The conversation on mobile security is one that’s never going to end. There’s always going to be some new vulnerability in the press. It’s an unavoidable fact of life in enterprise.
This situation isn’t helped along by the fact that most cloud storage solutions offer little in the way of security. Although certainly convenient and powerful tools for productivity, the lack of any rights management option leaves sensitive data wide open for misuse to anyone who can gain access. This is a fact that many within enterprise are beginning to understand – consider, for example, that Dropbox, a leading cloud storage provider is struggling, with innovation on the platform at a standstill. Outsourcing is on the rise. The global market grew from $87.5 billion in 2008 to $104.6 billion in 2014, and there is no indication that this growth will slow. As pressure continues to mount on businesses to be more agile, decision makers will continue to look for ways to save time and cut costs.
In other words, they will continue to outsource.
Although there are many benefits to this practice, it also goes hand in hand with a glaring shortcoming. When you share sensitive information with a contractor or business partner, you cannot control the environment in which that information is viewed. You’re essentially taking it on faith that a third party will be as careful with mission-critical data as you are.
Given that nearly 40 percent of large enterprises don’t secure their mobile applications, this is a dangerous assumption to make. Whether or not your business is impacted by the latest vulnerability is irrelevant if you’re handing off critical information to other organizations where you’ve no oversight. Even with audits and security inspections, you have very little control over how those outsiders treat your documents – but you’ll still have to bear the consequences if your documents are mishandled.
And outsiders aren’t the only problem, either. Given the right conditions, internal staff can be as much of a liability as contractors. Telecommuting, for example, is on the rise – meaning that employees are more frequently accessing important documents on mobile devices and home networks. Again, this is an environment in which you don’t have full control, and mistakes do happen.
After all, if there’s one universal fact in IT, it’s that the user is eventually going to do something you don’t want them to do.
Securing the file server with encryption and authentication is simply not enough. Effective security controls, such as preventing unauthorized saving, copying and viewing – collectively known as “rights management” – must follow the document wherever it goes starting the instant it leaves the file server.
In short, it’s no longer enough to manage security within the walls of your own business. You also need a document control solution to enable mobile workers and third parties – and to protect your documents from malicious insiders. There are a few things to keep in mind when selecting this solution:
- Security must follow the document wherever it goes: The big risk of unauthorized document usage occurs after sensitive data leaves your server and lands on a client that’s out of your control. Simple cloud-based file sharing servers, though they provide convenient access, leave this security gap wide open.
- It needs to work on mobile devices: Mobile is a fact of life in enterprise, and that’s not changing any time soon. As evidence, there are very real benefits to enterprise mobility, and they far outshine any risks. People are very likely to access sensitive information on their smartphones and tablets, and your document control solution needs to be accessible to them.
- Ease of use must always come first: Enterprise security is, at its core, a constant balancing act between cost, protection, and usability. You need to put the latter first wherever possible, otherwise users are going to undermine your efforts. If your document control solution is obtuse or hard to use, people are going to do whatever they can to avoid using it.
- You still need EMM and containers, even with document control: Document control that enables authorized controlled sharing is important, but it’s only one component of organizational security. You still need containers and EMM to prevent mobile device-based data loss that happens when work and personal uses cases commingle on BYOD. Your document control application should mesh well with the systems you’ve already put in place – such as your EMM and container platform.
That’s where WatchDox comes in. Designed to work on mobile devices and function in tandem with BES12, it equips administrators with everything they need to mandate and monitor how each document is accessed. Users are provided with a secure viewing environment that both protects against unsecured devices and networks and prevents them from abusing access to sensitive information. WatchDox security – recognized by Gartner in its 2015 Critical Capabilities for Enterprise File Synchronization and Sharing report for the second year running – follows sensitive documents wherever they go, so you don’t have to.
Most importantly, it impairs neither productivity nor collaboration. Administrators grant access to a document by entering an email, at which point the user types in that email to sign on. Even better, with advanced file share and sync everyone sees the same document, and can edit in tandem. Users can view, create, edit and annotate files on mobile devices with ease.
Security vulnerabilities are always going to exist in enterprise. They’re mitigated easily enough within your own organization, but you cannot control what happens outside your own firewalls. With outsourcing and telecommuting playing such central roles in so many industries, it’s imperative that more organizations start implementing proper document control. Otherwise, they’re just throwing naked documents to the wind, and hoping nothing bad happens because of it.
Click here to learn more about WatchDox.