Gone are the days of forcing employees to use a standard IT-issued computer. People want the freedom to embrace the latest laptops and devices at work and are doing so in increasing numbers -- with or without IT’s blessing. Dubbed the consumerization of IT or the bring your own device (BYOD) phenomenon, it’s left a gaping hole in a company’s ability to manage how its business apps are being accessed and where its data might end up.
A recent breach at Howard University Hospital is a good case in point. Despite a (hard to enforce) policy forbidding the downloading of sensitive data, a consultant’s laptop was stolen containing personal information for over 34,000 patients. The fact that this was a BYOD machine added to the challenge since it removed the ability for IT to lockdown the computer with things like disk encryption or remote wipe.
But the BYOD scenario is really a generic case of the larger challenge that’s emerged with the proliferation of web applications. To get their jobs done, employees login to company applications using browsers across multiple computers. It could be their iPad, their home computer, or even a public machine in a hotel business center. This is liberating for employees and great for productivity, especially in this day of work-from-home policies, distributed teams, remote consultants, and consumer devices. But it’s a real challenge for those responsible for protecting company information.
There are a wide range of risks when employees are given free access to company web apps from anywhere and any device. For instance, malware resident on a device might contaminate the business web app or grab sensitive data like usernames and passwords. Or there might be policy violations such as a data leak when content ends up being downloaded to an unknown computer.
So how do we balance these competing forces: the need for IT to maintain hygiene and control on the one hand with the adoption of the web as the app platform of choice on the other?
At Authentic8, we’ve been trying to sort through this conundrum. In our view, the continued shift to web apps and the consumerization of the workplace are a fait accompli, so we took these as givens in crafting our approach. Rather than chasing each endpoint, we’ve been working to wrap security and control around the delivery of web apps in a way that is entirely independent of how the app is built or the type and state of the device used to access it. Our answer? Apply policy, security, and control at the browser. But not the one that sits on your computer, rather the one that we can secure in the cloud and that you can access from anywhere.