What more can organisations do to embrace applications that are built specifically with the enterprise in mind? Are recent trends, such as the Apple/IBM partnership, pointing to the fact that the use of consumer applications in the workplace is in decline?
We spoke to Claire Galbois-Alcaix, Cloud Solutions Director at Accellion, about these and other issues pertaining to BYOD and BYOA.
TechRadar Pro: To what extent has BYOD, for all that it has enabled workers to be more productive 'on the go', also made enterprises a far less secure environment?
Claire Galbois-Alcaix: Today, employees all over the world have become far more technologically savvy than ever before, and are now demanding the types of mobile solutions from their office that they use in their personal lives.
This includes the ability to use their device of choice, and to utilise productivity enhancing apps to get more done faster. Organisations that don't provide these kinds of solutions for their workers increasingly find themselves falling behind the competition, as their employees will be unable to keep up with the pace of daily activity, and choose to go elsewhere where they can use these tools, impacting the company's bottom line.
The upshot of this is that, along with an increase in the number of consumer devices in the workplace, we've also seen a sharp rise in the number of consumer-focused applications being used within the enterprise.
Let's be clear about this – for the average user, the security of the applications they are using is not a primary consideration. The vast majority either believe that the devices and the applications they use are secure enough for their needs, or that the IT department will step in to prevent them from doing anything that could potentially put sensitive data at risk.
There are even some who are completely ignorant to data security risks, and don't even consider that the use of consumer devices and applications could result in a security breach.
For all of these reasons, many of today's enterprises are a far less secure environment, with some only learning the error of their ways and implementing a sensible mobile security policy when it's too late.
TRP: What are the security risks of employees using consumer-focused applications in the workplace instead of those specifically designed for use in the enterprise?
CG: A security system is only as strong as its weakest link, and there's no doubt that public cloud file-sharing services that are aimed at consumers pose a big security risk. There are a number of reasons for this.
Firstly, many of these applications, such as Dropbox, typically co-mingle data from different customers. While this provides the storage vendor with economies it also reduces the control a customer has on where their data is stored and who has access to that information. Additionally, public cloud providers own the encryption keys to the data housed on their servers, rather than the customer, further increasing the risk of data exposure.
For most enterprise organisations these risks are too great, and they lead corporations and government agencies to select private cloud file-sharing for the additional data protection.
Compliance is also a major issue, and users sharing confidential data, such as financial records, outside the approved and monitored processes defined by the IT department, put the enterprise out of compliance with regulations such as SOX. Users at healthcare organisations can violate HIPAA by improperly sharing patient health information.
Because applications like Dropbox do not integrate with most DLP solutions, it also limits the ability of enterprises to monitor the content of individual files, which can cause them to be non-compliant.