Enterprise Mobility Needs A Full Security Stack To Comply With GDPR
The General Data Protection Regulation (GDPR), a mandate from the European Union, will go into effect May 25, 2018. The regulation is comprehensive insofar as protecting data and information security practices at the enterprise level.
Those who aren’t compliant with the GDPR run the risk of receiving steep fines, and its impact will be felt globally, as businesses who handle date from EU citizens fall within its jurisdiction. The impending change was announced two years ago, giving companies a grace period to come up to speed.
So as enterprises and SMBs spent billions of dollars enhancing innovation and digital transformation within their own company, namely moving toward a mobile-first mindset, how are they complying with the new regulations, and what kind of focus needs to be put on mobile security to protect those data regulations?
See related: Rethinking Mobile Security: Q&A With MobileIron CEO
Security’s going nowhere – it’s not only a necessity in today’s digital business world, but without those protocols in place, corporate data is essentially one massive fish in a barrel with no lid, ready for targeting. But because of enterprise mobility’s multiple layers – servicing BYOD or COPE environments, which device, operating system, apps, even audio and visual recordings – the breadth of potential threat vectors numbers in the millions.
The positive here is that enterprise mobility has myriad solutions to choose from, including Enterprise Mobility Management suites, Mobile Device Management or drilling down further to application management systems, full-on containers, or mobile threat detection (MTD) offerings. The negative, however, is that in order to comply with GDPR, or at least not let human error slip through the cracks and potentially fall out of compliance, many of those solutions will likely need to be bolted on to an IT team’s mobile administration, at least in the early stages of the regulation roll-out.
As discussed with Enterprise Mobility Exchange in March, MobileIron CEO Simon Biddiscombe said, “One way to look at this challenge is to highlight the top three areas where companies are making mistakes for mobile GDPR compliance – that way, they can fix these areas as soon as possible.
“For starters,” Biddiscombe continued, “enterprises are allowing employees to download business apps to unprotected phones and tablets. Those business apps include personal information like contacts, names, employee details, etc. If that phone is lost in a cab, the company cannot protect the data. All endpoints need to be secure by a UEM platform.”
See related: Here Are The Top 3 Reasons For UEM
A recent report showed some 42% of enterprises now consider themselves mobile-first, and that number is growing with each year. In addition, many organizations with a mobile footprint have either split their ecosystem to accommodate more worker flexibility via Bring Your Own Device (BYOD) and Corporately Owned Personally Enabled (COPE) or raised the BYO ability to a higher level, leveraging reimbursements or other incentives.
This is where the CIOs and mobile administrators will have to double down on protections. In a COPE environment, obviously, out-of-the-box capabilities are baked in before devices are deployed. In a BYOD setting, however, not only does the IT team need to walk the fine line of worker privacy and installing security measures on those personally-owned devices, shadow IT becomes a greater issue when employees are using their devices for business and personal reasons.
As recently reported by Enterprise Mobility Exchange, some 32% of enterprises are knowingly sacrificing mobile security for speed, keeping protective measures – EMMs, MDMs, MTDs and the like – at arm’s length so employees can more quickly and easily access applications for work purposes.
As one can imagine in the GDPR era, that’s unsustainable. The breach or loss of a single document that includes personal information from an EU citizen could result in that company’s loss of up to 4% of annual revenue in the form of a fine.
So the question is, as enterprises move forward with mobility, can they afford to skip the necessities?