Protecting Corporate Data without Compromising on Experience

Written by

Across the industry, we’re noticing a large number of organisations shifting to a mobile first model, with employees not willing to compromise on choosing their own operating system (OS), apps, and mobile device.

More often than not, these technologies are being used for work purposes without the IT department’s approval and this presents a new set of security issues for enterprises.

This issue won’t just go away. The ‘consumerisation’ of IT has produced an environment in which 44 per cent of employees are willing to use their own apps to get their work done, regardless of the IT policy.

Therefore, the biggest challenge in this new age of data flow is to ensure corporate data remains secure, without restricting access to the hardware and software that employees want to use.

The CIO’s dilemma

CIOs are faced with two options: either continue to restrict the use of unsanctioned IT services, or recognise their popularity and potential productivity benefits and adapt to the new requirements they present.

While the former may be appealing as it offers more control, restricting employee app usage can be likened to a game of ‘whack-a-mole’, as merely locking down one unsanctioned consumer app will prompt staff to simply use another. When you consider that our research found that one in 10 enterprises has at least one compromised device accessing enterprise data, it’s clear that CIOs are already losing an unwinnable battle if they choose to take this approach.

Traditional IT, which restricts users and locks down endpoints, is not meeting the needs of mobile employees, so the CIO mind-set must change to incorporate a more flexible approach. User-friendly mobile technologies need to be seen as productivity tools, not security threats. Only then can IT actually design security policies to support mobile initiatives instead of driving employees even further underground.

A new approach

While the PC model was structured on an open file system requiring IT to put restriction at the heart of its approach, the mobile model is a ‘sandboxed’ architecture. This limits the ability of apps to share data without the right permissions and makes mobile inherently more secure. Security at a mobile first organisation should emphasise responsible enablement, as opposed to restriction.

Personal cloud apps used to store corporate data are a good example, as IT cannot control a personal storage app, but there are now ways to secure the individual corporate files. By separating the security framework from the storage location, corporate files can remain secure regardless of what storage repository the user prefers.

This will help minimise any internal clashes as it allows staff to choose whatever IT service they need while mitigating the potential hazards of unregulated software. It also means that IT is not locked into particular technologies because consumer tastes change quickly and often. Today’s popular app may not be widely used in 18 months.

A new era of IT security

As a result of the shift towards mobile first organisations and the use of consumer apps outside of company policies, a new era is dawning for the role of CIO. While 58 per cent believe that shadow IT could potentially see them out of a job, embracing this new employee focussed approach is the key to utilising new technologies and improving business outcomes.

In this new era, it is imperative the user experience is the primary goal where employees can choose which device, operating system, or app that best suits their needs, and CIOs can rest easy knowing that security hasn’t been compromising compromised.

As W. Edwards Demings wrote: “It is not necessary to change. Survival is not mandatory." But those who do embrace change will have more productive employees and a more secure environment.

What’s hot on Infosecurity Magazine?