Secure Your Data, Not Your Devices

nec-byod-secure-dataThe increasing prevalence of mobile data has resulted in great security concerns for enterprises operating on multi-device systems, or with a Bring Your Own Device (BYOD) policy in place. It is challenging for businesses to decide whether the greatest value is in securing the devices that data is delivered to, or securing the data itself through methods such as Mobile Device Management (MDM). Mobile devices usage is highly favorable to end users in terms of access and convenience, but IT managers and CIOs cringe at the thought of the security risks associated with mobility and allowing sensitive data to be retrieved from virtually anywhere, any time. According to the Cibecs/IDG Connect 2012 Business Data Loss Survey, 60% of IT and executive management professionals do not feel their data is completely secure. Whereas existing security measures may suffice for company-owned and controlled devices, it is in the company’s best interests to implement new levels of control on employee devices not controlled by IT to ensure maximum data protection as opposed to device protection.

If you’ve heard that securely controlling data transmission is not possible without enterprise ownership of the device, we’d like to show you otherwise. The following examples of mobile data security best practices can give you an idea of what protocol to follow in securing data across your network and devices.

Thin Client

Thin client policies apply to both smartphones as well as tablets, and include OS streaming, hosted desktop virtualization and workplace virtualization. Sensitive information is processed centrally and remote devices can access this data through thin-client terminal applications using network access only. A major benefit of thin-client operation is that information does not leave the server and can only be accessed by an authorized end user. If the authorized user becomes restricted for any reason, access is immediately revoked, with the potential for a remote wipe of the entire device if company policy dictates. This strategy can ensure further security by implementing strong authentication policies, which limit actions such as host copy-and-paste operations and screen capture in addition to controlling data and file transfers. Internal and client contact data may not always be considered eligible for company security policies. In cases such as this, a thin-client data source with applied security is an ideal solution, as it ensures a contact database stays with the company rather than the phone when the end-user leaves the organization.

Mobile Thin Client Management

Mobile thin client management allows users to control which devices are permissible for company use, thereby restricting data access points. Perhaps the most beneficial feature of this strategy is that thin devices can be remotely wiped. Smartphones and similar devices may have limiting features, such as size, processing power and storage capacity, whereby only restricted data processing can occur. Where thin devices can only keep limited amounts of data, they have the unique capability to replicate data and store master copies within specified datacenters.

When implementing the thin device strategy, companies can still control security of these devices by employing mobile device platforms or other management applications, enabling security policies regarding backup and compulsory data encryption.

Protected Data

The aforementioned strategies focus on protecting data processing environments, but how can you protect your data directly? The Protected Data method guards the data at the source rather than the endpoint, ensuring the safety of data regardless of its location. Enterprise rights management and other such technologies directly embed access rules into documents by way of cryptography. With this method, the rules are applicable to documents regardless of location or device, allowing effective security measures for multi device environments.

This pattern also allows for “detecting, logging, and blocking” data that leaves enterprise premises. Having the capability to follow the transmission of sensitive data provides the benefit of understanding the speed and direction of information transfer and flow.

In addition to applying these strategies to mobile device environments, make sure users are aware of potential security threats and how to avoid them. In addition to securing information, users should be sure to secure the many popular applications that smartphones have. Educating users and emphasizing the security risks on their personal mobile devices can make corporate policies much more effective; by demonstrating that there is a significant and known threat to users’ personal information as well as company information, users are more likely to adhere to corporate controls. This provides a win-win scenario, protecting users’ personal info while also protecting your corporate data.

Top Concerns When Creating a BYOD Policy

nec-byod-policyThe Bring Your Own Device (BYOD) trend has faced an uphill battle for adoption due to the issue of effective policy implementation.  BYOD offers employees the luxury of working with devices they are most familiar with and can foster a more productive and collaborative environment, but these benefits must be balanced against the inherent dangers of uncontrolled devices having access to your data and network. When implementing a BYOD policy, special care needs to be taken to ensure existing company goals are not compromised. An effective, comprehensive BYOD policy will promote collaborative solutions for executives, IT staff and workforce users, but must take into account the following policy concerns:

1. Security

According to Gartner, the number one concern for potential BYOD policy implementation is security. The transition from company-issued devices to personal devices requires strict guidelines defined in your security policies. Protecting communications, monitoring data usage, and addressing privacy matters are imperative measures to take. Updating and executing data encryption methods, using SSL or HTTPS for example, will ensure secure data transmission. Archiving and recording methods should also be implemented in complying with company regulations, as well as increasing overall security.  BYOD systems can attain the same level of security (or even greater) as before implementation if optimal software services are put in place.

2. Support and System Administration

With multiple personal devices operating on company premises, support and system administration policies must be established. By instigating single-point administration, changes can be replicated smoothly across users within the enterprise. To reap the full benefits of your Unified Communications platform, it is essential to enhance support for administration as well as end users. So how can you do this? First, select a platform that allows easily accessible support, either by in-house IT staff or from your chosen support provider. It is also beneficial to define clear user roles to identify specific support and administration options that are available according to the user’s responsibilities and position.

3. Device Choice

When determining your device policies, of course you’ll have to determine which devices are allowed, which ones aren’t, and why. It is also helpful to get feedback from employees during this process. You can analyze employee preference by survey, asking such questions as “what devices do you already own?”, “are they compatible with baseline security/support features?” It is helpful to be familiar with the operating system, hardware and other specifications of the various devices and device types. In the future you may want to leverage this knowledge to lay the foundation for assessment of additional devices and technologies. Feedback from employees will also help keep your IT team up to date with changing devices as the consumer market changes.

4. Monitoring Usage

Whether your business adopts a formal BYOD plan, such as implementing a BYOD policy solely for senior-level executives, or creates a more informal plan which permits all employees to use personal devices, it is imperative to establish usage guidelines. One way you can do this is to develop a list of guidelines that establish binding agreements for employees to adhere to so that you protect and ensure the safety of sensitive corporate data. This way, if employees want to use their own devices, they will agree that the device, including their personal data, could be remotely wiped if it’s lost or stolen. It should also be clear that it is their responsibility to back up any personal information they don’t want lost in that eventuality. Appropriate termination polices should also be in place, acknowledging that all company information will be permanently deleted upon leaving the organization. It may also be beneficial to establish a mobility committee to create and monitor the success of policy goals.

How Unified Communications Can Help

Unified Communications (UC) can’t take the place of effective and well thought out BYOD guidelines, but it can help keep your company contacts and other data safe and secure when an employee’s device is lost or stolen. With the right UC app, your IT administrator can rest assured that traffic is secure and data loss is prevented with encrypted data en route to any endpoint. What’s more, Unified Communications will allow your company to provide a win-win for employee choice and corporate security. With the plethora of devices available – from iPhone to Blackberry to Android and more – you don’t want to try to support each individually when you can easily provide users all their desktop communications capabilities through a single approved UC app – on the device of their choice. This gives employees freedom of choice on their device and you the peace of mind and safety of managing a user and their network credentials the same way you’d manage their corporate issue desktop. One of the most sought-after features of the app is the added benefit of hiding a user’s mobile number when they make calls and displaying only their corporate phone number on caller ID devices – a single number identifies employees both internally and to your clients. Truly remote working.
With Unified Communications they’ll also benefit from added flexibility and mobility with the following:

  • Corporate presence and IM
  • Click to dial from mobile applications
  • Availability of the UC app from the same app store they use on their personal device
  • Access to corporate directory and resources on the go

While Unified Communications won’t solve all your concerns, it can help alleviate some of the primary security challenges related to BYOD. For more information on how NEC provides the same UC experience across multiple devices click here.

NEC’s Advancements in Facial Recognition

Facial RecognitionLast week we installed one of the coolest demos I have had in the EBC since PaPeRo.  It’s a facial recognition software that can detect your age, race and gender. This demographic information could be used, in a digital signage environment, to present you with targeted advertising based on your demographics.

For the most part the prototype has been pretty accurate. Every once and a while it thinks I’m the age of my parents (must be the reflection from my bald head).  As long as I don’t start to get an ad that tells me I should take advantage of the new SENIOR DISCOUNTS, I’m OK with it.

NEC has been a leader in the biometrics space for over 40 years and recently won a content sponsored by the Department of Homeland Security for the greatest accuracy with facial recognition.  Their False Rejection Rate was 2.1% and False Acceptance Rate was .1%.  I’m still deciding if I should be afraid or excited.

More on NEC’s Facial Recognition

More on the Biometrics Contest

More on PaPeRo

More on the NEC Executive Briefing Center