Mobile Device and Access Management

Cloud Mobile Device

CIOs are stuck between a rock and a hard place as demand for cloud applications and flexible mobile device programs have become the norm for most organizations. How do regulated industries such as finance and healthcare navigate these dangerous waters? Cloud and mobile are inseparable trends – cloud apps are built to enable access from any device and most have a mobile application component. With the traditional approach to BYOD security (mobile device management and mobile access management) IT can’t control data flows or wrap cloud apps on unmanaged devices.

byod

IT no longer owns or manages the apps, the devices, or the underlying network infrastructures, yet is still responsible for securing sensitive corporate data. A new approach is needed, a data-centric approach to security built for this new way of doing business. Data-centric security enables enterprises to adopt the cloud apps that their business needs, securing corporate data anywhere it goes—from cloud to device. This article will discuss some of the challenges organizations face in securing BYOD and the cloud and the importance of data-centric security for controlling data flow to the device.

MDM is not working due to privacy concerns

According to a cloud-based analysis of real-world traffic data from 113,000 organizations and more than 20 industry verticals, cloud application adoption across all industries increased more than 71 percent in 2015. Cloud adoption in regulated industries experienced stronger-than-anticipated growth, up from 15 percent in 2014 to 39 percent in 2015.

Based on two surveys examining 2,242 end users and mobile security administrators, a little more than a third (36 percent) of enterprises use MDM solutions. Only nine percent have deployed MAM. For some, the solution has been to gamble with their security. 28 percent of organizations are doing nothing to protect corporate data on mobile devices. 57 percent of employees, and 38 percent of IT professionals are choosing not to participate in their company’s BYOD program because they don’t want their employer’s IT department to have visibility into their personal data and applications.

How data centric approach provides security as data travels from cloud to device

centric BYOD security solutions work entirely in the cloud – with no agents or software installed on the end-user’s device. By proxying traffic between BYOD devices and corporate apps, these solutions are able to embed security into the data itself, eliminating device and operating system dependencies and alleviating employee privacy concerns.

In a cloud app context, these solutions apply controls in three main areas:

  • At Access—Data centric BYOD solutions allows you to quickly define group and location-based access control and data leakage prevention policies, putting you in control of who, what, where, and when employees access cloud apps from any device. For example, you might want to provide full access to office 365 from corporate-owned devices, but email only (no OneDrive file sync) from employee-owned devices.
  • On the Device— Secure mobile data without installing MDM software on mobile devices or tracking employees’ personal information. These agentless solutions enforce security policies like PIN code and encryption, and if a device is lost or stolen or an employee leaves the company, you can selectively wipe corporate data. Unlike MDM/MAM, data-centric mobile security has no OS dependencies and works across cloud apps, such as Office 365 and On-Premises apps like Exchange.
  • In the Cloud— Many employees will share corporate files to their personal accounts in order to access data from personal devices. Data-centric solutions provide visibility and control over external sharing to control this unexpected form of BYOD access.

What data centric means for regulated industries

Data-centric security allows regulated industries to adopt BYOD and the public cloud without running afoul of compliance mandates. It provides policy-based controls for risky activities like external sharing and BYOD download and sync, ensuring that regulated data doesn’t unnecessarily make its way outside the company. Detailed transaction logging possible with data centric solutions provide detailed visibility and audit trails across all cloud applications, so that audits and investigations are a breeze.

Moreover, independent professionals, such as healthcare workers with multiple hospital affiliations are able to participate in BYOD, even if they don’t want IT to manage their device. Data on lost and stolen mobile devices is protected via OS-level encryption, PIN requirements and remote wipe capabilities.

Conclusion

Organizations are rapidly migrating to cloud applications and must securely enable BYOD access to these apps. Traditional BYOD security methods (MDM/MAM) haven’t been able to adapt to the unique challenges of cloud applications. Data-centric solutions represent the path forward for BYOD in the enterprise, future-proofed for the move to the cloud.

###

Rich CampagnaBy Rich Campagna, VP Product, Bitglass

Rich drives product management at Bitglass. Prior to becoming an integral team member at Bitglass in April 2013, he was senior director of product management at F5 Networks, responsible for access security. Rich gained valuable experience in product management and sales engineering at Juniper Networks and at Sprint before working at F5.

Cloudtweaks Comic Ai
How AI Is Important for Businesses Shifting to Remote Work The Coronavirus Pandemic has taught us that organizations must have remote work choices. It is no longer possible to work in a digital environment. The ...
JK Chelladurai
Usage-Based Pricing We are now in an era where many businesses are flipping their business model and shifting from subscription-based pricing to usage-based models, to better cater to the modern ‘pay-as-you-consume’ buyer. So what exactly ...
Crozdesk Business Software
B2B SaaS Comparison Platforms B2B SaaS Comparison Platforms are designed for buyers looking for additional information on a particular vendor and service. These sites help ease the complexities for buyers by providing a detailed breakdown ...
Louis
Manufacturers’ Top Demands For Quality Software Competing on product quality has never been more urgent as rising raw material and component costs continue to squeeze manufacturers’ margins. At the same time, unpredictable supply chains make ...
Dinesh Varadharajan
The Future with Automation Many entrepreneurs believe digital technologies will transform the way their companies work. By 2022, the worldwide hyper-automation technology market is expected to be worth $596.6 billion. And by 2055, almost half ...

SECURITY TRAINING

  • Isc2

    ISC2

    (ISC)² provides IT training, certifications, and exams that run online, on your premises, or in classrooms. Self-study resources are available. You can also train groups of 10 or more of your employees. If you want a job in cybersecurity, this is the route to take.

  • App Academy

    App Academy

    Immersive software engineering programs. No experience required. Pay $0 until you're hired. Join an online info session to learn more

  • Cybrary

    Cybrary

    CYBRARY Open source Cyber Security learning. Free for everyone, forever. The world's largest cyber security community. Cybrary provides free IT training and paid IT certificates. Courses for beginners, intermediates, and advanced users are available.

  • Plural Site

    Pluralsite

    Pluralsight provides online courses on popular programming languages and developer tools. Other courses cover fields such as IT security best practices, server infrastructure, and virtualization.