• United States




3 options for securing BYOD data

Dec 12, 20175 mins
Access ControlCareersData and Information Security

The devices and security measures used throughout an organization play a significant role in enabling safe, efficient remote work. Unfortunately, it can be quite challenging to determine which devices should be granted access to corporate data.

05 byod
Credit: Thinkstock

In today’s mobile, cloud-first world, organizations are allowing unprecedented levels of work to be completed from outside of the office. Employees and employers both benefit from the flexibility and efficiency that arises when workers can perform their duties from coffee shops, airports, their homes, and more. As such, providing employees with the ability to work remotely is an excellent way to attract and retain a talented, productive team.

The devices and security measures used throughout an organization play a significant role in enabling safe, efficient remote work. Unfortunately, it can be quite challenging to determine which devices should be granted access to corporate data. IT teams need to consider how device policies and security solutions affect user efficiency, user privacy, and the security of corporate data.

Unsurprisingly, the rising popularity of bring your own device (BYOD) has complicated the challenge of enabling secure remote work. A personal device that is used for professional and personal activities has access to the corporate network and the user’s personal apps – increasing the likelihood that corporate data can be accessed by unauthorized users or infected with malware. The workforce’s myriad of smartphones, tablets, and wearables represents an entry point for cyber threats that leverage devices to target corporate data.

To secure mobile and BYOD, IT can choose from a wide variety of mobile security and data management solutions. However, the large number of options can be overwhelming. As such, organizations should consider the below solutions when selecting a mobile security strategy. 

1. Locking down devices: agent-based mobile device management (MDM)

Mobile device management (MDM) solutions are generally favored by large enterprises seeking to enforce security policies across a large number of corporate-owned devices. Typically, MDM solutions require software to be installed on all employee assets. This enables all devices to be centrally managed by IT administrators who implement features such as password protection, remote data wiping, the rejection of unsafe WLAN networks, and more.

However, a major problem can occur with MDM if the mobile environment is heterogeneous, or contains disparate mobile devices and operating systems. Within these diverse environments, device management functions are often unavailable for some of the assets on the network. Because heterogeneous mobile systems are difficult to secure with MDM, it’s necessary for organizations to involve employees at an early stage of onboarding and implementation. This helps organizations to assess if the MDM solution supports all employee workflows and if deployment will be excessively challenging for certain devices.

While agent-based MDM solutions can secure corporate-owned devices, they lead to privacy challenges when deployed on BYO assets. These solutions can allow companies to reset device settings, identify device locations, and collect information about device usage and user internet habits. When these capabilities are used on personal devices, it is often seen as an unacceptable intrusion into users’ private lives. As a result, many employees refuse having any kind of security software installed on their phones or tablets, creating substantial challenges for enterprise security.

2. From the device to the application: mobile application management (MAM)

Unlike MDM, mobile application management (MAM) focuses on securing company-provided applications that house sensitive data. Where BYOD is allowed, MAM is occasionally used to secure mobile data access; for example, when a traveling salesperson uses a corporate app on her or his personal phone to access customer relationship management (CRM) systems. To ensure that application data is sufficiently protected, company mobile apps are centrally managed by security administrators or IT personnel.

Despite the above, MAM has multiple limitations. While MAM can govern a number of corporate applications, it does not cover popular cloud apps like Gmail, Dropbox and Slack. Like agent-based MDM solutions, deploying MAM requires the installation of software on employee devices. Additionally, as the solution does not provide device management functionality, a usage policy must also be installed on each device. Finally, MAM provides no assistance with detecting or blocking shadow IT.

3. Honing in on data: agentless mobile security

Fortunately for the enterprise, mobile security solutions can protect data without requiring anything to be installed on employee devices. Despite their agentless approach, these solutions can still provide MDM functions like data loss prevention and remote wiping of company data from even BYO devices. They also offer data encryption that can be extended to all popular cloud apps including G Suite, Office 365, and Salesforce. This means that sensitive data is secure regardless of the app in which it is stored or the device through which it is accessed.

Through agentless solutions, security administrators can govern device access without the installation of intrusive software. As a result, they offer rapid deployment and alleviate users’ privacy concerns about employers accessing their personal information. In light of the above, these solutions are often adopted by businesses seeking to secure corporate cloud data as it is accessed by a variety of devices. With the growing popularity of cloud services and BYOD, the proliferation of agentless solutions will continue to increase.

Identify specific requirements

Organizations need to consider a variety of factors when selecting a mobile security strategy.  First, IT administrators need to compile an exhaustive list of governmental regulations relevant to their firms. From there, they must ensure that deployment will not be impeded by users who want to keep their personal data private. In light of escalating BYOD trends, organizations should also identify the devices and operating systems in use, as well as the mobile applications employees need. Determining whether a security solution should be bolstered by legal agreements is another important consideration. Finally, all stakeholders need a voice in the decision-making process in order to ensure the adoption of a mobile security solution that is fair and effective for all.


Rich Campagna joined Bitglass as VP Products, and then became SVP Products and Marketing, before becoming CEO in June 2017.

Prior to joining Bitglass, Rich was senior director of product management at F5 Networks, responsible for access security. Rich gained valuable experience in product management and sales engineering at Juniper Networks and at Sprint before working at F5.

Rich received an M.B.A. from the UCLA Anderson School of Management and a B.S. in electrical engineering from Pennsylvania State University.

The opinions expressed in this blog are those of Rich Campagna and do not necessarily represent those of IDG Communications, Inc., its parent, subsidiary or affiliated companies.