Story image

Achieving uncompromising security without compromising privacy

01 Feb 2019

Article by Bitglass APAC head David Shephard 

Today’s employees expect to be able to use their personal mobile devices for business purposes.

This is helpful for the enterprise because allowing staff to perform their work duties from anywhere (at any time) enhances organisational efficiency, flexibility, and collaboration.

However, this approach to working can also be unhelpful since enabling ‘bring your own device’ (BYOD) in an unsecured fashion can introduce a number of security concerns.

While data security needs to be prioritised in the era of BYOD, pursuing it carelessly or overzealously can impede the productivity, freedom, and flexibility that organisations are working to enable.

This is an age where it is critical to achieve comprehensive cybersecurity without invading users’ privacy, hindering their mobility, or impeding their efficiency.

Naturally, this raises a question about how organisations can best accomplish this.

In their quest to protect corporate data on personal devices, most organisations turn to mobile device management (MDM) or mobile application management (MAM).

These security tools require the installation of agents on all employees’ personal devices so that IT can keep an eye on the corporate data on said endpoints.

Unfortunately, in this agent-based approach, all personal traffic on the device is also monitored.

This includes users’ private banking activity, social networking, and a whole host of other information that is irrelevant to the enterprise.

At the outset, setting up and maintaining MDM is a logistical headache.

First, IT teams have to install the software across hundreds to hundreds of thousands of devices – then they have to make sure that all agents are regularly updated and maintained.

This endeavour is hindered by the fact that employees tend to resist agents because they can invade user privacy and harm device functionality.

A recent experiment by Bitglass tested the extent to which an unscrupulous member of the IT team could potentially monitor and control a personal device without the owner’s knowledge. The study found that, by routing traffic through the same proxies used to manage devices, it’s possible to capture any browsing activity and even transmit login details back to the company in plain text.

It’s also possible to monitor outbound and inbound communications, force GPS to remain active to track locations and out-of-work habits, and remotely restrict device functionality.

If an employee were to change jobs, a company could implement a full device wipe, meaning that all data (personal contacts, photos, videos, and more) would be erased.

Times are changing, and people are increasingly concerned about the extent to which their privacy is being compromised.

With the rise of data protection regulations and the constant barrage of breaches in the news, it is sensible that privacy is a concern for both organisations and their employees.

Consequently, it came as no surprise when a study found that more than half of employees choose not to participate in their companies’ BYOD programs because of privacy concerns.

All too often, IT managers are forced to choose between having too much visibility (and invading user privacy) or having weak data and threat protection for BYO devices. Obviously, this dichotomy is not ideal.

Instead of buying into the status quo, organisations must implement a comprehensive, agentless security solution designed for BYOD environments.

These types of solutions are focused on securing corporate data wherever it goes – not locking down the devices that are used to access said data.

In light of the growing employee backlash over agent-based tools in BYOD environments, agentless technologies are more needed than ever before.

Fortunately, with agentless cloud access security brokers (CASBs), organisations can rest assured that their BYOD programs are properly secured.

While employee training and education are key components of any cybersecurity strategy, the enterprise must also leverage adaptive security technologies that can protect the growing number of attack targets (cloud apps and devices) from evolving threats.

With data-centric security, companies can thoroughly defend their sensitive information while still enabling employee productivity and flexibility.

Achieving uncompromising security without compromising user privacy creates a win-win situation for both enterprise and employee.

Thycotic debunks top Privileged Access Management myths
Privileged Access encompasses access to computers, networks and network devices, software applications, digital documents and other digital assets.
Veeam reports double-digit Q1 growth
We are now focussed on an aggressive strategy to help businesses transition to cloud with Backup and Cloud Data Management solutions.
Paving the road to self-sovereign identity using blockchain
Internet users are often required to input personal information and highly-valuable data from contact numbers to email addresses to make use of the various platforms and services available online.
Tech Data to distribute Nutanix backup solution in A/NZ
Tech Data will distribute HYCU Data Protection for Nutanix backup and recovery software to their network of partners across Australia and New Zealand.
Veeam releases v3 of its MS Office backup solution
One of Veeam’s most popular solutions, Backup for Office 365, has been upgraded again with greater speed, security and analytics.
Too many 'critical' vulnerabilities to patch? Tenable opts for a different approach
Tenable is hedging all of its security bets on the power of predictive, as the company announced general available of its Predictive Prioritisation solution within Tenable.io.
Safety solutions startup wins ‘radical generosity’ funding
Guardian Angel Security was one of five New Zealand businesses selected by 500 women (SheEO Activators) who contributed $1100 each.
Industrial control component vulnerabilities up 30%
Positive Technologies says exploitation of these vulnerabilities could disturb operations by disrupting command transfer between components.