Jaspreet Singh is CEO of Druva, a provider of edge data protection and governance solutions.
Ever since employees began bringing their own mobile devices to work, most BYOD risk management initiatives have revolved around information security strategies designed to protect content stored on these devices from data thieves. Organizations both inside and outside the government are making strides to address these concerns, but they typically ignore an equivalent risk: the absence of BYOD data governance controls.
Given the vast volumes of work information now stored on laptops, tablets and smartphones, this lapse in data oversight can have serious consequences. Gartner has estimated that nearly 30 percent of business-related data is now housed exclusively on employer-issued or employee-owned endpoints, with no backup copies maintained by IT. That leaves a gaping hole in the audit trail that needs to be maintained for compliance, litigation, forensics and overall transparency purposes.
It means that nearly one-third of the information potentially relevant to investigations or even day-to-day business is not readily accessible, archived or managed to ensure data integrity. Documentation required to respond to regulatory disputes, lawsuits or information leakage may be dispersed across hundreds or thousands of devices. Tracking down needed information can take hours of skilled IT work. Intermingling of personal and work data on BYOD devices adds privacy and legal complications.
IT managers are beginning to recognize these gaps in the governance infrastructure and taking steps to close the loopholes. Fully 89 percent of respondents to a recent Forrester Consulting survey, for example, indicated that they expect to increase their information governance investment in the next two years to address changing computing habits.
Top drivers for these new governance initiatives, according to Forrester's "Governance Takes a Central Role as Enterprises Shift to Mobile" report, are the proliferation of file shares, the lack of coordinated governance, and the continuing rise in mobile device use – all leading to data decentralization and associated loss of control.
Updating governance practices to accommodate these new realities requires ensuring that endpoint data is safely backed up, stored and protected from loss or tampering. IT teams can invoke those governance protections by taking steps to:
1 – Create a master record of all endpoint data
IDC has identified continuous backup of information on end-user devices as a cornerstone of mobile data governance. Bringing all content from all employee-owned and government-issued end user devices into a central repository, and providing search ability across the entire data store, will ensure immediate access to information and safeguard that information from loss and tampering. It will also provide a record of all file versions, deleted files, and those belonging to former employees. In addition, having a master record enables easy file recovery in the event of device loss, theft or malfunction.
2 – Control file sharing
The same central repository also makes it possible for mobile users to access their files remotely from whatever device they are using at the moment, eliminating the need to move files from one device to another or into a third-party file sharing service to ensure anytime/anywhere availability. This in turn supports data governance by limiting the distribution and associated exposure of a given file. Implementing a centralized IT-managed file sharing system can further strengthen data governance by allowing IT to monitor and regulate both internal and external file sharing activity.
3 – Maintain audit trails for both users and admins
IT teams need to be able to reconstruct all job-related data usage to ensure both end user and administrator accountability. For end users, that should include the ability to trace actions such as file changes, remote file retrieval, data restores and file sharing. For administrators, there should be a tamper-proof audit trail to detect activity such as policy configuration errors, password resets, sensitive data access, file sharing permission changes, and remote data erasure.
4 - Enable remote device deactivation
The ability to remotely lock and wipe data when a device goes missing, a federal worker leaves an agency, or an old device is discarded for a new one is another key building block for mobile data governance. This should also be accompanied by containerization that separates personal and work-related data. In the event of a device loss or departing employee, IT can then remotely erase only the business data in that virtual container, ensuring protection for work information without also shredding personal data against employees' wishes.
5 - Provide legal hold capabilities
IT also needs to be able to place a legal hold on endpoint data in its central repository when litigation, compliance or other issues arise. This will preserve data integrity during ongoing investigations by ensuring that relevant files remain securely stored and tamper-proof until they can be reviewed.
Taken together, all of these steps will provide critical visibility, traceability, auditing and reporting abilities that will help restore data governance in today's increasingly mobile environment. These protections are essential as information workers increasingly rely on their mobile devices in their day-to-day work.