Security: Your Employees Just Don’t Care…

June 11, 2014
By Moka5

balance

In the recent CIO article CIOs Face BYOD Hard Reality: Employees Don’t Care, it was reported that 15% of employees surveyed by identity management software provider Centrify said they had minimal to no responsibility to protect any data stored on their personal devices. In addition, 15% of respondents also say they have had their personal account or password compromised.

If a corporate policy does exist for BYOD, clearly many people are not following it, since “43% have accessed corporate data while on an unsecured public network.” Following these stats, it’s certain others have failed to immediately report when their BYOD device with corporate data has been lost or stolen. That means, although we are likely to hear if a large company is hacked, there are potentially many more breaches that are unknown to consumers, and potentially the company too.

Yikes! So, now how are you feeling about your employees VPNing into their work email, then downloading information to work offline on their home computers?

 

Education or Threats?

While the CIO article mentioned above highlights the need to better educate employees participating in BYOD programs or possibly threaten them with disciplinary actions for non-compliance, these strategies miss the mark. Yes, education is needed, and yes, clear security policies and protocols must be established. However, this implies the bulk of the responsibility is the employee’s, but we all know that if there is a security breach, it’s the company, not the employee, who is at risk to be sued, fined, have lost competitive information, as well a major PR headache.

Instead of having all responsibility at the employee-level, the answer is to have employees work within a secure container. Unlike traditional VDI, a locally-executed PC container uses client-side virtualization technology. This enables a friendlier user experience, allowing for offline usage, personalization within the container, and full use of multi-media programs.
In addition, from a centrally managed container, policies can be set so that the secure container limits an employee’s ability to drag files outside of the container or even disallows uploading to cloud storage services such as Dropbox. This makes it your decision on how restrictive you want your security policy to be; it’s not at the mercy of how your employee is interrupting how to secure corporate data – or not thinking about it at all.

Comments are closed.