ITDMs worldwide need to address the challenge of an increasingly heterogeneous workforce that use an array of devices accessing and storing data. Add to the mix the reality that employees are handling data that is confidential and often subject to industry or governmental regulations. In the IT manager’s ideal world, no data would ever leave the office, therefore making the job of securing this data all the more easy. However in the real-world, the situation is more complicated.
The mobile workforce in the UK keeps rising – from at least 30 per cent in 2012, to an expected rise of at least 50 per cent in 2013. Today’s professional worker is called upon to work anywhere, any time, and, increasingly, on any device.
And yet, a 2013 survey of IT decision-makers in the UK, undertaken for Imation by Harris Interactive found that trust in data security drops significantly the moment the data leaves the building. When UK IT decision-makers were asked if they were confident that the data accessed by employees was protected from loss or theft:
- 73 per cent said they were ‘extremely confident’ or ‘very confident’ that data was protected when workers were in the office;
- 60 per cent said the same for when employees are working from home;
- 52 per cent had that level of confidence in their data security when workers are ‘on the road’.
Narrowing the confidence gap
How do we bolster trust in data security, whilst not complicating the user experience? The solution is a combination of policy and technology. Organisations must establish policies and a culture of security in how they work, especially outside of the office. Further, the technology tools must be put in place to enable flexibility for the user with the control and visibility that IT requires.
What is the root cause of this lack of confidence and how can it be resolved? In our experience, even in situations where secure network access is in place, IT decision-makers often lack visibility and control over the technology being used by the remote worker. For example, USB flash drives and hard drives are nearly always at hand – the Imation survey found that 88 per cent of UK IT decision makers reportedly allow external hard drives and 79 per cent permit flash drives. This makes sense: USB devices are an easy and convenient way for carrying data to and from work, or exchanging large files between devices. But although convenient, USB devices do propose a significant risk of data loss or theft.
To reduce the risk, the solution is relatively simple: supply mobile employees with hardware encrypted devices that can be managed centrally by IT, and can even be remotely disabled if lost or stolen. An encrypted memory stick can be used with the same ease as an unencrypted device. It is also possible to include software to automatically avoid transferring viruses and malware between machines. Most importantly this approach provides peace of mind for the IT team and can be applied to workers in the office or working remotely.
The ability to enforce security policy is critical. Management systems can be used to monitor, set and enforce policies across the company, down to departments and even individual users. At the same time management software can also track and monitor what devices are permitted and what data is downloaded.
Secure transportable workspaces
One approach to security for the remote worker or traveller is supplying a secure corporate computing workspace that an employee can take to multiple host devices. Many organisations are looking at portable workspaces like Microsoft’s Windows To Go, that provide a fully functioning Windows 8 Enterprise workspace, booted from an IT managed, hardware encrypted USB drive. Crucially, this ‘PC on a Stick’ idea provides the same experience as the in-office desktop, while all corporate data is kept separate and secure on the certified USB stick. Using Windows To Go, a business could potentially "go BYOD" at a fraction of the cost of deploying notebooks to every worker.
The right policies must be in place
Technology is an enabler of security, but it takes people to make it work. If the technology for gaining network access, sharing and transporting files is easy, seamless and secure, it will be successful. The key to strengthening security is prevention. Fortunately, businesses are getting the message. The Imation survey found that a reassuring number of UK IT decision-makers report that they have a mobile device usage policy in place and it is enforced – 90 per cent.
Any organisation considering mobile workspace solutions for its workers must make security an integral and seamless part of the offering. Solutions should be matched to the worker computing environment and incorporate the flexibility required to address the reality of the modern dispersed workforce. Providing consistency and familiarity of experience is essential to ensure remote employee productivity. Only then can IT professionals have a greater trust in security, wherever their workers are working.
Nick Banks, head of EMEA and APAC at Imation Mobile Security