Does your company have a BYOD (bring-your-own-device) policy?
If not, it is about time you start defining one. Otherwise it could be too late –- or already is.
Most employees bringing their own smartphones, tablets, and laptops to use at work are probably already storing large amounts of corporate data on their devices, or worse, in cloud-based storage services.
Without a clear policy you may find that some confidential
information such as new customer pricing, manufacturing costs, engineering details of new products, etc., are already stored in the cloud without your control. People downloading files from emails are automatically storing them in services such as Apple iCloud or Google Drive. While for some corporations this is not a serious cause for concern, for many it can be a complete disaster, and for government and healthcare providers, a serious data breach.
show that cloud-based storage apps such as Dropbox and Box were among the most banned on BYOD policies in 2012. A lot of IT organizations are blacklisting these apps: 57 percent banned Dropbox and 42 percent banned Box. Cloud-based productivity tool Evernote was also banned in 35 percent of the companies who had a blacklist. Facebook was the most common blacklisted app, followed by Angry Birds and Dropbox, respectively. But Facebook and Twitter are mostly banned for productivity issues, not for security.
There are several reasons to take similar measures in your BYOD policy:
- Ownership of cloud data: There are serious concerns, as discussed before on E2, that storing your data on public clouds could severely limit your ownership.
- Google and Apple "peeking" on your data: It doesn't surprise anybody now but cloud-based services from those providers scan all your data to serve you ads. Many people, including myself, allow this for convenience, but it is something you don't want to happen to your most confidential data.
- Impossible to delete: While you can "delete" and "purge" most data from services such as Dropbox, you don't have control over the amount of time the data is still stored until it is finally destroyed.
- International access: There is sensitive data that should not be accessed internationally. Some services use data centers around the world, and when an employee accesses a data file on Google Drive or Dropbox from overseas, chances are a copy of the file is moved to a closer facility for faster access, and probably stays there.
Because of the potential damage to the company if customers' data was compromised, some companies, including IBM, decided to ban all cloud storage apps, including Dropbox. This was a serious blow to the company. Cloud-based storage services are very convenient, but not suitable for sensitive corporate data. Because it can be difficult for corporations to control the amount of data is stored on those services, many are just banning them on their corporate BYOD policies.
However, if you do restrict what tools and applications your
employees use to do their jobs, you'd better provide an alternative. BYOD policies are not popular if people find it impossible to take advantage of mobile devices because the company is too restrictive on the apps they can use. Providing in-house alternatives when possible or approved app stores when it isn't are a good compromise. Make sure you understand the work your employees are trying to do and be sure you find a safe way for them to do it.