MSPs Must Shift Security Focus from Devices to Content
Americans are increasingly taking work home with them, which along with increasing productivity also increases security risks. A new survey on work-at-home habits of US workers from mobile security provider Good Technology offers insight into just how prevalent employee access of corporate systems from unsecured personal devices is becoming, and why it requires a change in focus from MSPs who offer security services.
According to the survey, the days of employees working “9 to 5” at the office and going home to forget about everything till the next morning are long gone. More than 80 percent of employed US adults continue working when they have left the office. Almost seven in 10 (68 percent) adults check their work emails before 8 AM, 40 percent check work email after 10 PM, 57 percent routinely check work emails on family outings, and 38 percent routinely check work email at the dinner table.
Managers may be thrilled to hear about all this extra productivity while spouses and children may be concerned about the impact on the already tenuous work-life balance, but neither one of these factors is really the concern of managed security services providers. What these MSPs need to be concerned about is the considerable security strain these habits place upon their clients’ corporate systems.
Ensuring Security in a BYOD World
Employees are now routinely logging into corporate email accounts and reading content and quite possibly downloading documents that may be sensitive in nature. They are doing so on personal mobile devices and PCs that likely have security mechanisms which to be charitable are less than professional quality. In addition, particularly when using a mobile device in a remote location like a coffee shop or even a playground, employees are probably using networks that offer little to no security precautions.
And all of these factors are 100 percent out of the control of an MSP. Assuming a client sees enough value in extra productivity to allow this type of remote access to corporate systems to continue, how can an MSP provide adequate security? As recommended by Good Technology, MSPs must shift away from securing devices or even networks, which is no longer realistic in a BYOD world, and instead focus on securing apps and data.
More specifically, this means MSPs must concentrate their efforts on encrypting data and developing apps that allow employees to securely view corporate information without actually storing it on their own devices. Email apps must provide extra security for employee logins. Depending on client needs, MSPs may also want to prohibit employees from downloading documents while providing remote “read only” access, or build in extra document security features if employees are allowed to download them onto personal devices.
Technology is increasingly blurring the lines between “work” and “home,” and as is usually the case, creating issues at a pace faster than people can keep up with. MSPs need to focus squarely on how they can effectively secure corporate data and systems on employee devices, and let the sociologists figure out the rest.