Current Filter: Network>>>>>Feature>

   

According to Forrester, smartphones will account for 50 per cent of all mobile phones in 2017, rising to 59 per cent in 2019 when the total number of smartphones in use will reach 3.5 billion worldwide. With this in mind, effective information governance must extend to all systems and devices including mobile devices, and it should be implemented across the entire information lifecycle.

The emergence of BYOD (Bring-Your-Own-Device) has been attributed to employees wanting to use their own devices to access corporate data, rather than being tied to employer specified options. However despite the wide reporting of a growth in organisations implementing BYOD, a recent survey carried out by Bloor Research in conjunction with Boldon James, entitled 'Practices for enhancing data security', found that only 35 per cent of organisations implement any kind of BYOD. Bloor surveyed 200 organisations in a range of industries in the UK and the US and found that not as many organisations as expected have implemented BYOD, and also that those organisations most concerned about mobile security are the least likely to allow BYOD. The research has highlighted that UK organisations are more likely to have policies in place, allowing the use of personal devices in comparison to organisations in the US.

There's no doubt that BYOD produces a much more complex security environment, due to the diversity that an ever-expanding range of devices and operating systems introduces. It also adds the pressure to react quickly when new devices are introduced in order to allow employees to securely access and share corporate data. By their very nature mobile devices can be lost or misused in a way that compromises data security. Perhaps more critical is the risk associated when business email is mixed with personal email on non-corporate devices. Mobile data security is often solely focused on the significant risks associated with the loss or theft of these devices, but many organisations are failing to address the additional risk to sensitive data resulting from corporate data being accessed, changed or disseminated from a device over which you may have little or no control.

In order to effectively safeguard against potential reputational damage and fines, organisations must ensure that security travels with the data throughout its lifecycle. One way to achieve this is to implement data classification policies and tools across all systems and devices which will allow all data to be classified according to its sensitivity and importance to the organisation. Findings from Bloor show 52 per cent of organisations surveyed have already started to use some form of data classification tool, and that data classification is listed in the top three most important security controls for organisations across a variety of industries.

An effective data classification solution allows for control over which messages can be synchronised to a mobile device. This ensures that sensitive information isn't stored on the device and that personal and corporate data is segregated.

With human error accounting for at least 50 per cent of data breaches, organisations must have measures in place to help reduce the level of risk. Assigning and managing an adequate level of protection to data as it travels through its corporate journey has to be the focus. Even though there have been more discussions around the growth in BYOD, it is clear to see that this isn't the case for a large majority of organisations. However, this doesn't mean the implementation of data security on mobile devices should be ignored, as more and more people use their own mobile devices to access and share corporate data, in turn increasing the risk of corporate data being lost or stolen. NC