What’s not to like about a good bring-your-own-device (BYOD) policy? For most companies, BYOD is a great deal. Employees buy and maintain the devices, and the company gets the benefit of their off-hours availability and productivity while traveling. Nearly three-quarters of organizations with enterprise mobility initiatives have adopted a plan to establish a BYOD policy.

But BYOD can be a sinkhole from a security standpoint if users are unaware of the risks associated with carrying valuable business data around with them. Consumer Reports estimated that 5.2 million smartphones were lost or stolen in the U.S. in 2014, the most recent year from which data is available. Nearly 200,000 phones were left in taxis that year in London alone.

Mobile Device Management and Data Loss Protection

Many companies that adopt BYOD policies also install mobile device management (MDM) software. These enterprise mobility solutions provide great value, but they have their limits. Most work at the hardware, operating system and application levels. They’re great for remote software installation, configuration management, security and asset management, and they can be used to track the location of a device or wipe it clean in the event of loss or theft.

You can also apply certain MDM features to minimize the risk of data loss. For example, most providers will let you set up a password-protected secure area in which to store business files. Any data that comes into this sandbox is tagged and cannot be forwarded or downloaded. This area can also be remotely wiped clean in the event of loss or theft without disturbing personal data.

MDM solutions aren’t designed to manage data, however. That demands a different set of tools and procedures under the umbrella of endpoint data loss protection (DLP). While MDM manages the device, DLP works at the data level. It provides rigorous controls over who can access what data and what they can do with the data they have. DLP can specify, for example, that files in a certain directory with a particular name suffix or files that are password protected cannot be downloaded to local storage or sent across the network.

A Culture of Protection

But enterprise mobility technology alone doesn’t solve the problem. You also need procedures, policies and a culture that recognizes the importance of data protection.

If you have a BYOD program, you need a written policy that specifies what information can and can’t be downloaded to personal devices and the penalties for running afoul of the rules. Any employee who uses a personal mobile device for work should read and sign the policy. It’s not a bad idea to require some training, too. You can find a variety of actual policies and templates online.

DLP is useless without a classification scheme. In the same way that the federal government assigns security levels to information, such as confidential, secret and top secret, your company data should be classified based on its sensitivity. You can then apply a DLP solution to restrict access to specific people, departments and functions. The best protection against compromise is not enabling data to be downloaded in the first place.

Endpoint Management

If you’re considering MDM, you might want to broaden the possibility to include endpoint management. This increasingly popular toolset gathers rich information about each client, including hardware and operating systems configuration data and the status of installed applications. It can apply patches and fixes remotely and perform most other functions of a full-blown MDM solution.

Many endpoint managers now support intelligent agents on the endpoint, enabling security organizations to get a fine-grained view of how devices are being used. These agents can be configured to take actions, such as blocking downloads of information in .doc or .xls formats, automatically. They can prohibit the use of email attachments and alert IT of large file uploads and downloads. When choosing an endpoint solution, be sure to ask about support for these features.

Enterprise Mobility in the Cloud

Unfortunately, there is still no comprehensive solution to monitor or control what data employees store on mobile devices. The best approach is to combine education with selective access and remediation through capabilities such as remote wipe.

But you might also want to opt for a simpler solution, such as putting everything in the cloud. Cloud-based file-sharing services give IT complete control and can be configured to prohibit local file storage. Users can access and manipulate files just as if they were on a local drive, but everything is stored on the cloud server. Given the speed and coverage of today’s mobile networks, it’s hard to imagine why anyone would need to store data locally at all.

More from Data Protection

Beyond Requirements: Tapping the Business Potential of Data Governance and Security

3 min read - Doom and gloom. Fear, uncertainty and doubt. The "stick" versus the "carrot". What do these concepts have in common? They have often provided the primary motivation for organizations’ data governance and security strategies. For the enterprise, this mindset has perpetuated the idea that data governance, data security and data privacy are reactive cost centers existing due to externally imposed requirements or mandates.Yet, what if data governance and security practices could upend the prevailing paradigm and demonstrate direct business value?[button link="https://community.ibm.com/community/user/security/events/event-description?CalendarEventKey=8d7fdc61-97bf-43b0-b7d6-018756e436a6&CommunityKey=aa1a6549-4b51-421a-9c67-6dd41e65ef85&Home=%2fcommunity%2fuser%2fsecurity%2fcommunities%2fcommunity-home%2frecent-community-events"…

3 min read

Heads Up CEO! Cyber Risk Influences Company Credit Ratings

4 min read - More than ever, cybersecurity strategy is a core part of business strategy. For example, a company’s cyber risk can directly impact its credit rating. Credit rating agencies continuously strive to gain a better understanding of the risks that companies face. Today, those agencies increasingly incorporate cybersecurity into their credit assessments. This allows agencies to evaluate a company’s capacity to repay borrowed funds by factoring in the risk of cyberattacks. Getting Hacked Impacts Credit Scoring As per the Wall Street Journal…

4 min read

IBM Security Guardium Ranked as a Leader in the Data Security Platforms Market

3 min read - KuppingerCole named IBM Security Guardium as an overall leader in their Leadership Compass on Data Security Platforms. IBM was ranked as a leader in all three major categories: Product, Innovation, and Market. With this in mind, let’s examine how KuppingerCole measures today’s solutions and why it’s important for you to have a data security platform that you trust. The Transformation of the Data Security Industry As digital transformation continues to expand, the impact it has had on enterprises is very apparent when…

3 min read

SaaS vs. On-Prem Data Security: Which is Right for You?

2 min read - As businesses increasingly rely on digital data storage and communication, the need for effective data security solutions has become apparent. These solutions can help prevent unauthorized access to sensitive data, detect and respond to security threats and ensure compliance with relevant regulations and standards. However, not all data security solutions are created equal. Are you choosing the right solution for your organization? That answer depends on various factors, such as your industry, size and specific security needs. SaaS vs. On-Premises…

2 min read