| 22 August 2011
With summer in full swing, employees across the country are heading out on vacation; likely topping their list of items to pack, mobile devices such as iPads, iPhones, Androids and BlackBerries.
Mobile devices are changing how people do business by providing access to information from anywhere, anytime, even while on vacation. Yet as these devices grow more sophisticated and penetrate the workplace in increasing numbers, enterprises are faced with the challenge of how to ensure intellectual property and other confidential information remains secure and compliance mandates are met. As regulations become increasingly strict and the penalty for non-compliance steeper than ever, enterprises cannot afford to turn a blind eye to mobile devices.
With 75 percent of US employees expected to be mobile by 2012, it is no longer enough for an organization to simply provision their employees for when they’re sitting at their desks. Enterprises must proactively address the issue of how employees share confidential information and collaborate via mobile devices. Otherwise, they are putting their organization at risk for a data breach or non-compliance when employees turn to easily accessible free or low cost cloud-based collaboration solutions that IT has no control over to solve their mobile file sharing needs.
Fortunately, significant advancements have been made in enterprise collaboration technology that enables employees to share information via mobile devices in a manner that is highly secure and auditable. Of course, not all collaboration tools are equal. There is a vast difference between those developed for consumers and those developed specifically for enterprise organizations. To help you demonstrate compliance and ensure the confidentiality of data being shared via mobile devices, consider the following:
Don’t be limited by the Cloud
Corporations and government agencies require more than just a freemium, public multi-tenant cloud solution. Meeting the needs of enterprises requires choice of where to store data, particularly sensitive information. For instance organizations in EMEA do not want data stored in the US.
Enterprise solutions should support a variety of deployment options for virtual environments including VMware, Citrix XENserver, Microsoft HyperV, public, private and hybrid cloud environments, FIPS 140-2 certified deployment and also on-premise physical installation. The solution should allow you to mix and match different deployment modes and integrate as one solution.
Allowing employees to sign-up for individual file sharing accounts exposes organizations to significant data security and compliance risks. Because IT has no visibility or control over the information being accessed or shared, it is impossible to know just how exposed an organization is to a data breach.
Enterprise-level solutions provide IT administrators with the necessary visibility and control to monitor and manage what information is being accessed, by who and when so the enterprise can comply with industry regulations such as SOX and HIPAA that require monitoring and reporting systems to be in place. Utilizing security controls, IT administrators and business users can set policies to prevent files from being forwarded to unauthorized users.
When looking for a solution, make sure you have the ability to set automated security policies to validate recipients, set workspace and file expiration dates as well as multi-tier access and permissions to workspaces and files. With file access monitored and logged, demonstrating compliance will no longer be an issue.
Make it Easy for Users
Mobile apps should have an intuitive interface and be available for common mobile platforms, such as Android, Apple iOS, and BlackBerry. When security solutions are easy-to-use, employees use them, rather than looking for work-arounds that might put confidential data at risk.
When considering your options, do not overlook file sizes. If the solution you select does not accommodate the sharing of large files, you risk users turning to non-secure, unmanaged applications.
Rely on server-based security
Server-based security, as compared to client-based security, will help you avoid the daunting task of having to configure an ever-changing collection of hundreds or even thousands of mobile devices. Server-based security also enables administrators to enforce changes to security policies immediately. For example, to disable mobile access for an ex-employee, the person’s mobile phone is not required. With server-based security, IT can simply turn off access through an administrative dashboard.
Support Internal and External Users
Employees need to collaborate not only with colleagues but also with external users, such as business consultants, ad agencies, industrial design firms, legal counsel, and other types of business partners. Therefore it is important the solution you select supports cross-boundary collaboration, so mobile users can work with all members of a team, including external users.
Don’t Recreate the Wheel
Integration with your existing IT infrastructure, including LDAP directories, active directory services, archiving systems, and data loss prevention (DLP) systems is essential. The ability to integrate you’re your existing directories ensures access controls are consistently enforced across all IT services, while integration with archiving and DLP systems enables collaboration services to be part of broader data security initiatives and practices.
The collaboration and file transfer space is quickly growing as established enterprise veterans, start-ups and consumer-focused providers look to answer the growing need for mobile file sharing solutions. When conducting your search, it is important to remember, experience counts. Identifying vendors with a proven track record of selling, marketing, and most importantly supporting IT organizations is essential.
As data breaches continue to top headlines and penalties for non-compliance continue to climb, summertime is not the time to ignore security vulnerabilities. With an enterprise-level collaboration and file sharing solution in place for mobile devices, the temptation for users to use free dropbox-type applications is eliminated. IT administrators can manage and audit file sharing, ensuring that users are complying with security policies; and IT managers and compliance officers can be confident that compliance mandates are being met.
ABOUT YORGEN EDHOLM