BYO security: Three ways to tighten iPad and smartphone access without choking innovation

It's hard to stop staff using their own iPhones and tablets, so make the most of it...

BYO security: Employers can enjoy the benefits of consumerisation provided they mitigate the risks to data

Employers can enjoy the benefits of consumerisation provided they mitigate the risks to dataPhoto: Shutterstock

...get a consistent view of their data?

There is no silver bullet for solving the employer's problem but there are ways of reducing the risks. First, a business must take as much control of its data as it can.

It is possible to secure mobile devices themselves using encryption and host-based, end-point security but there's the problem of device ownership. Installing software on the users' own devices creates licensing and management issues.

For many, a better way is to impose centralised controls - that is, provide a means of accessing data that's easy to use and requires minimal modification of the user's device.

There are three basic approaches. To achieve its goals, a given organisation may need to use one or more of them:

1. Virtual desktops

  • Here, data is not actually processed on the device, but the device is simply an access tool to a desktop that is available anywhere the user can get online.
  • There are limitations with this approach when it comes to smartphones due to screen and keyboard size, but software in this area is improving fast - for example, Citrix Receiver. However, it may still require some locally installed software for some advanced functions.

2. View and update data only

  • Provide access to applications that allow data to be viewed and updated, but not copied. For example, just because you allow employees to read email remotely does not mean the actual content needs to be copied to a device.
  • Such applications can be provided through the creation of corporate app stores that support the range of devices employees want to use and the users can proactively download, providing their consent for installation in the process. This approach is the best way to provide access to corporate applications such as CRM and ERP systems for those on the move.

3. Central document stores

  • Provide direct access to central document stores. Here, with the right products, access can be provided to view files with appropriate caveats. Public domain documents such as market materials can be freely copied and used later offline, while restricted documents can only be viewed online, helping to protect an organisation's digital rights.
  • Some products require no local software to be installed to provide such access. Offerings here include portals such as Microsoft SharePoint or specific file-sharing or back-up services such as Trend Micro's SafeSync and Druva InSynch.
  • Druva InSynch also helps solve the employee's access problem. If the central data store supports access from multiple operating systems, such as Android, iOS and Windows, InSynch gives them access to documents from whatever device they happen to be using.
  • Providing this is a secure service, it also helps prevent another insidious problem. If there is no easy way to use a method for centrally storing documents, then employees may synch their devices using other services - some secure, some less so. Employers may then have no idea where their data is ending up.

Generally speaking, the benefits of consumerisation outweigh the risks, provided those risks are mitigated as far as possible. Employers that are proactive in this area will ultimately find they get more out of their employees, without taking unnecessary risks with their data.

Bob Tarzey is a director at Quocirca, a user-facing analyst house known for its focus on the big picture. Made up of experts in technology and its business implications, the Quocirca team includes Clive Longbottom, Bob Tarzey, Rob Bamforth and Louella Fernandes. Their series of columns for seeks to demystify the latest jargon and business thinking.