BYOD Meets Remote Workers: Which Files Aren't Secure?

By Moti Rafalin, CEO, WatchDox

In light of both Yahoo! and Best Buy putting the kibosh on remote working and telecommuting, many enterprises are taking cues from these tech leaders and re-evaluating their own telework programs. In the course of these self-assessments, corporations may realize how offsite workers with company files in transit could pose a significant security risk if these files were ever accidentally forwarded in emails to prospective customers instead of partners, or swiped from a stolen company phone or laptop. In industries where offsite work is central to the business, such as companies that dispatch fleets to service sites for soda machines or cable towers, organizations have zero choice in the matter; their employees must have access to company files on the go, or they can’t effectively do their jobs.

Many of us take this 24/7 access for granted. We expect to call up company files from any device, at any time. We do this to stay productive remotely and to collaborate among an increasingly global and mobile workforce. Employees use cloud file-sharing apps that are friendly with their iPads and Android phones, fulfilling the all-hours need to access files, otherwise known as Box Syndrome. Box Syndrome is a security problem when it comes to tracking who can access sensitive company files. A compromise to an employee’s personal file-sharing account or mobile phone could mean an information leak with irreparable damage to a company’s reputation. Scenarios for larger companies pose an even greater risk, since there’s a larger and ever-changing pool of employees to evade IT security or pull company files using mobile devices.

As companies continue to accommodate employee demand to collaborate on individual devices, they need to frame their bring-your-own-device (BYOD) policies with effective security policies. The kneejerk response might be to place a widespread ban on personal devices, public cloud file-sharing accounts or other outside technology. However, it’s nearly impossible to enforce a restrictive policy with those terms. In addition, many employees see security as a limiting hassle—more passwords and more hoops through which to jump mean more teams looking for loopholes to sidestep corporate security policies. If enterprises lock company-issued phones from using files outside work, employees will switch to personal tablets instead. Therefore, rather than dedicating IT’s security resources solely to mobile device management (MDM) or to separating public cloud services from corporate networks, enterprises need to secure the files themselves—rather than the devices or boxes that serve as file gateways.

By opting for file-syncing solutions with built-in security, IT departments will see the added benefit of higher adoption rates among employees. These solutions should provide enforceable controls across platforms for desktops, mobile phones and tablets. The controls should go one step further to provide dynamic permissions—that is, to grant varying access to the administrators authorized to view the file and no access to any unauthorized parties. Then, in the event of a lost or stolen device, a partnership ends, or an employee leaves, the enterprise can revoke access to proprietary files.

Ultimately, adoption of remote file sharing coupled with file-centric security won’t be a compromise, and should instead lead both employees and IT departments to come out on top. With the right solution, businesses gain visibility into which parties access pertinent files, while simultaneously granting employees freedom to maintain the high level of mobility and productivity to which they have become accustomed. Easy-to-use security grants peace of mind to internal and external parties, encouraging more collaboration on projects and new initiatives. Enterprises can also enjoy a competitive advantage as they continue to juggle keeping intellectual property documentation under lock and key and sharing with supply chain partners abroad. This approach would cure Box Syndrome before it starts while allowing for employees to happily continue using personal devices in a secure environment, whether they are at company headquarters, on call to a service site, or working remotely at home.

Moti Rafalin is the co-founder and CEO of WatchDox, a provider of solutions to enable organizations to access, share and control their critical documents wherever they go: on any tablet, smartphone, or PC, even those beyond the IT department’s control.