In order to ensure the security of business documents and data in a bring-your-own-device (BYOD) digital workplace, your organization needs a business information management system in place to delete email and other important business data in the event that mobile devices are lost or stolen. A successful BYOD system uses mobile device technology that provides remote access to the ever-growing list of device types and manufacturers.
Implementing such a strategy requires a sound mobile device management (MDM) plan, as well as the software to support it. Great advances have been made in MDM products recently and many software providers now offer security policies to minimize BYOD risks.
Windows Intune, for example, takes you through a process of enrolling each device before you gain access to company information. Since this enrollment is revocable at any time, it’s a good option for securing business data. A cloud-based systems management platform, Intune comes pre-embedded in the operating system for Windows 8 phones and tablets, such as iPads.
Other MDM capabilities include remote wiping for devices, controlling the applications used on devices and compartmentalizing business content so that the administrator is able to delete it with the push of a button. With Intune, you’re able to restrict Wi-Fi access and ban certain devices and applications. It also takes inventory of what’s being installed on a user’s device, how often it accesses the network and other information, helping to ensure data security and a good BYOD process.
Let’s say that an employee tries to access your network with an iPad, but the tablet contains a banned application that would make it potentially unsafe for business use. As soon as the employee enrolls the device through your MDM, it restricts access until that issue is resolved. MDM solutions also have the ability to limit how BYOD users interact with business information. You might want to allow users to view a certain document, but prevent them from emailing it to others, for example.
But MDM isn’t the only technology that helps lower the risk of document leakage. For instance, consider Information Rights Management (IRM), a concept that’s been around for a long time and is now gaining more traction with the spread of cloud computing.
With IRM, you’re able to attach use restrictions to a file, such as when someone downloads a PDF or Word document. You could use IRM to prevent users from saving a local version of the file, or allow them to view but not print the document. In addition, IRM allows you to track when people view or make changes to the file. IRM is a powerful tool, but not widely used yet. Large corporations primarily use it to make documents available only available within the corporation.
A common way to annotate these restrictions is to tag them in a document or collaboration management system, such as SharePoint. You might use different tags to specify the permission level or clearance level for documents, such as “company only,” “company and client” or “company and investors.”
In the end, no MDM or IRM security system is perfect. While MDM is a good way to set limitations on document use, there may be workarounds, such as taking a screenshot of a document that you’re restricted from saving on your hard drive. Even so, implementing MDM is a big step forward in providing secure business information management.
To learn more about secure business information management for mobile devices, download our free e-book, “Ensuring Document Security In A BYOD Workplace.”
Contributor: Daniel Cohen-Dumani, Founder and CEO at Portal Solutions