BYOD – bring your own device – is the subject for Ian Lowe, pictured, senior product marketing manager, Identity Assurance, HID Global. He writes of securing mobile devices with encrypted zones.
Increasingly employees are bringing their mobile devices into the corporate environment, which has resulted in organisations re-evaluating and re-assessing their IT support in order to establish trust in employees’ user identities and grant access to corporate resources and cloud applications. Indeed, the mobile landscape is changing every day; new devices are introduced and mobile platforms are evolving at such a rapid pace that it is challenging for organisations to keep up. Recent research from Forrester demonstrated that 60 percent of corporate data breach incidents are down to unwitting employees, whether through ‘inadvertent misuse’, loss or theft of resources. To effectively enable access via all personal mobile devices, organisations need to implement a conducive solution that enables them to take full advantage of the cost-savings BYOD brings, but in parallel does not open up the organisation to unnecessary security risks.
With employees demanding the same quick, easy and convenient access to resources at work, with the same devices and tools they are used to having in their personal lives, mobile devices are becoming a highly attractive target for cyber criminals. Against a backdrop of increasing mobile malware, advanced persistent threats (APTs) and highly motivated and sophisticated attackers, enterprises must be able to secure mobile access – it cannot be the weak link.
In tackling this issue, one solution is implementing separate areas, or secure zones inside a personal mobile device. The concept of creating this encrypted zone, allowing corporate data to reside in an area separate from personal data on the device, enables organisations to maintain control and limit the interaction between both areas. Managing multiple identities over a swathe of devices can quickly descend into management chaos, therefore creating secure areas serves to establish a separate partition between personal and business information. Importantly, the parameters of this zone can be drawn and redrawn by the policy-makers based on a behavioural understanding of each user in the identity database, which can ensure a more consistent and secure user experience. The employee can also be assured that their personal data is protected and will not be erased should they leave the organisation.
By clearly demarcating the data available, employees are able to securely and efficiently access the corporate information available without frustrating them or decreasing productivity through laborious authentication processes. Compartmentalising and ring-fencing access to data into a designated zone and further pre-determining the conditions under which a user accesses what information from where, ensures not only security and operational peace of mind, but compliance in an environment where borders are blurred.
The influx of personal devices in the workplace is not something that can be easily stopped, and nor should it be. As such, buffering a policy of separate data and application zones, combined with a layered secure access and authentication approach, can serve to offer an organisation true end-to-end mobile security and prevent the risk of data leakage. Corporate resources are no longer residing behind the traditional security firewall, therefore taking equal account of people, property and assets enables organisations to be much more organised when managing user identities and access privileges in the workplace. Of course, due to the diversity of employees and the large number of devices in use to access business data, a one-size-fits-all approach to data security is often neither possible, nor indeed practical. A solid security policy must therefore be built on determining exactly who is accessing the information and whether they have permission to do so.
The increased impact of BYOD as a mechanism of accessing corporate data in the work environment means that securing the corporate network outside of the office is an ever increasing priority. Organisations need to mitigate the risk of today’s security threats, while still enabling employees to use their mobile services to conduct business and maintain compliance with relevant regulations.
Adopting a practical policy that implements separate zones for corporate data and applications can become central to the security of the business as a whole. This approach is beneficial for both the employer and employee – employees are able to access systems and information when it is convenient for them without risking their own personal information, while organisations are reassured that their confidential data is as secure as it possibly can be. “Zoning data” not only reduces the risk of a data breach, but provides businesses with an effective way of balancing growing employee demands with security and regulatory standards.
