companies implement BYOD policies because they save money on buying devices and training employees to use them. With BYOD, there is just the cost of a stipend to cover some of the employee’s data costs. And because workers are using devices they chose and invested in personally, they are more satisfied with the devices and more productive with them.
However, making these savings can come at a cost. BYOD brings about security threats that unfortunately companies often have no process set up for removing data from an employee device should it be stolen or the employee terminated.
Here are more scary statistics:
- 51 per cent of companies detected terminated employees trying to access company data.
- 54 per cent of firms believe they can stop unauthorised access by ex-employees (but what about the other 46 per cent?).
- 81 per cent suspect employees share passwords to access cloud information.
Steps To Mitigate The Risk
A security breach or loss of data is inevitable with all these activities – unless you take action to mitigate the risks now. Although there will always be risks, leaving yourself open to BYOD security dangers is like crossing the street against the light in rush hour traffic. You need to take appropriate measures to protect yourself. I recommend the following simple steps to adhere to when protecting your company from BYOD threats:
- Security Policy: Always provide a hardcopy of your security policy for your employees to sign and don’t forget to include mobile communications. If an employee breaches any of these policies it will result in punishment.
- Data Control: It is important to protect your data especially when an employee leaves your company, so ensure you use mobile device management software in order to have control over all the information on these devices. If an employee leaves the company you can delete all the data on the device, including passwords, to prevent password sharing.
- Encompass the risk: Software wrappers can be used to control the data on devices by detaching your company’s applications from other software on the device. Allowing you to control who accesses the data on employee devices including the possibility to delete any company data without harming the user’s personal information ensures better security for everyone involved.
- Third-party software: User-friendly third-party applications will prevent your employees from skipping your applications for a perhaps more user-friendly outside application.
- Training: By continually training your employees on existing security threats, you are ensuring the safety of your company and your employees’ data.
Use the significant cost savings from allowing BYOD to invest in strategies to make the devices safer. This lets your company enjoy the benefits of the revolution in portable data with less risk of a breach or data loss. While you’re at it, take the time to look at the legal considerations of BYOD, as well. Letting employees use their own devices can create many legal challenges your company should address.
Another key consideration is the cloud itself. A truly public cloud may not be the most secure (see articles like “Will Using Dropbox Put Your CEO in Jail”), simply because there is no ability to extend your organisation’s specific policies into it. A hybrid cloud configuration, where some resources are internal and some external, allows a balance. With hybrid cloud there is the benefit of being able to take advantage of the scalability and cost advantages of a public cloud and combine it with the protection against third-party vulnerabilities that a private cloud offers.
I would recommend having BYOD security solutions, one that automatically syncs data on all devices to a hybrid cloud for backup. Some companies keep information off devices altogether and have employees access information from a central location using their own devices, however the problem I have with this option is that companies would face major challenges getting the various devices to play nicely with the remote access software. Syncing and backing up the information is an infinitely easier way to manage the problem.
Backup Your Portable Data In The Cloud
I recommend you incorporate hybrid cloud into your backup plans. Sensitive information should be included in tier-1 backups, making it easily accessible in case you have to terminate an employee – or even if their toddler drops the iPhone in the toilet. Whatever happens, your data will be available. Cloud backups can be accomplished at a low cost and with minimal labour investment. A Disaster Recovery as a Service offering can protect your tier-1 data, combined with other backup and recovery options for other data tiers to maximise cost savings, whilst keeping the business up and running.