FileOpen Document Security Blog

Enabling Secure BYOD: Protecting the data, not the device

Written by FileOpen DRM News | Nov 12, 2013 6:26:00 PM

 

BYOD (“Bring Your Own Device”) has invaded the workplace, whether sanctioned or supported by your IT department, and is clearly here to stay.  According to a study by iPass and MobileIron, 81 percent of companies now allow employees to bring and use their own devices.  What company wouldn’t want reduced hardware and subscription costs, with the promise of increased employee efficiency and productivity?  Studies show mobile-equipped employees tend to work more hours each week than non-mobile-equipped employees.  Employees also prefer to use their personal device over a corporate-issued device. The challenge is to accommodate the reality of BYOD without foregoing data security or introducing chaos to your IT systems. 

Here at FileOpen, we work with thousands of customers delivering documents securely to millions of users worldwide.  We have found the most successful implementations of a BYOD strategy are accomplished by businesses that are as progressive as their users and agile in their efforts to provide a flexible yet secure work environment.  In this post we’ve pulled together a summary of the key components of their successful implementations. 

 

Build a comprehensive BYOD policy

BYOD or mobile device security policies vary by industry as well as within specific verticals. Common goals are to make sure BYOD is aligned with the company’s current strategy, retaining employees by supporting flexibility, and offsetting equipment costs. While keeping these goals in mind, define the types of data that should be accessible and the risks that accessibility may pose.  A few considerations: 

  • Allowable devices:  Minimum requirements and level of support by device

  • Allowable activities: Access to the corporate network, corporate data and Web applications

  • Legal & HR considerations: Clear lines of demarcation between corporate and employee data and liability

  • Employer controls:  Agreements giving the company authority to implement controls, such as encryption, access controls, monitoring and the “right to wipe”

Make sure to have anyone participating in BYOD sign your terms of use. Those who choose not to follow your policies should not expect to use their devices.

Educate employees about the risks of BYOD

The most important next step is education; which includes explaining to each employee how BYOD would work for them and what potential risks could be to the organization as a result of their behavior.  If employees understand that the policy is not only designed to protect corporate data but their personal information as well, they are more likely to adhere to corporate controls.

Get the right file protection technology

It goes without saying that a company that engages in the BYOD approach without ramping up its protective measures is putting its security in jeopardy.  The devices are easily replaceable, but what they contain is not.  That’s why successful businesses implement technology that focuses on securing the data at the source rather than the endpoint, ensuring the safety of data regardless of its location.  For document specific protection, our customers appreciate that our FileOpen solutions directly embed access rules into documents, which are enforced by whichever device and viewer the user happens to be on.  Using the FileOpen RightsManager dashboard, they can quickly and easily make changes to access policies, even after the user has downloaded the files. 

Monitor and track usage

Essential to any BYOD security framework is the ability to monitor and track usage across all devices. Most organizations do not track data effectively and hope their employees strictly follow policy. Companies should consider the use of a content security tool that comes equipped with monitoring features to detect abnormal usage and provide a level of accountability.  For instance, if an employee loses a device with sensitive information and doesn’t report it to IT for a week, the IT team can analyze if any documents had been viewed in the interim, and immediately revoke access. 

BYOD is here to stay…

At the end of the day, BYOD is a net positive for organizations as it promotes more responsiveness, more accessibility for workers, and higher worker satisfaction.  Whichever strategy you adopt for dealing with BYOD, the key is to secure your sensitive data while still providing the end user the freedom and flexibility to use devices to enhance their productivity. 

For more from FileOpen see our whitepapers and register for our upcoming webinar, covering document security for BYOD strategies on November 19, 2013.