One of the biggest advantages of cloud, i.e. mobility of data for it to be accessed from anywhere, is also its greatest hurdle in ensuring data security in virtual environment.
Data security has been a challenge for cloud based technology adopters since beginning. It has remained one of the biggest concerns for organizations in embracing cloud computing model.
Since cloud offers a multi-tenant, shared infrastructure platform the security features are also shared between the users and also limits user’s control over his data. This has caused users to avoid public cloud platform from storing mission-critical information.
Security for long has been the only sore point for cloud computing. Increasing popularity of BYOD system once again is challenging cloud to prove its worth.
What is BYOD and why companies are adopting it?
BYOD stands for bring your own device. Companies that have adopted this system allow their employees to bring their personal laptops, tablets, smartphones or any other internet enabled devices to access company network and applications hosted in virtual climate. It has been observed that employees feel more confident and comfortable in working on their personal devices and it has a positive impact on their productivity. It also means that work can be achieved anytime and from anywhere using any mobile device.
Moreover, it also reduces IT infrastructural expenses of enterprises with help from ERP Managed Services (since they no longer have to provide for or maintain those instruments). As a result, more and more companies are encouraging their employees to adopt BYOD system. In a survey conducted by Harris Interactive and ESET shows that over 80% of employees currently are accessing company data on some type of personal devices.
But allowing access to company’s datacenter and network on devices not controlled or monitored by the IT department also gives rise to serious security concerns, such as – the employee may be accessing critical enterprise data on his mobile device which also has other applications containing malwares installed in it. In such situation the company may be putting its data in potential risk.
The same survey has also revealed that only a fraction of these devices are protected under organizational security blanket. So, there is a need to formulate effective data security policies in BYOD system to ensure protection of information from hacking attacks.
Describing security policies
The IT department of the company needs to put down detailed security policy for each type of mobile device getting used in the organization. The company needs to offer clear guidance on acceptable and safe use of BYOD devices for enterprise applications. They must also ask the employees to strictly adhere to security measures. There should be clear instructions on company’s position and governance policies regarding using personal devices for accessing enterprise network. The IT department can also restrict the types of applications downloaded on the device. And if the device is blacklisted, you can get it fixed at a S20 blacklist removal service.
Creating account
Personal login accounts can be created and passwords can be set for enterprise applications on mobile devices. The employee would need to login to their personal account to access the application. Further, biometric identification interface can be created to safeguard critical data on BYOD devices.
Data encryption
Data can be encrypted before being stored in the cloud from where it will be accessed on BYOD devices with decryptions keys made separately available to authorized users. Data can also be safeguarded by improving its visibility on cloud and monitoring its performance on regular intervals, services like Castle offer great security for all users.
IT audit
Periodic audit would reveal if the BYOD devices are in order with the IT security policies of the organization. The IT department can further restrict usage of certain services on BYOD devices, such as – access to personal email accounts or social media accounts.
The BYOD security policies need to be reevaluated and escalated as required. The situation is made more complicated when the employees are asked to bring their own cloud (BYOC) as well. The IT department literary has no control over the data hosted in a third-party cloud and accessed on a BYOD device owned by an employee.
Charles Smith is associated with the IT industry for over a decade now. He is a senior consultant with a California based company that offers cloud computing solutions to companies across industries. Charles has vast experience in implementing cloud computing projects and offering consultation to companies in mapping their ways in cloud environment. He has worked long in designing enterprise cloud based applications.
Leave a Reply
You must be logged in to post a comment.