Unsecured content, documents and other data on mobile devices can be a huge liability for any enterprise. It's no exaggeration to say that it can be at least as big of a liability as an unsecured website or wireless network!
Unfortunately, the mobile workplace becomes more fragmented and out of control all the time. The adoption of multiple devices running on multiple platforms (Windows, Android, iOS, etc.) quickly leads to “device fragmentation,” which can be a nightmare for IT and security.
In other words, most enterprise-level businesses have all manner of sensitive documents spread across various tablets, laptops, smartphones and other devices using Apple, Windows and various versions of the Android operating system.
How, then, can an enterprise-level organization handle mobile data security in today's multi-device, cross-platform environment? Taking end users (everyone from clerical employees all the way to board members and C-level officers), educating them on how data loss equals dollar loss, and instilling a greater sense of responsibility in them, is a good place to begin.
But, perhaps even more important is to shift away from the old device-oriented, security outlook, and instead focus your enterprise's security efforts on data and content-level security.
The Problems with Device-Centric Security
Due to a whole host of factors, device security is no longer the best way to protect data.
When it comes to mobile enterprise data on smaller devices, administrative attitude is perhaps the worst offender. “We don't keep important data on our phones,” is an all-too-commonly uttered phrase in many organizations. And, while those who say it really do believe it, it's rarely true.
At the very least, most smartphones have access to a wealth of contact data. Most smartphone owners also use an email application that, for the sake of convenience, does not ask them to authenticate their session. This alone can cost a business tens of thousands of dollars—or more—in lost data and lost opportunity.
Security on laptops and tablets tends to be some better; although, many enterprises rely on little more than password-protected user accounts to protect data on these devices. These measures are easy to work around by anyone with a reasonable amount of intelligence and an afternoon to learn the methods—no hacking skills required.
Data encryption is generally the best solution for these devices. But even then, plenty of useful data may be lost or obtained from unprotected folders, and no enterprise can ensure that every single device uses encryption properly. This is true with laptops and tablets, and especially with smartphones.
Benefits of a Data-Centric Security Model
It's important that everyone in your organization understands how costly every device loss truly is and that they do their best to prevent it. The reality is that mobile devices are here to stay in the workplace. They have a momentum that can't be stopped. And since they are inherently less secure and more prone to loss than larger, more robust items, like laptops, they require a different approach to security.
That means that the real game changer comes when the enterprise shifts its security focus from devices to data. Controlling what content is accessed when, where and by whom, is simply a much more manageable solution than trying to control every small device in the enterprise.
A central content/mobile data control solution also equates to much less of a headache for IT. Instead of having to deal with every device and operating system in the enterprise, IT can deal with sensitive data from a single central control panel. That in and of itself can represent significant cost savings and efficiency for any organization.
Central control over all sensitive data also provides a much more airtight security solution. In today's world of public clouds, collaborative tools and mobile devices that frequently wander off, it is a solution that is virtually unheard of; however, it just may be the best security decision an enterprise could make during this decade.