Responding to users’ device demands and staying within regulations
With the huge surge in demand for BYOD (Bring Your Own Device) or CYOD (Choose Your Own Device), there are even more compelling reasons to review how you respond to users’ device demands.
If users require mobile access to critical corporate enterprise applications, there is an effort and cost incurred to keep that data secure and compliant. Lost and stolen mobile/laptop stories can result in embarrassing, potentially disastrous, loss of data. Security concerns have given rise to increased activity from MDM (Mobile Device Management) and EMM (Enterprise Mobility Management) vendors – aiming to answer this.
General Data Protection Regulations, embedded in EU law, and the imminent new UK regulations are changing with punitive fines for failure to comply. 2% of global revenues or 10 million Euros is the current level of fine for not notifying the supervising authority of a breach (Article 33); not conducting impact assessments as part of certification (Article 35); or not notifying all data subjects of the breach (Article 34).
If B/CYOD users have and store Personally Identifiable Information (PII) data on their mobile device, this could be argued as a violation of the basic principles related to data security (Article 5). Putting PII data on a mobile device increases the risk of data loss – with a fine of up to 4% of global revenues.
So how to bring some order to this potentially chaotic situation?
If the challenge is how to adequately protect the PII data whilst in transit to the device then you should consider an adequate method of encryption for the data. This secures the data in transit but what about at rest – physically on the device?
This is where complex and expensive MDM/EMM solutions come into play as you now need to think about how to secure this stored data in such a way that it cannot be accessed incorrectly. Imagine triple locking yourself in your office every time you wanted to use your desktop/laptop and you’ll get some idea of the restrictions necessary – and add the cost of paying someone to come and lock you in!
Surely there must be a better way?
There is. Why not avoid all of these risks by not having any data stored on the device? You cannot lose something which isn’t there in the first place. Nor will you have to spend huge amounts of money protecting something which shouldn’t be there anyway.
Hang on a minute, I can hear you say!
- How can I provide C/BYOD access to these most critical systems and data without having any data stored on the device?
- How’s that going to enable my mobile users to continue to work on the move?
- What about all these expensive point-specific mobile app solutions we’ll need to develop?
A NowSecure article in April 2017 stated:-
“As mobile device use continues to grow at the enterprise, so does the volume of mobile app development and adoption — increasing the number of exposure points that could lead to a data breach resulting from a vulnerable mobile app. In fact, statistics from the same Ponemon study on IoT and mobile apps identified similar sentiment among IT security leaders:
- 60 percent of respondents reported a data breach resulting from an insecure mobile app
- 64 percent of respondents are concerned about a vulnerable mobile app in the workplace
To prevent the compromise of mobile apps and the exposure of corporate data, enterprises need to ensure they secure the mobile apps they develop internally and vet third-party mobile apps used throughout their mobile ecosystem.”
Gartner estimates that the average company will need 2,000 mobile apps developed to provide the same functionality as their in-house systems! – won’t they need to have data stored on the device in order to work?
For an alternative and cost effective approach…
EnAML (Enterprise Applications Mobility Layer) is layer of technology between your servers and devices. A layer which means that all data, including PII data, is available and secure because…
- Connects the device in your hand to the enterprise platform.
- Uses existing gateway connections or incorporates VPN connections if required.
- Translates, on demand, the content from your server to a format that can be viewed and interacted with on the mobile device.
- Securely views and interacts with all your content.
- EnAML can interact even if the server was not previously compatible with the device – it is now.
- No data is ever stored on the device. Also, the interaction with server is completely secure and compliant with any Data Protection/Data Compliance requirements.
Read more in this article.
This approach is dramatically less expensive to implement than MDM/EMM mobile development. The user should have the same experience on their device as the desktop because it is connecting directly to their application. Add to that the device capabilities and you can also enjoy custom keyboards, user-selectable gestures and even voice activated data capture into legacy applications.
Productivity and Security
When looking for the solution to allow your BYOD/CYOD users to work productively with even the most critical applications and data and remain fully data secure, include EnAML in your solution reviews.
Now, about the rest of the arrangements for GDPR……………………