BYOD is solvable. COPE is solvable. The rest of the acronym soup that describes problems associated with keeping company data safe while on mobile devices are solvable. But today, it takes several different solutions strung together to get that data leaving the perimeter to be safe. In the future, those solutions will come together and the problem of protecting data as it moves around the world will be easier and cheaper.
First some background – you know what BYOD is. But what is COPE? COPE refers to Company Owned, Personally Enabled. It is really a description of the way many/most companies operate. The company buys you a computer and perhaps a smartphone. You might have a choice between vendor A and vendor B. And while that device comes configured, you still generally have administrative rights because if you don’t, you create way too many headaches and complaints for IT. “I have to have x installed! I have to have y installed. The system blocked me from installing z and I can’t do my job without z.” While there are some super security centric companies out there, the vast majority of employees have administrative rights to their computers. And, while the trend for phones was to go down the Mobile Device Management path where the company decided what can and can’t be on your phone, the current tide is going the other way. Why? Frankly none of us want some company IT person to tell me what I can and can’t have on my phone. “Phones are personal – even if I didn’t buy it! My computer is personal – even if I didn’t by it. My LIFE is on my computer and my LIFE is on my phone. Don’t tell me what I can and can’t have. I’ll go rogue or find a company that lets me be me.” That’s the general trend.
But company data is VALUABLE and companies have to protect that company data. So how can a company REALLY protect its data while letting you be you?
For the company to be a winner by protecting its data and for the user to be productive and happy the following three solutions need to work in concert. Access to all data needs to be controlled by a powerful Secure Remote Access gateway that is focused on understanding who the user is, what kind of risk their system poses, and exactly what data the company is willing to let out given the calculated risk. So, powerful SSL VPN gateways are a fundamental need. If you think the market for them has been eliminated, think again. They are fundamental. But these systems need to work in concert with solutions that provide mobile containers. Containers allow the SSL VPN solution (after doing its job of verifying the user, the risk of the device and what data should be accessed) to place that data into a virtual piece of real estate on that mobile device that is OWNED and Controlled by the owner of the data, not by the person in possession of the device. The key here is that companies should not try to take control of the device entirely, they only need to take control of a small piece of real estate that the user grants. All company data needs to land there. If the user and owner of the data choose to part ways, the company does not need to “destroy” the entire device. It only needs to revoke access to the data sitting in the virtual container. But you ask, how does a company “control” access to that container and the data within? How does it revoke a user's ability to access it without doing something to the device? The answer is in encryption key management. If the data leaving the premises is encrypted with a strong key encryption solution that can allow or deny access to the data inside the container, then everyone is a winner! The company doesn’t need to wipe an entire device to protect access to data. It just needs to “not” provide access to that key that would open that data.
So, let’s summarize what these three solutions working together does for an owner of data that is going to let that data land on highly mobile devices.
- The Remote Access Gateway is going to understand who the user is, what device it going to be used, and what data should be given based on the risk of the device, users, and other variables. Only data that should leave will leave and will land
- Inside a mobile container. This container will not let data be copied and pasted outside of the container. Data can’t be emailed to different solutions. The data is inside and protected but it is not free data and can’t move elsewhere. And lastly,
- The Key Encryption Solution allows for the data to be open (only inside the container) and read/used only while that user and that device is in good standing. If the user or device becomes un-trusted, access to the key is revoked and the data can not be utilized. The owner of the data doesn’t even need to wipe the data since it is useless without access to the keys.
This is the present. Three solutions working together. In the future, these three solutions will merge into a single solution. Companies like Dell have all three components required to solve BYOD, COPE or any other variation of problems affecting mobile data. In future blogs, we’ll share the progress being made in bringing this future vision to life!