Corporate data privacy and consumerisation
Businesses should be able to maintain data privacy in the face of consumerisation, argues Phil Evans
In my view, user-empowering consumer IT is steadily loosening the organisation's grip on its workforce practices and most sensitive data.
Mobility may prove a data security nightmare, with endlessly multiplying end points and a growing stream of unencrypted, unprotected user data.
We know where these changes are coming from. The markets have shown for some time that the fixed PC end point is falling out of favour with consumers. Yet corporate data breaches can be costly in many ways – not least in the realm of fines.
I believe that spending on security products and services has increased massively, but many organisations are only adopting patchwork offerings.
This demonstrates a need for single disaster-recovery and policy-control offerings that can combine the functions of data backup, encryption, port-locking, remote data-policy control, remote deletion and device trace through one central agent.
Consumer IT is geared towards data consumption rather than data creation, and user empowerment rather than data privacy, and the personalisation of IT is now democratising corporate data, with companies fast losing control of which tiers of employees access their data, or how sensitive information is communicated.
The explosion in consumer IT is spawning a generation of digitally empowered, hyperconnected workers which expects the flexibility to work both remotely and on site to facilitate their so-called work/life balance. They want to share corporate data freely over public networks anywhere in the world at any time, choose their own IT, and introduce everything from app stores to social media into the workplace.
There is a lack of corporate device encryption and explosive growth in unauthorised use of personal devices to access corporate data. On top of this there is a lack of governance policies, integrated solutions that control what happens to important data inside and outside office walls, and the will among management teams to solve the problem.
No wonder many businesses are falling foul of regulators, when they are failing even to ensure compliance with their own data policies.
Advances in encryption and cloud computing mean data can be encrypted locally, on the device, remotely stored and access controlled. But many businesses are not currently integrating all these solutions.
Phil Evans is vice president at Datacastle