Achieve confidentiality, integrity, and availability of data with a distributed workforce

Remote working woman at home
(Image credit: / ImYanis)

With lockdown restrictions eased around the world, corporate workforces are constituting a real blend of in-office and remote employees. Maintaining the security of corporate data with such a dispersed workforce can seem like a daunting task to admins, especially with the surge in shadow IT and the use of mobile devices for work. However, things can be simplified by focusing on three major elements that constitute data security: confidentiality, integrity and availability.

Protecting corporate data on mobile devices

Protecting data confidentiality involves preventing unauthorized access and guarding against data leaks. However, this is often easier said than done. Employees are human. This means they often unintentionally install malware or access malicious sites on their mobile devices. This puts sensitive corporate data on the device at risk. Further, employees may often neglect to install critical security patches, leaving their devices vulnerable to data leaks and attacks.

The simple fact is that mobile devices run high risks of being lost or stolen. The Crime Survey for England & Wales (CSEW) estimates that over 325,000 individuals experience mobile phone thefts every year. This mean a mobile phone is stolen every 97 seconds. As employees frequently use their personal devices for work, mobile phone theft can lead to corporate data on the device falling into the wrong hands. It can be tricky for admins to prevent mixing corporate and personal spaces on devices. Plus, if the employee leaves the organization, ensuring that all corporate files are erased whilst leaving personal files untouched can be a cumbersome task.

Shadow IT is a scourge that affects many organizations. Recent findings suggest that around 83 percent of staff use unsanctioned apps today. It is, therefore, imperative that organizations restrict the installation of untrusted apps and encourage them to use dedicated corporate apps to view corporate documents. Plus, admins need to ensure devices are as secure as they can be through the distribution of stable patches to devices. This process should be enforced by the IT team instead of being left just to the employee.

It is important that strict password policies are mandated on devices. Plus, if a device is reported to have been lost or stolen, remote locking and tracking is used to help secure the data. If the device proves to be irrecoverable, a remote wipe should be performed, eliminating the risk of data theft. Containerising the corporate workspace on employee-owned devices will separate work from play, also making it possible to erase only the corporate files if the employee leaves the organization.

Maintaining data integrity

While confidentiality deals with preventing unauthorized access, integrity deals with preventing data tampering, and conserving its authenticity both at rest and in transit. This is important to maintain compliance with data privacy regulations such as the General Data Protection Regulation (GDPR). Failure to do so can lead to crippling fines. With GDPR, businesses that fall foul of a data breach face a fine of €20m or 4 percent of annual turnover (whichever is greater).

When remote employees connect to home, public, or shared networks, the data in transit is subject to risks such as man-in-the-middle attacks that can alter the integrity of the data. Some apps create automated backups of files in third-party cloud servers, making the data only as secure as the cloud itself. Cyberattacks on the cloud or unintended mistakes can lead to the data becoming corrupted and losing its integrity. Further, mismanaging user access controls and broadly granting access to files might seem convenient. However, doing so enables anyone to access and edit files even from unauthorized devices, which makes it harder to audit.   

Using a corporate virtual private network (VPN) and certificates can protect the integrity of data in transit even on public networks. It also helps encrypt corporate files with strong algorithms that will protect integrity at rest. Automated backup features should be restricted on employee devices to prevent corporate data being exported to third-party cloud networks. There is no one size fits all solution. Granular control should be exercised over who gets access to sensitive data by refraining from bulk sharing files. Additionally, access to corporate servers should be granted only to managed mobile devices to further secure corporate data.

Supporting vital system uptime

With confidentiality and integrity optimized, admins must next make sure employees are able to obtain the resources they need to undertake their work in a timely manner and without interruptions. Keeping vital systems up and running is what availability is all about. 

With multiple teams, ensuring every team member has access to the right files on their mobile devices, whilst ensuring that new versions of existing files are updated during decisive moments such as business meetings, can be an exhausting task. Patience is rarely a virtue. Should the already time-sapped admin not make the necessary apps available to employees in a timely manner, they can often resort to shadow IT and install similar apps from untrusted sources just to get work done.

Timing is often key. If admins push crucial operating system (OS) updates during work hours, devices will go down, affecting the very productivity of the employees you are trying to empower. Moreover, inevitable technical issues on devices can also interfere with proper availability.

File distribution can be simplified by distributing to groups based on the directory service rather than to individual employees. By understanding employee requirements and providing requisite apps to teams in a timely manner can help prevent shadow IT. 

OS updates should be scheduled to take place during non-work hours so that they cause minimal disruption. It is also wise to provide staff with the option to delay updates temporarily to make sure there aren't any interferences with availability when they're working. Remotely troubleshooting issues in real-time over the internet will also ensure uninterrupted availability.

Luckily there are enterprise mobility management solutions available that help securely manage both corporate and employee-owned mobile devices in the modern hybrid working environment we are seeing. This can provide the silver bullet needed by admins to help enforce corporate security policies across devices to ensure the security of sensitive corporate data both at rest and in transit.

Mathivanan Venkatachalam, Vice President, ManageEngine

Director of product management at Manage Engine, Mathivanan V has worked extensively in network management, gaining a deep understanding of network architecture testing products as a software engineer for IIT Madras and later at Vembu Systems.