Having their own devices used to their liking gives employees a semblance of freedom within the corporate environment. Their respective organizations, on the other hand, get to reap the fruits of having mobile employees with fewer hardware investments. While both parties enjoy the benefits of resources and cost-cutting, company data residing in employee-owned devices is still at risk if not handled properly.
With employee-owned devices at work, the chances of confidential company data mixing with personal employee information are high, and the instances of data leakage and loss are even higher. According to our findings, two in five large data breaches were caused by lost or stolen devices, and nearly half of the companies that permitted BYOD were breached through employee-owned devices. Typical mobile security solutions are not enough to mitigate these kinds of risks. IT administrators need to rethink security in terms of protecting not only the devices but the data stored on them as well.
Aside from mobile antivirus solutions, enterprises have also looked into other solutions to safeguard corporate data on employee devices. But are they enough?
Mobile Device Management (MDM)
Although MDM solutions allow IT administrators to manage, secure, and monitor employee-owned devices, it still brings certain issues to the fore.
First of all, it can come across as invasive. Employees are typically turned off by the prospect of their company setting policies on the use of their devices, and knowing that IT has control over their personal phones or tablets does not help alleviate their worries. Second, MDM can only do so much to protect corporate data stored on employee devices. Though administrators can remotely wipe data from lost or stolen employee devices, they also risk erasing their employee’s personal data.
It should be noted that MDM is not a standalone solution. This means that enterprises will have to invest in other mobile security and management offerings to holistically protect employee devices, as well as corporate data.
Secure Containers and App Wrapping
The use of secure containers or containerization is a bit more flexible. It gives employees the breathing room they need away from IT. It also helps employees separate personal applications from corporate ones.
This allows them to manage a cordoned-off section of the device with the corporate apps stored in it. The problem with secure containers, though, is the same with MDM. Once a device is compromised or goes missing, company data is still at risk. Containerization also requires some form re-engineering for third-party apps.
App wrapping is a bit similar. It allows IT administrators to create a layer of protection over a specific app or group of apps by creating policies that apply to them. Administrators, for example, can demand authentication requirements before certain apps can be accessed. While this protection layer is good, it still requires proprietary patching of app binary that affects licensing and updating of the said apps.
Similar to desktop virtualization, device virtualization makes use of a hypervisor to let mobile users simultaneously run different mobile operating systems on a single device. This allows for the clear separation of corporate data from personal data. However, the issue remains the same: corporate data is still stored on the device. In addition, virtualization also eats up a lot of a smartphone or tablet’s computing resources. For an employee with a lot of personal data and computing requirements, this will be an issue.
Virtual Desktop Infrastructure (VDI)
VDI, perhaps, seems like the best option for mobile data protection. Given how VDI works, data is never stored on employee devices; they’re stored in company servers. This ensures that despite device loss or compromise, enterprise data remains intact. Unfortunately for employees, VDI is rigid in two aspects. First, it lacks support for other third-party apps since it only supports those that run on Windows, and second, it also is not optimized for mobile devices. This means that employees will have to endure working on a desktop environment on a small mobile screen.
Virtual Mobile Infrastructure (VMI)
VMI, like Trend Micro™ Safe Mobile Workforce™, offers secure access to corporate data and applications without requiring a great deal of infrastructure or complexity. It provides all the benefits of a VDI but is specifically designed with mobile users in mind.
Much like VDI, corporate data never gets stored on employee devices. Each employee gets assigned a profile that is centrally managed and stored on secure company servers. Employees only need to install a secure app on their device, log in, and access all their company files and data without fear of mixing personal and company data or IT controlling their gadgets. VMI also saves time, effort, and resources. Through a central management system, IT administrators can modify profiles, check for security, and pushes updates to employees’ VMIs through a single console.
This setup is also advantageous for app developers. Much of app development time and resources go into security considerations. Are apps secure enough? Ensuring an app's security during its development takes up time and effort that could have been spent focusing on app functionality. VMI eliminates this concern. Since apps are placed in a secure mobile platform, they only need to concentrate on developing a functional app for one platform.
The BYOD problem is a tricky challenge to overcome, but with the right consumerization strategy and combination of solutions, enterprises can reap the benefits of a happy and secure mobile workforce without compromising any of their critical data.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.