CIOs are stuck between a rock and a hard place as demand for cloud applications and flexible mobile device programs have become the norm for most organizations. How do regulated industries such as finance and healthcare navigate these dangerous waters? Cloud and mobile are inseparable trends – cloud apps are built to enable access from any device and most have a mobile application component. With the traditional approach to BYOD security (mobile device management and mobile access management) IT can’t control data flows or wrap cloud apps on unmanaged devices.
IT no longer owns or manages the apps, the devices, or the underlying network infrastructures, yet is still responsible for securing sensitive corporate data. A new approach is needed, a data-centric approach to security built for this new way of doing business. Data-centric security enables enterprises to adopt the cloud apps that their business needs, securing corporate data anywhere it goes—from cloud to device. This article will discuss some of the challenges organizations face in securing BYOD and the cloud and the importance of data-centric security for controlling data flow to the device.
According to a cloud-based analysis of real-world traffic data from 113,000 organizations and more than 20 industry verticals, cloud application adoption across all industries increased more than 71 percent in 2015. Cloud adoption in regulated industries experienced stronger-than-anticipated growth, up from 15 percent in 2014 to 39 percent in 2015.
Based on two surveys examining 2,242 end users and mobile security administrators, a little more than a third (36 percent) of enterprises use MDM solutions. Only nine percent have deployed MAM. For some, the solution has been to gamble with their security. 28 percent of organizations are doing nothing to protect corporate data on mobile devices. 57 percent of employees, and 38 percent of IT professionals are choosing not to participate in their company’s BYOD program because they don’t want their employer’s IT department to have visibility into their personal data and applications.
How data centric approach provides security as data travels from cloud to device
centric BYOD security solutions work entirely in the cloud – with no agents or software installed on the end-user’s device. By proxying traffic between BYOD devices and corporate apps, these solutions are able to embed security into the data itself, eliminating device and operating system dependencies and alleviating employee privacy concerns.
In a cloud app context, these solutions apply controls in three main areas:
Data-centric security allows regulated industries to adopt BYOD and the public cloud without running afoul of compliance mandates. It provides policy-based controls for risky activities like external sharing and BYOD download and sync, ensuring that regulated data doesn’t unnecessarily make its way outside the company. Detailed transaction logging possible with data centric solutions provide detailed visibility and audit trails across all cloud applications, so that audits and investigations are a breeze.
Moreover, independent professionals, such as healthcare workers with multiple hospital affiliations are able to participate in BYOD, even if they don’t want IT to manage their device. Data on lost and stolen mobile devices is protected via OS-level encryption, PIN requirements and remote wipe capabilities.
Organizations are rapidly migrating to cloud applications and must securely enable BYOD access to these apps. Traditional BYOD security methods (MDM/MAM) haven’t been able to adapt to the unique challenges of cloud applications. Data-centric solutions represent the path forward for BYOD in the enterprise, future-proofed for the move to the cloud.
###
By Rich Campagna, VP Product, Bitglass
Rich drives product management at Bitglass. Prior to becoming an integral team member at Bitglass in April 2013, he was senior director of product management at F5 Networks, responsible for access security. Rich gained valuable experience in product management and sales engineering at Juniper Networks and at Sprint before working at F5.