The cloud approach for your IT management: Webinar
- 08 July, 2021
Achieve confidentiality, integrity, and availability of data with a distributed workforce
- Abitha Devi, Product Consultant, ManageEngine
With the relaxation of lockdown restrictions worldwide, corporate workforces now constitute a mix of remote and on-campus employees. Maintaining the security of corporate data with a mixed workforce can seem like a daunting task to admins, especially with the unavoidable surge in the use of mobile devices for work. However, things can be simplified by focusing on three major elements that constitute data security.
Protecting data confidentiality involves preventing unauthorized access and guarding against data leaks, but this is not so easily accomplished.
Employees may unintentionally install malware or access malicious sites on their mobile devices, which puts the sensitive data on the device at risk. Further, employees may neglect to install critical security patches, leaving the device vulnerable to data leaks and attacks.
Mobile devices run high risks of being lost or stolen, often leading to the data on the device falling into the wrong hands. When employees use personal devices for work, it can be tricky to prevent mixing corporate and personal spaces; if the employee leaves the organization, exclusively erasing corporate files and leaving personal files untouched is a cumbersome task.
Organizations need to restrict the installation of untrusted apps and the access of malicious domains on devices, and use a dedicated corporate app to view corporate documents. Distribution of stable patches to devices must be enforced by the IT team instead of being left to the sole discretion of the employees.
Strict password policies should be mandated on devices, and if a device is reported to have been lost or stolen, remotely locking it and tracking its location will secure the data. If the device proves to be irrecoverable, a remote wipe should be performed, eliminating the risk of data theft. Containerizing the corporate workspace on employee-owned devices will separate work from play, also making it possible to erase only the corporate files if the employee leaves the organization.
While confidentiality deals with preventing unauthorized access, integrity deals with preventing data tampering, and conserving its authenticity both at rest and in transit.
When remote employees connect to home, public, or shared networks, the data in transit is subject to risks such as man-in-the-middle attacks that alter data. Some apps create automated backups of files in third-party cloud servers, making the data only as secure as the cloud itself. Cyberattacks on the cloud or unintended mistakes can lead to the data being corrupted and losing its integrity.
Further, mismanaging user access controls and broadly granting access to files might seem convenient, but doing so enables anyone to access and edit files even from unauthorized devices, which makes it harder to audit.
Using a corporate virtual private network (VPN) and certificates can protect the integrity of data in transit even on public networks, while encrypting corporate files with strong encryption algorithms will protect its integrity at rest. Automated backup features should be restricted on employee devices to prevent corporate data being exported to third-party cloud networks.
Granular control should be exercised over who gets access to sensitive data by refraining from bulk sharing files. Additionally, access to corporate servers should be granted only to managed mobile devices to further secure corporate data.
With confidentiality and integrity optimized, admins have to make sure employees are actually able to obtain the resources they need in a timely way without interruptions. Keeping vital systems up and running is what availability is all about.
With multiple teams, ensuring every team member has access to the right files on their mobile devices, and also that new versions of existing files are updated during decisive moments such as business meetings, is an exhausting task. Should the admin not make the necessary apps available to employees, they might resort to shadow IT, and install similar apps from untrusted sources just to get work done.
If admins push crucial operating system (OS) updates during work hours, devices will go down, affecting the productivity of employees. Moreover, inevitable technical issues on devices can also interfere with proper availability.
File distribution can be simplified by distributing to groups based on the directory service rather than to individual employees. Understanding employee requirements and providing requisite apps to teams will also prevent shadow IT.
OS updates should be scheduled to take place during non-work hours, and employees should be given the option to delay updates temporarily to make sure there aren't any interferences with availability when they're working. Remotely troubleshooting issues in real time over the internet will also ensure uninterrupted availability.
Simplify security with Mobile Device Manager Plus
Mobile Device Manager Plus is an enterprise mobility management solution that helps securely manage both corporate and employee-owned mobile devices across Apple, Android, Windows, and Chrome.
With Mobile Device Manager Plus, you can enforce corporate security policies on devices, ensuring the security of data both at rest and in transit. Mobile Device Manager Plus allows you to separate corporate and personal spaces on devices, restrict malicious apps and URLs, track the real-time location of devices, remotely troubleshoot devices, and much more. You can rest easy knowing that critical resources are secured across all endpoints, no matter how distributed your workforce is. Explore Mobile Device Manager Plus free for 30 days!