Data security in a BYOD world – ideas for keeping your data safe!

A couple of posts ago I discussed ways for a business to handle the new phenomena of Bring Your Own Device (BYOD), and how you, as a business can manage it.   Last post I discussed the devices themselves but what about the data that they have access to. Most devices today have the ability to store data.

If the data has been create on the device, how do you get that Intellectual property from the device to your business. If it has been copied from the business environment then how do you make sure that  it is safe.   As a business you have minimal control over the information once it is stored on a device.

A secure business environment can only be achieved if you have management and control over every aspect of the business technology.   In normal business this is achieved with secure systems, auditing and policies and procedures to ensure that the technology is safe.   With. BYOD this level of security goes out the window.   The IT world manages normal systems to ensure that a malicious event does not compromise business security and also business capability.

To most businesses, keeping your users productive is critical to your business.  But how do you keep them productive without exposing your business to the following problems:

Lost or stolen devices – how do you make sure that a lost or stolen device does not have any critical information stored on it?  There is little that a business can do about a device that has been lost or stolen except to remote wipe the device.   To do this though it needs to be have set up well in advance, documented and have a policy around using the device.

Accessing critical business data insecurely – most businesses have problems with the separating of data into low level, high level and confidential.   What a business does not want to happen is for classified or confidential information to be stored in any way on the device just incase option one happens.

Backing up of local device information – in today’s world, devices are used to do most anything.   Any information that is created on the device is stored locally, if the system fails then all of that information is lost – that is bad for business.

How do you allow the use of BYOD and keep the information secure?

One of the best and easiest ways to ensure that the information is being used on the device and is not being stored is to use REmote Desktop Protocol (RDP) or similar technology.   To use RDP for you’re road warriors has a number of benefits.

The best for the business is that there is NO information stored on the device, information is transferred as a series of screen shots and key strokes.   The information transferred is encrypted either through the RDP system or through a VPN, so no ease dropping.   There is nothing stored on the device and the moment the connection is dropped there is nothing to be snooped off the device.

A spin off from using technology is that anything that is generated  by the device is actually on the business system so it becomes a part of the data stored there.   This means that there is no loss of Intellectual Property and everything that is done is backed up and included in the normal DR and BC components of the business.

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.