Does the “Wild Wild West” or “Three Ring Circus” describe your organization’s approach to BYOD? Have you tried to mitigate risk by leveraging solutions that are ultimately no more effective than using a Band-Aid to patch a leak at the Hoover Dam? How did you ever wind up in that position? Was this a result of following executive mandates requiring that you to address compliance by checking the box on rudimentary checklists but do no more? They may not say it in so many words but how many times have you solicited funding for a comprehensive program only to be turned down year after year?
Even when reality is not as tragic, we’ve all been in this situation- after much time and effort creating policies and executing configurations, we’re asked to create exceptions for top brass or perceived money makers who’ve bought the latest cool gadget on the market. These situations consistently chip away at the effectiveness of our sound architectures and security initiatives, leaving the organization vulnerable to breach and compliance violations. In situations when we are actually allowed to say “no”, we simply wind up further alienating the individuals we’re supposed to be serving, many times at the cost of productivity and innovation.
In dealing with compliance, many organizations choose a silo approach. Are you one of those organizations? With each compliance obligation, the institution selects and deploys numerous tools and processes for each environment. As a result of managing information and resources through disparate policies and tools, the organization is faced with increasing costs and risks. Duplication of licensing, duplication of hardware, sound familiar? This silo approach also leads to the abuse of data protection strategies, when archiving information, creating development environments or when data volumes dramatically increase.
With the ever increasing proliferation of mobile devices, over 6 billion subscriptions world-wide in Q1 of 2013, users continue to pressure employers for greater flexibility, to work on devices of their choice. At the same time, organizations face mounting regulatory compliance mandates, which expect controls that are not natively available on our mobile devices. Although key management best practices would never allow the storing of keys on the encrypted host, that’s exactly what we’ve got on every iPhone and Android device. No wonder, after each OS update, hours later we find someone has cracked the code. In 2012, it was reported that 92% of data breaches could’ve been avoid through encryption and/or authentication controls. Mobile devices fail to offer native robust capabilities in either realm. Users regularly store lists of passwords, social security numbers, credit card numbers, medical information, or other sensitive data on an iOS or Android device without any special protective measures in place. Still think it’s a good idea?
What is the answer?
Sorry – There’s still no magic bullet. The good news, there are steps we can take to improve security and ease compliance concerns without the purchase of disparate solutions. In order to bridge the technological gaps, address inherent mobile computing risks, and meet compliance obligations, consider Citrix mobility solutions. Whether the mobile device is provisioned by your organization, or your business allows personnel to bring their own, the Citrix offerings give us a way to deal with complex and unique enterprise requirements. Does your organization have complex application access needs? Will employees need to access applications and data on-prem and in the cloud, in a secure fashion? For online data access, the key lies with Citrix Receiver. When accessing virtualized applications through Citrix Receiver, you keep data in the data center, while allowing employees to seamlessly work from anywhere on any device. This results in a win, win for everyone. Citrix XenMobile MDM further empowers your IT organization by enabling the business for secure mobility, creating better working conditions and increasing employee satisfaction, all while meeting compliance obligations.
Discover how to adopt secure practices throughout your BYOD environment with Citrix mobility solutions. Join our Citrix Synergy session SYN217: Protecting sensitive data in the age of compliance and BYOD to learn how! What’s working or not working for you- tell us now.
As the Director of Security and Compliance at the University of Miami, Connie Barrera leads policy, governance, risk and compliance initiatives. Connie’s efforts are focused on establishing baseline compliance standards to streamline the Universities efforts with a plethora of regulatory mandates including: HIPAA, FERPA, GLBA, FISMA, Red Flag, FDA Part 11 and the PCI standard. In addition, Connie co-chairs the Strategic Planning Committee for Innovation, coming up with cutting edge solutions to current and future business needs. Recently, she accepted the position of Vice President of Event Services for a local chapter of ISC2.
As Chief Security Strategist for Citrix Systems, Kurt Roemer leads the security, compliance, risk and privacy strategies for Citrix products. As a member of the Citrix CTO Office, Kurt drives ideation, innovation and technical direction for products and solutions that advance business productivity while ensuring information governance. An information services veteran with more than 20 years experience, Kurt’s credentials include the Certified Information Systems Security Professional (CISSP) designation, he served as Commissioner for the US public-sector CLOUD2 initiative, and he led efforts to develop the PCI Security Standards Council Virtualization Guidance Information Supplement for the payment card industry while serving on the Board of Advisors. He regularly contributes his expertise on security-related topics in global online, print and broadcast media.