TRP: How can enterprise-specific applications help to free up restrictive MDM policies within organisations, and ensure that workers have access to the data they need, where and when they need it, without compromising security?
CG: Some organisations believe that the best way to approach device management is to restrict the freedom of employees in terms of what they use, and how they use it. This, of course, can result not only in reduced productivity, but also an unhappy workforce, which can be hugely unproductive.
Although BYOD poses a number of security concerns, there's no reason why MDM policies should be restrictive, as long as a number of steps are observed.
The key to a secure BYOD-enabled enterprise is having well-managed content, but there are obviously a number of ways to go about this. There are three key security concerns that companies should consider as they navigate BYOD territory…
1. Where data sits and for how long:When data is in motion it's at a higher risk of being hacked, no matter how strong the encryption levels are. Many public cloud solutions constantly sync content between all devices, putting sensitive corporate information at a higher risk of a breach. Also at higher risk for data leakage is public cloud storage, which many companies choose to utilise for mobile access.
Before choosing a solution to support a BYOD program, companies should consider looking at private cloud architecture, so that data is only synced when an employee chooses to sync, and when data is at rest it remains inside of the corporate network.
2. Access permissions: A crucial element of implementing a BYOD policy is establishing how users can access your network from their personal devices. Many companies integrate their LDAP or Active Directories into this process to ensure that only authorised employees are accessing data. For instance, just because a marketing employee can access the network from a mobile phone, doesn't mean they should be able to open HR documentation – all established information access protocols need to be left in place, no matter the device.
3. Authentication methods: Approving any number of new devices to access a network requires updated authentication methods. Whether this is done through a protocol like Kerberos or through password-authenticated key agreements is up to each individual enterprise. Businesses that are especially serious about their security are creating triple-layer architectures so that the web, app and data layers all have their own authentication tokens, dramatically decreasing the risk of data loss, no matter how many devices are accessing the network.