Data Guardians: the IT force tasked with keeping corporate data secure

BYOA is a thorny issue for IT departments
BYOA is a thorny issue for IT departments

Mobile working has been instrumental in driving productivity across internal and external teams. Employees are breaking down the traditional corporate IT barrier and adopting consumer-grade technology to get their work done on the move.

Recent research from Ovum found that 89% of 5,187 full-time employees used consumer-grade file share and sync products for work, and only 9% are happy with the tools provided by their IT department. This is backed up by the results of our own survey, which found that the majority of workers (81%) require access to work documents on the move and 62% now use their own mobile device or tablet for work. However, 69% of these workers use file sharing services to collaborate, and shockingly 72% of these employees do so without authorisation from their IT department.

So while mobile working is creating a huge opportunity for knowledge workers and businesses alike, could it be at the expense of corporate data security?

Employees no longer feel restricted by corporate IT. The adoption of easy to use consumer-grade applications such as Dropbox has shifted control away from the IT group to the employee, who now bypasses corporate policies and uses the unsanctioned file sharing and collaboration application of their choice.

Businesses that allow employees to freely use consumer-grade applications for file sharing and collaboration are putting themselves at risk of inadvertently exposing sensitive data and documents outside the organisation. This is especially the case for businesses that don't have their own security and risk management teams, which can leave data protection responsibilities untended. As consumer-grade applications continue to flood the workplace, it's time for IT groups to regain control of corporate data and content.

The changing role of IT

As mobile working becomes the norm, CIOs and IT groups must focus not only on securing mobile devices through MDM applications but also on controlling corporate data itself, to ensure protection extends beyond the corporate firewall. As the guardian of data, CIOs and IT groups should embrace Mobile Device Management (MDM) and the new generation of enterprise-grade cloud collaboration applications that meet demand for the ease of use that users love, without compromising on security.

The challenges that accompany free consumer-grade file sharing applications present IT with the obvious option of banning them outright. While this may seem like a knockout move in their battle for control, it doesn't necessarily mean the war is won. For users, constantly hearing the word 'No,' especially when it comes to the devices and applications that they enjoy using, can be extremely frustrating, and IT staff are therefore often ignored.

Many users may voice their concerns, but it's more likely they will go behind the IT group's back to find ways around restrictions. The Data Guardian needs to deploy solutions and policies that meet both users' wants and IT's requirements, including removing risk and mobilising content.

Retaining control of data

Most businesses already have Bring Your Own Device (BYOD) policies in place, but managing BYOD is only the first step. Data Guardians need to recognise that with BYOD comes BYOA (Bring Your Own Application), which adds another layer of complexity to managing data security and has created significant difficulties for the IT department, including:

Data security and data leak prevention. Given that consumer-grade applications are designed for sharing non-business files, personal cloud applications are unlikely to adhere to strict, corporate-defined, IT-enforced data security requirements and policies. These types of applications present a huge risk of letting hidden data (metadata) like tracked changes slip through the cracks, potentially exposing highly sensitive information to unintended recipients.

Lack of transparency. Because consumer-grade applications operate outside of the IT group's governance, it is impossible to keep an audit trail that tracks how and with whom files are being shared.

Compliance. For highly-regulated industries, such as financial services and the legal and pharmaceutical sectors, ensuring that the handling of documents complies with industry regulations is crucial. But with employees sharing files from personal accounts without the IT group's knowledge, remaining compliant can prove extremely difficult.

Finding a balance

The fight to enforce rigorous policies that address these issues and keep information secure is one that the IT group desperately wants – and needs – to win. As the guardians of company data, the ability to maintain visibility and control over intellectual property and corporate data is the primary driver to make sure they comply with corporate, local and international compliance mandates.

When BYOD and BYOA entered the workplace, they enhanced employee productivity but turned the tables on IT groups, who watched helplessly as sensitive documents and data were being shared insecurely. While there is no one-size-fits-all approach that will satisfy both stakeholders, there is a way to find a balance between security and productivity.

As the keeper of policy enforcement and procedure regarding the use of cloud file share and sync applications, Data Guardians transform how businesses approach collaboration and mobility. Gone are the days of banning devices completely – IT now needs to empower users to work the way they want to work, while providing secure enterprise alternatives to consumer applications that enforce policy and keep sensitive information secure.