Balancing BYOD and data security

LAS VEGAS – In the enterprise, it’s hard to strike a good balance between supporting the burgeoning bring-your-own-device trend and keeping data secure. Mobile device management (MDM) and data loss prevention (DLP) solutions can be effective in securing data, but also have a negative impact on user experience.

Symantec Corp. has acknowledged this issue and created a new solution called Mobile Application Management (MAM). MAM takes a completely different approach from MDM and DLP because it allows the IT team to take existing apps and wrap them with DLP functionality. The company also believes that this could replace multiple existing products. “We believe you need one comprehensive solution, not a lot of point products,” says Enrique Salem, president and chief executive officer of MountainView Calif.-based Symantec [Nasdaq: SYMC].

Usually, MDM solutions involve handing over a lot of control to the IT team. “(MAM is) distinct from MDM because MDM is policies and control of the device in its entirety,” says Brian Duckering, senior manager for enterprise mobility at Symantec. While this empowers IT teams to closely control the flow of data, remotely lock and shut down devices, it’s also an option that is more suited to a company fleet of devices than an employee-owned phone. Where BYOD is concerned, having containerized data can impact the user experience because it may prevent using multiple apps concurrently and can potentially slow performance.

DLP too is a solid option because it filters data to and from the device by passing it through company servers with filters to help identify sensitive information. This can warn or even block the user from sending data that should not leave the company. But again, a full-scale DLP solution might not be the right option if the device spends half its time as a personal phone or tablet and isn’t owned by the company.

This is where MAM comes in. In a lot of ways, it’s a good answer to BYOD because it allows an enterprise to wrap an existing app with security options. “Mobile Application Management allows us to apply policies to specific applications and the data that’s contained within them,” says Duckering. The IT team gets a control panel where they can take an app, pick certain DLP-like options — disabling copying, pasting or forwarding of data, adding extra identification layers, etc. — and push a new complied version of the app to a custom company app store. To alert employees as to which version of the app they’re using, a small Symantec check is added to the app icon and it can live right alongside personal apps on the device.

Some of the downsides in MAM mirror those in MDM solutions. Users can still opt to use the unmodified apps if they really want to get around security restrictions. It relies on a bit of user faith that employees respect the sancitity of data as much as employers.

That said, if your company has embraced BYOD — and it’s hard not to — it allows a personal device to work just as well during work functions as it does at home, according to Symantec.

And, from what was shown during the second keynote at Vision, it’s easy to use. “What we’re doing is applying libraries without having to be a developer,” says Rob Greer, vice-president of product management for Symantec. It’s also ideal for in-house developed apps. “(It lets) your developers develop and your IT administrators set policy.”

Not only that, but MAM can be used on Android devices, iOS devices and even jailbroken devices. “(Even) if someone decides to jailbreak your device, on Android or iOS, you still need control … We want to enable these controls across all platforms,” says Salem.

Independent technology analyst Carmi Levy thinks Symantec may have tapped something new here, but it won’t be a one-horse race for long. “An app-centric methodology is relatively unique and this announcement signifies, for now at least, a unique approach to a fast-evolving problem,” says Levy. “Eventually, every security vendor will move in this direction. For now, at least, Symantec is leading the charge.”

Symantec also announced an extension to its DLP offerings to include iPhones as well as the previously supported tablets. That update will launch later this year and support for more platforms are likely to follow.

Related Download
A Guide to Print Security for Canadian Organizations Sponsor: HP
A Guide to Print Security for Canadian Organizations
IT security vulnerabilities are a growing cause for concern for organizations trying to protect their data from printer breaches.
Register Now