The use of consumer applications on personal devices for work purposes is now commonplace. These apps and devices are many times more appealing and responsive than their enterprise counterparts, but are a thorn in the side of IT and can increase the risk of losing corporate data.
To address issues around security and to mitigate the risk of mobile data loss, IT departments tend to establish policies to restrict company data being stored in personal cloud services, often with little success.
Recent research commissioned by 451 Research indicates that 44% of staff use or are planning to use personal apps for work regardless of company policy. A recent Ovum study supported these findings, revealing that among employees using file sync and share tools at work, only 9% are satisfied with the solution from their IT team.
Employees aren’t intentionally trying to undermine their employers and are often just looking for simpler ways to get the job done, relying on familiar, consumer-facing apps in the process. These may help employees be more efficient, but often operate outside of company policies and the control of the IT department.
These new technologies may be a concern for CIOs, but restricting the use of a popular app will inevitably cause another one to pop up, much like ‘whack-a-mole’, the classic arcade game.
This isn’t a sustainable security strategy and CIOs must instead look to create a system that provides consistent security across personal and professional cloud platforms, allowing employees to use the tools they need to get their work done without breaching company policy. CIOs must address security across the point of access, storage and the wider cloud ecosystem.
Accessing the cloud securely relies on the creation of a protected content hub for every employee’s device, often in the form of a content management app approved by the company, with the ability to connect to all manner of personal and professional cloud repositories such as Dropbox, Google Drive or Office 365.
This app acts as the central resource for employees, allowing them to use it to view, edit and securely share content with their colleagues.
When an employee stores a document in a consumer cloud service, the IT department must protect that document with file-level encryption and traceability. This ensures that any document is secure even when stored in clouds that don’t meet the employer’s regulations.
This system also helps with audits and other activities requiring the history of files, as the file-level protection allows the IT team to track all activity associated with any document.
Keeping the cloud ecosystem secure
We all want a say in the way we carry out our day-to-day activities, so it’s no surprise that staff want to have their pick of apps to get their work done. Employees, however, have varying tastes, meaning that CIOs must secure an entire ecosystem of apps, rather than a select few popular offerings.
Each app must be able to utilise a shared security framework, allowing it to access and decrypt the secure file in the personal cloud without losing the file-level protection outlined above. Such a shared security framework will help an organisation scale its support across the cloud ecosystem.
This level of choice increases workforce satisfaction and productivity as long as the security architecture is invisible to the employee and does not compromise the user experience.
>See also: Nipping personal cloud in the bud
IT is moving from the traditional method of locking-down devices and dictating what devices and apps are suitable for work to partnering with employees to support the services they need to get their work done.
By emphasising choice over restriction, CIOs will find it easier to meet the demands of increasingly tech-aware workforces, while ensuring data remains secure.
2015 is the year for the CIO to define a content security strategy that supports choice so that the personal cloud becomes an asset, rather than a security nightmare.
Sourced from Ojas Rege, MobileIron