Editor’s Note: Welcome to our weekly Reader Forum section. In an attempt to broaden our interaction with our readers we have created this forum for those with something meaningful to say to the wireless industry. We want to keep this as open as possible, but we maintain some editorial control to keep it free of commercials or attacks. Please send along submissions for this section to our editors at: [email protected]
Remember Sneakernet? Those of us who worked on IT security issues in the 90s probably haven’t heard that term in a while. For those too young to remember, it’s a simple way of circumventing enterprise security by physically carrying data stored on a floppy disk (remember those?), thumb drive or other removable medium. The term originated from the idea that the culprit used his feet – i.e., sneakers – in an unsanctioned effort to transfer data to another computer instead of through the organization’s intranet or protected Internet.
There’s a new strain of Sneakernet today and it’s infecting the enterprise in record numbers. CIOs and IT administrators might know it better as “Dropbox Syndrome” – the growing demand by employees for total access to any company data from any device. The most secure enterprise network and data protection plan can be weakened as soon as an employee with an iPhone leaves the office and takes a walk to the nearest Starbucks to log onto a free Wi-Fi connection. As more employees use their own mobile devices and download consumer-grade applications to perform work-related tasks, IT is facing a mounting security threat that makes Sneakernet look like a cakewalk.
How did we get here?
How did Sneakernet evolve into Dropbox Syndrome? The consumer market has taught mobile device users how to access their personal information from anywhere, at any time via file sharing options. Consumers are hooked on the combination of free or inexpensive cloud services to make their tablets and smartphones even more useful. This has fueled the bring-your-own-device trend in the enterprise, and it’s a big part of the reason why an increasing number of employees bypass IT and help themselves to applications and services from the public cloud.
In the meantime, IT has struggled to address employee expectations for total access to data from any device. BYOD initiatives are popular because they increase employee productivity and satisfaction, but they also increase the likelihood of sensitive documents making their way into the wrong hands, either by accident or on purpose. The market has seen enough security breaches from companies like Dropbox and Megaupload to know that the public cloud is an inadequate partner for enterprise users.
Curing Dropbox Syndrome without killing BYOD
CIOs can’t effectively outlaw the use of personal devices any more than they can ban sneakers on casual Friday. Employee desire for BYOD is too strong. However, IT can do two things to ensure the security of the enterprise’s intellectual property and curb user desire for consumer-grade offerings:
–Implement data protection at the document level rather than struggling to manage employee-owned devices.
–Deliver enterprise-quality syncing capabilities so users won’t be tempted by Dropbox or other applications outside IT’s control.
It is only with this document-level protection, tracking and control that IT can ensure BYOD does not mutate into Dropbox Syndrome and elevate risk across the enterprise. When organizations embed protections in sensitive data, they gain the ability to track everything that happens to documents, including when they are accessed, shared and edited. Employees retain the freedom that comes with using their own mobile devices at work, enterprises gain visibility and meet compliance standards, and everyone benefits from the productivity gains that come from secure, synced information access.