In my last blog I talked about data leakage and the 3 things you need to do to prevent your company’s sensitive data from being lost. After all, some things just shouldn’t go viral. In this final piece of this blog series I’ll be discussing lost mobile devices.
BYOD is the way the modern world does business. It not only allows for companies to operate at the speed of life, but for employees to remain insanely productive. Doctors use their devices to access PHI data from their hospitals and financial analysts download customer data onto their mobile devices during business travel etc.
Here’s an interesting piece on Forbes that addresses the “Evolution of the Employee” with BYOD being a crucial piece of it.
Now, what happens when an employee loses their device?
The Hole – Mobile Device Security (MDM is not the answer)
Since cloud apps allow for the availability of any data, from anywhere, on any device there are some fairly obvious security concerns. Cloud apps can’t determine whether or not a device is company managed. Companies need a way to manage security in a BYOD world, especially if these devices run the risk of getting lost.
Several companies (and hospitals) have begun using MDM (Mobile Device Management) solutions. But these solutions ask for complete control of employee devices, plus you can only have one MDM solution per device. That means visibility into all texts, all emails, ALL applications. No one wants big brother looking at his or her personal conversations. And to top it off, if an employee leaves, their entire device is often wiped of all data – company AND personal (since MDM solutions cant differentiate between the two). Yup, back to the factory settings you go.
To the doctors who have to balance work between multiple hospitals, you can only have one MDM solutions per phone. That means that only one of your hospitals can protect their data on your device. Not very effective.
The Fill – Clientless Selective Wipe
For companies coming to grips with BYOD, you need a way to protect against lost or stolen devices, or when an employee leaves the company. Look into using a solution with clientless selective wipe.
You will be able to protect your data without asking your employees to install software on their individual device or invading their personal privacy. The feature also differentiates between company (Office 365, Salesforce, Box and Dropbox) and personal data (Twitter, LinkedIN, Facebook, personal email etc.) on a device. If a device is lost, simply access the solution portal and wipe all corporate data on the device. Pretty cool stuff.
I hope you enjoyed the series! We encourage you to engage with us @Bitglass and subscribe to our blog!