Controlling mobile data access: Ensuring sensitive information is safe
Jul 21, 2015
Late last year, Forrester Research released a report with surprising findings: It wasn’t cybercriminals that were causing the most data breaches, it was those inside the company itself.
According to CSO, the “Understand the State of Data Security and Privacy” report found that internal threats – including an organization’s own employees with malicious intents or those that were simply negligent – were surfacing as the top cause of security incidents. This research, along with established data security best practices, make the case for strong controls to govern mobile data access.
Connected with more resources than ever
When BYOD first emerged, many companies did not have the infrastructure or mobile applications to allow their employees to access all the information and resources they are able to connect with today. Dynamic Business pointed out that during BlackBerry’s heyday as the device of choice for mobile workers, many remote staff members only accessed their corporate calendars and email accounts. Since then, however, much has changed.
Today, mobile professionals can now connect with more mission-critical applications and materials than ever. Workers can now pull up a company database, utilize an internal enterprise app or share business files from the palm of their hands. As the amount of content staffers have access to increases, so too must the mobile data security precautions.
A new business environment
Performance pointed out in a recent white paper that many organizations have established a need-to-know environment for their employees, where each worker only has access to the information that is directly related to their jobs.
“Giving them the information they require to perform their duties is considered more than enough,” Performance stated. “Anything else would be, at best, unnecessary and, at worst, potentially harmful to the business.”
In this new landscape, controlling mobile data access becomes more critical than ever. Oftentimes, when it comes to remote security, authentication is key. Dynamic Business noted that companies should create unique authentication credentials for each employee that not only ensure the person attempting to access content is the individual they say they are, but also provide an added level of security.
In connection with each worker’s credentials, administrators can establish specific mobile data access levels that allow the person to open the materials they need for their jobs, and nothing more. This type of approach can mitigate the risks of a malicious insider, and can also ensure that highly sensitive information is only accessible to those approved to view it. This kind of setup also increases the level of management and visibility managers have over this content.