Story image

The BYOD juggling act: balancing security, privacy and mobility

05 Dec 2019

Article by Bitglass CTO Anurag Kahol

The productivity benefits of enabling cloud and mobile, along with the expectations of today’s modern employees, means that the majority of organisations now offer a BYOD and remote working policy.

Yet despite the benefits, personal devices in the corporate setting create something of a headache for enterprise IT teams.

Left unmanaged, personal devices and unmanaged cloud applications can lead to data loss, but if managed too strictly, the IT team risks a backlash from unhappy employees who feel their privacy and right to mobile working is being invaded.

Ban BYOD altogether, and the company loses the productivity benefits of a more mobile workforce.

IT teams find themselves in something of a circus act – trying to juggle the various needs of the business, without dropping one of the balls.

Mobility, privacy and security are, to different business stakeholders, equally important.

So, how can the IT team strike the perfect balance between all three? 

Security

IT teams need to protect corporate data on mobile devices to limit data breaches and to comply with data protection regulations.

In a bid to secure these devices, many look at installing mobile device management or mobile application management software on personal devices.

Because this involves installing software agents on employee phones and tablets, effectively it gives IT teams control overall traffic to and from the device.

Whilst this approach gives IT teams a handle on BYOD security, it destabilises the BYOD balancing act because it doesn’t consider employee privacy – as well as being a logistical headache.

By placing a software agent on every employee’s personal device, all activity is forced through the corporate network.

It allows IT to keep an eye on corporate data, thus improving security, but also means that users’ private banking activity, social networking and a whole host of irrelevant information is also proxied via the corporate network.

This approach can lead to unhappy employees, who feel their personal information could be snooped on by unscrupulous IT staff.

Privacy

People are becoming increasingly concerned about the extent to which their privacy is being diluted by online activities.

With data breaches in the news and regulations like GDPR emerging that have been created to help give power back to the people, it’s not surprising that privacy is a concern.

Indeed, a Bitglass study found that more than half of employees choose not to participate in their company’s personal device program because of privacy fears.

Due to time pressures and the proliferation of smart devices, employees expect to be able to work when and where they want.

However, if employees feel that a BYOD programme puts their privacy at risk, they might go as far as to work around the IT team and access corporate information without its knowledge and consent.

This avenue forsakes security in favour of privacy, as IT loses visibility into how corporate data is being used and its ability to protect it.

Mobility

Left discouraged that they can either see too much or too little when it comes to BYOD, some IT teams might choose to ban BYOD programmes altogether – solving their security and privacy infringement woes.

But this method makes the organisation take a step back rather than forward because it hinders mobility.

Employees appreciate and value organisations that allow them to work when and where they want.

Deloitte found that workers with access to flexible IT policies were happier than their counterparts with non-flexible conditions.

Limiting access to corporate files to just the company building also inhibits productivity.

A recent study by Regus found that 74% of managers believe that flexible working is the key to workplace productivity.

How to balance it all?

IT managers might feel that it’s inevitable that one of these factors has to be sacrificed for the others.

They can either control too much of employees’ daily activity, too little, or have no procedure in place at all.

Thankfully, there is a way to balance all three requirements.

Instead of controlling every aspect of a personal mobile phone, IT could limit access from risky devices and destinations.

IT teams don’t have to place a software agent on personal devices at all.

Rather than focusing on protecting the device, IT teams should look for solutions that protect data – no matter where it travels. These solutions use proxy technologies, rather than software, meaning that they are ‘agentless’.

In practice, agentless security means that the rollout time is much faster and users do not need to be concerned about privacy, because their employer can only see their corporate activities.

These solutions can still offer all common security functions, including data loss prevention and remote wiping of company data – but without forsaking mobility or privacy.

Mobility, privacy and security are in many ways equally important.

To please employees, keep the C-suite happy and corporate data secure, IT teams need to turn their attention away from securing the employee-owned device or applications, to securing their sensitive corporate data.

This way, they can create a BYOD and remote working strategy that allows them to balance all three of these important components successfully.

Story image
29 Nov
Black Friday fraud: Who foots the bill?
“Given the incredibly high volume of transactions over the coming weekend, and indeed the whole festive period, often merchants will accept that fraud will be higher than usual."More
Story image
09 Dec
Unisys delivers new cloud security features on AWS
These automated capabilities of CloudForte help clients enhance security and optimise operations for workloads delivered on AWS as well as in hybrid- and multi-cloud environments.More
Story image
21 Nov
Check Point signs new distributor for Aussie SMB market
"Their market share, extensive and skilled partner channel, and strong collaboration with Australia’s leading telecommunication carrier made this an easy choice for us."More
Story image
Today
FireEye rolls out threat intelligence platform for industrial systems
Now industrial control systems (ICS), operational technology (OT), internet of things devices, and other equipment used to manage interconnected physical processes, can be secured from cyber threats.More
Story image
27 Nov
Interview: Microsoft's Diana Kelley talks talent gaps and D&I
Kelley recently spoke at Microsoft Asia’s new Experience Center, where she talked through her experience as a security CTO, as well as IoT security, what’s ahead in 2020, and diversity and inclusion both in the cybersecurity sector, and in technology.More
Story image
05 Dec
Cyberattacks becoming increasingly targeted in nature, research finds
The number of unique cyber incidents have increase for third quarter of 2019, according to a new report on the cybersecurity threatscape.More