The epic account hack of Wired Journalist Matt Honan has been talk of the town. I can recount stories of employees putting their organization's reputation at risk through negligence, but never realized how easily our digital lives could be threatened. This incident serves as a good reminder of smartphone best practices, and the importance of data backup and encryption. It has also raised questions about the security of data in the cloud. Are cloud-based services well-understood? Are they worth the risk? Do they decimate data security?
Within the past decade, cloud-based solutions and services have gained popularity for their access via the Internet. This blessing has turned to a curse in mobile environments where the end users or mobile workers do not practice safe methods for accessing their data and leave open security holes for the cyber criminals to exploit. A worker’s careless attitude or negligence only adds more complexity to an enterprise’s environment.
As cloud services continue to develop and bring your own device (BYOD) spreads its wings, how should organizations shape their strategy for managing their mobile workforce?
Creating a self-service system
Cloud-based services in the mobile world have allowed enterprises and vendors to take computing to a new level by allowing seamless navigation of data from the cloud to the devices and vice-versa. Today’s workers are connected to their colleagues at work even from afar. However, enterprises must deploy strategies that grant IT control over endpoint connectivity, supplanting the existing reliance on end-users to do it themselves. Unsecured connectivity choices such as public open Wi-Fi hotspots only exacerbate data security problems.
Protecting data on mobile devices
With the inception of mobile devices, the mobile workforce is a growing community in many enterprises. No doubt, the devices house both personal and enterprise sensitive information. Thus, maintaining visibility and protecting the data on the device is an important deliverable of a mobile cloud management strategy. If the device gets lost and the sensitive data is leaked, the mobile device management (MDM) tool must allow IT to track it and perform a remote wipe of the device.
Stemming from the fear of losing all personal data contained on the device, some customer forums have denounced the remote wipe feature and discouraged employees from enrolling their device in their organizations’ MDM solution. It is the responsibility of business executives and IT management to educate their employees on the ramifications of bypassing enrollment. This conversation should include an explanation of content management strategies for securing and retrieving their personal data in case of any mishap.
Controlling the enterprise mobile app ecosystem
Cloud-based services such as Google Docs, Dropbox, Sky Drive, Pocket Cloud have empowered employees to remain connected with their colleagues at work and access corporate resources anytime, anywhere. But unmonitored download activities can also act as a gateway for malware and other phishing attacks. Thus, along with protecting the device data, having visibility and control of the mobile app ecosystem is useful in an efficient mobile cloud management solution. Another strategy is to customize or create in-house thin applications that pull out only the required data from the cloud.
Defining a policy for your mobile ecosystem
Another curative mobile cloud strategy for enterprises is to deploy a transparent policy management system that monitors the behavior of their mobile workers. As users continue to use services to upload their phone data to the cloud, IT admins must conduct a risk assessment of their landscape and form a mobile strategy that includes data leak protection, data backups across devices and servers, corporate communication over a secured tunnel, two-factor authentications between devices and corporate resources. IT administrators must deploy mobile device policies to:
- State the type of content eligible for storing in the cloud
- Monitor the type of data being uploaded into the cloud
- Define which enterprise applications may be accessed from the cloud
- Deny data access to former employees
- Enforce data encryption on the mobile device
If you run your IT systems from and within the cloud, it is highly recommended that you deploy tasks for creating mirror images of the enterprise data residing in the cloud.
Managing data access costs
For a good return on investment in cloud-based services, it is important to control access costs incurred by mobile workers. For example, if a mobile worker is an area where he has 3G service as part of his data plan and ends up using a paid wireless connection, it could lead to an unreasonable increase in spending. Thus, it is important to carefully monitor and control the investment in data plans. One of the curative approaches is deploying a mobile expense management (MEM) solution that provides relevant notifications to a mobile worker of the different data access options he has for a given location and suggesting the best access option.
Reliable cloud data security can be instituted with careful planning and investment. What is your enterprise mobile strategy for monitoring cloud data security? Please share your experiences and challenges with mobile cloud data management.