From cavemen to mobile road warriors, what is different -- and surprisingly the same -- about how people have used technology to share information securely throughout history?
Big changes lay ahead for the way we conduct business as we know it. Most of these changes are already well underway. No longer is the workday confined to the traditional nine-to-five structure -- mobility allows employees to work from anywhere, anytime and, increasingly, on any device.
The proliferation of tablets and smartphones in the corporate environment (according to a study from Juniper Research, by 2014, the number of employee-owned smartphones and tablets used in the enterprise will more than double to 350 million) does come with certain security risks. Currently, 70 percent of smartphone-owning professionals use their personal devices to access corporate data, but 80 percent of these devices are not adequately managed by IT departments.
How can organizations make sure corporate data and files remain secure when accessed from a number of different devices, including those owned by employees?
While these concerns may seem highly unique to our digital, mobile era, they are nothing new. The sharing of information has been an integral aspect of thriving societies since, well, the beginning of time. Even cavemen had methods of “securing” their data. Natural placeholders like sticks and rocks were used to represent transactions, and combined with a nomadic lifestyle, they ensured that any information not destroyed by nature would be useless by the time other tribes came across it.
Of course, smartphones, tablets and the cloud require that businesses adapt security strategies to address the threats posed by these new ways of accessing corporate data, but the basic methods of data security have not changed.
Skeptical? Just take a look below at some necessary safeguards for enterprise mobility and how these same safeguards have been used throughout history.
For many regulated industries, tracking which mobile devices are accessing the network is critical. Many organizations choose a Mobile File Management (MFM) solution that integrates with Active Directory to ensure only authorized employees are allowed to access files on the corporate network.
Concern over who is accessing what files is not unique to the use of mobile devices. In the Mad Men era of the 1960s, sensitive files were kept under lock and key in cabinets. Only people with physical keys could access those files and information, and careful lists of those with access were kept. However, the widespread use of inventions like the copier by the 1950s and the fax machine by the 1960s introduced new security threats as these documents could then be replicated.
In any enterprise, when sensitive or critical data is being shared or accessed, it’s essential that a record be kept of who is accessing that information and for what purpose. In terms of mobility, this means giving IT the capability to turn off certain functions on certain devices for certain users, including limiting the ability for specific users to delete or edit information or email files. Additionally, if changes are allowed, a tracking system should be in place to ensure a record is kept of who changed what, and when, should any issues arise.
The auditing process is nothing new. While everyone is familiar with auditing from a tax or accounting perspective, the goal is no different when it comes to IT control over enterprise mobility -- what matters is ensuring data is being accessed and used for legitimate reasons.
Ancient Greeks used a system wherein two different people recorded transactions in order to maintain a record that could not be altered retroactively. Presently, auditing is used by a variety of industries to make sure processes are kept timely and above board, and it is just as important when your IT department is faced with the challenge of securely integrating mobile access to the corporate network.
Your IT department should be regularly monitoring the corporate network for vulnerabilities posed by granting access to hundreds and thousands of new devices. Updating an organization’s security infrastructure according to vulnerabilities revealed in a thorough review of network portals is not all that different than historical measures.
How was data integrity maintained in the past? Since the creation of the alphabet -- when information was able to be written down, stored and shared across geographic distances -- means of data verification have existed.
Certified messengers, both on foot and on horseback, along with the occasional carrier pigeon, were responsible for delivering information from a verifiable source. Security measures of the time included using wax seals as a way to identify fraudulent documents.
Encryption keeps data secure both while it is in transmission from sender to receiver; at rest on the server; or in a secure, on-device container. Encryption codes require shared knowledge between anyone accessing or viewing information. In order to give the information any meaning, you must unlock the code. From the Ancient Egyptians all the way to encrypted floppy disks or USBs, codes have long been a way to securely transmit data.
Data protection is equally as important when it comes to sharing or accessing data on mobile devices. We've all heard the stories about unsafe consumer grade cloud storage options. While these alternatives may be simple for end-users, they are an IT nightmare. Organizations need to invest in solutions that combine enterprise-grade security with ease of use for the end user.
It’s true that enterprise mobility does pose a new set of IT challenges for maintaining information security. However, the need to secure data remains the same, and the means to do so will continue to evolve in order to adapt to new technologies and new ways of accessing sensitive information.