‘Work-life balance’ is not a new word for us. When it applies to IT, it is known as IT Consumerisation. Yes, you got it right! IT Consumerisation is about maintaining the subtle balance between personal and commercial use of tech gadgets and applications. These days, we witness the influx of personal handheld devices into the enterprise as entrepreneurs strive for leveraging the benefits of mobility, but this IT consumerisation trend has caused mobile security concerns like loss of data and privacy breaches for companies and users.
Let’s elaborate on some of the most important mobile security concerns related to consumerisation along with their solutions:
Today’s Internet-savvy workforce has brought a drastic change in the traditional model of company-controlled computer systems by using personal iPhones, iPads, and Android devices into the enterprises. On one hand, anytime, anywhere access to critical company data has increased the productivity, and on the other hand, it has posed a great security risk.
Personal mobile devices are easy to use and lose for the employees, which has kept IT security professionals on their toes and has made entrepreneurs to think again about their mobility policy.
A secure enterprise-ready smartphone, capable of meeting business needs, is a story from the past. Nowadays, we have employee-owned smartphones and tablets that offer the least support for existing IT policies of the company.
The security threats also include mobile malware and malicious mobile apps while implementing IT Consumerisation concept in the company.
Organisations can come up with a minimal acceptance criteria to embrace personal devices in collaboration with an IT department. Device type and OS version can be included in the preset criteria. If any device fails to meet any of the criteria mentioned, the company can block network and system access for the device. Even better, companies can set a policy for offering limited access to high-risk devices.
Loss Of Data
Mobile devices are more vulnerable to lose or stealing. A device with access to business data becomes a great cause of concern when it falls into the wrong hands. Apart from the most obvious data loss, the company may face the consequences of data leak.
Many of the consumer-grade devices, these days, have features like passcode locks, encryption of data, and remote wipe capabilities to address this concern. Also, employers can use Microsoft ActiveSync policies to prevent access to corporate email and other sensitive data from devices that have no passcodes or encryption along with sending a remote wipe request.
IT has also come up with advanced Mobile Device Management (MDM) system, mobile security provisioning, and ongoing enforcement to prevent data loss.
Ongoing monitoring is necessary to avoid any attempt of changing passcodes or inactivity timeouts for personal gain. Employees may remove a few IT-imposed restrictions like re-enabling app installation from unofficial sources that can result in appearing of adware or malware. In a way, ensuring compliance is becoming a big issue for the companies.
Enterprises can enroll every mobile device in MDM tools to monitor it while enforcing compliance. Many MDM tools can find out any malware carried by required applications. Such tools can protect corporate data in the event of non-compliance.
Personal Data Protection
Employees would not mind IT-defined mobile security policies, but they are concerned about the safety of their personal photos, contacts and applications as their devices are linked with the enterprise network.
Nowadays, mobility management tools are designed for better segregation between personal and business data on personal devices. Such tools offer dual advantages to the company: One, safety of business data and two, prevention of personal information of employees from leaking.
For example, ‘enterprise-wipe’ feature is now supported by most of the MDM tools for removing only MDM-installed setting and applications. This feature eliminates the requirement of remotely wiping the device.
Also, the IT department can put enterprise data in an encrypted data container, thereby removing the requirement of giving remote wipe permission.
It is not easy to implement ongoing IT monitoring in enterprises because employees may find it annoying. It is particularly true that IT monitoring includes logging personal communications or off-hours location tracking.
Employers can seek the consent of all the employees regarding mobile security policies and give them assurance of not using information gathered from mobile devices. Employers can also opt for enabling location tracking only in the case of stolen devices. The employee’s privacy needs to be given utmost importance, and the IT department should avoid unnecessary querying or logging their activities.
As more and more enterprises jump on the Consumerisation bandwagon through embracing mobility concept, it is necessary to address the above-mentioned mobile security concerns for achieving optimum results while winning the trust of all the employees.
IT administrators and employers should have a full understanding of the critical corporate data stored and accessed by employees in mobile devices for effective implementation of security measures.