The BYOD Rollout
CIOs are stuck between a rock and a hard place as demand for cloud applications and flexible mobile device programs have become the norm for most organizations. How do regulated industries such as finance and healthcare navigate these dangerous waters? Cloud and mobile are inseparable trends – cloud apps are built to enable access from any device and most have a mobile application component. With the traditional approach to BYOD security (mobile device management and mobile access management) IT can’t control data flows or wrap cloud apps on unmanaged devices.
IT no longer owns or manages the apps, the devices, or the underlying network infrastructures, yet is still responsible for securing sensitive corporate data. A new approach is needed, a data-centric approach to security built for this new way of doing business. Data-centric security enables enterprises to adopt the cloud apps that their business needs, securing corporate data anywhere it goes—from cloud to device. This article will discuss some of the challenges organizations face in securing BYOD and the cloud and the importance of data-centric security for controlling data flow to the device.
MDM is not working due to privacy concerns
According to a cloud-based analysis of real-world traffic data from 113,000 organizations and more than 20 industry verticals, cloud application adoption across all industries increased more than 71 percent in 2015. Cloud adoption in regulated industries experienced stronger-than-anticipated growth, up from 15 percent in 2014 to 39 percent in 2015.
Based on two surveys examining 2,242 end users and mobile security administrators, a little more than a third (36 percent) of enterprises use MDM solutions. Only nine percent have deployed MAM. For some, the solution has been to gamble with their security. 28 percent of organizations are doing nothing to protect corporate data on mobile devices. 57 percent of employees, and 38 percent of IT professionals are choosing not to participate in their company’s BYOD program because they don’t want their employer’s IT department to have visibility into their personal data and applications.
How a data centric approach provides security as data travels from cloud to device
Data centric BYOD security solutions work entirely in the cloud – with no agents or software installed on the end-user’s device. By proxying traffic between BYOD devices and corporate apps, these solutions are able to embed security into the data itself, eliminating device and operating system dependencies and alleviating employee privacy concerns.
In a cloud app context, these solutions apply controls in three main areas:
- At Access—Data centric BYOD solutions allows you to quickly define group and location-based access control and data leakage prevention policies, putting you in control of who, what, where, and when employees access cloud apps from any device. For example, you might want to provide full access to Office 365 from corporate-owned devices, but email only (no OneDrive file sync) from employee-owned devices.
- On the Device— Secure mobile data without installing MDM software on mobile devices or tracking employees’ personal information. These agentless solutions enforce security policies like PIN code and encryption, and if a device is lost or stolen or an employee leaves the company, you can selectively wipe corporate data. Unlike MDM/MAM, data-centric mobile security has no OS dependencies and works across cloud apps, such as Office 365 and on-premises apps like Exchange.
- In the Cloud— Many employees will share corporate files to their personal accounts in order to access data from personal devices. Data-centric solutions provide visibility and control over external sharing to control this unexpected form of BYOD access.
What data centric means for regulated industries
Data-centric security allows regulated industries to adopt BYOD and the public cloud without running afoul of compliance mandates. It provides policy-based controls for risky activities like external sharing and BYOD download and sync, ensuring that regulated data doesn’t unnecessarily make its way outside the company. Detailed transaction logging possible with data centric solutions provide detailed visibility and audit trails across all cloud applications, so that audits and investigations are a breeze.
Moreover, independent professionals, such as healthcare workers with multiple hospital affiliations are able to participate in BYOD, even if they don’t want IT to manage their device. Data on lost and stolen mobile devices is protected via OS-level encryption, PIN requirements and remote wipe capabilities.
Organizations are rapidly migrating to cloud applications and must securely enable BYOD access to these apps. Traditional BYOD security methods (MDM/MAM) haven’t been able to adapt to the unique challenges of cloud applications. Data-centric solutions represent the path forward for BYOD in the enterprise, future-proofed for the move to the cloud.
By Rich Campagna, VP Product, Bitglass
Rich drives product management at Bitglass. Prior to becoming an integral team member at Bitglass in April 2013, he was senior director of product management at F5 Networks, responsible for access security. Rich gained valuable experience in product management and sales engineering at Juniper Networks and at Sprint before working at F5.