Companies tend to think of privacy as a business issue, but for the general public, it’s quickly becoming a highly personal concern. From fears of government snooping to high-profile data breaches, people care more than ever about where their data is and how to keep it private. Trends like BYOD, big data and the Internet of Things add urgency to the challenge of helping people and businesses keep private data private.
Personal privacy is quickly becoming one of the definitive issues of our time. Businesses value personal data like online behavior, purchase histories and financial records more highly than ever, using big data analytics used to guide decision-making and build one-to-one brand relationships. A new digital-native generation is sharing unprecedented amounts of personal information online, from the music they enjoy to their physical location and future plans—even as reports of hacking, snooping and reputational damage underscore the risks involved. At work, BYOD, social media and shadow IT are blurring the lines between personal and corporate computing.
And that’s only the beginning. The Internet of Everything, still in its infancy, is already bringing a wealth of private personal information online, including data about people’s homes, movements and even real-time health status. It’s already all too easy for people to erode their own privacy, intentionally or not, through opt-ins, overly invasive application permissions, misconfigurations and security vulnerabilities. Businesses and their employees need to get a handle on personal privacy now.
There’s an element of personal responsibility involved, of course. People need to think more carefully about the opt-ins they click and the permissions they grant, and check their personal expectations of workplace privacy against the actual policies in place. But there’s also an important role for IT to play to protect employees as well as the business.
Preserving privacy in your organization
As a starting point, it’s important to recognize the implications of personal privacy at work, especially in an environment where personal and business data can easily mix, and establish a tone of mutual respect between administrators and users. After all, people and the business share common objectives: neither wants personal data to end up in corporate systems, nor to have business data cluttering up personal devices. Both want people to be able to work efficiently and conveniently without having to carry around two of each device. And both want to be able to make a clean separation when the time comes.
On a practical level, education is crucial to make sure people understand how to protect their own privacy as well as the privacy of business information. You should also provide tools and guidance to help people keep personal and business data separate—a key element of an effective privacy strategy. These can include the following:
Managed applications on personal devices. By providing a corporate email app, you can make it much easier for people to keep their personal information separated from corporate systems. As part of the rollout, if people have personal content in the corporate email system, instruct them to move their personal content from Microsoft Exchange Mobile to iCloud, Gmail or whatever personal email service they use, then delete personal content from Exchange. Of course, users who want to completely keep personal information out of corporate archives should not put it in corporate systems in the first place!
Separate business accounts on personal devices. By creating a separate account on BYO devices for work use, people can prevent work and personal content from mingling on their devices, as well as preventing personal content from being synced to corporate-owned devices and backed up alongside work content. It also makes it easier to purge business data from personal devices if necessary.
Selective wipe policies. Another advantage of maintaining separation between personal and business data on devices is that it enables you to perform a selective wipe. If a person using a BYO device leaves the company, you can wipe any corporate content it holds while leaving personal data untouched. In the event that a device is lost or stolen, you can wipe the entire device, thus preventing both personal and business information from falling into the wrong hands.
Privacy is a big topic for discussion throughout Citrix these days, as we work to address the need of both customers and their employees to protect private information. You can learn much more in our recent webinar on the topic of data privacy; Configuring Policies and [Citrix] Products to Meet Today’s Privacy Challenges.
Be sure to check out the security and compliance solutions page to learn more about how Citrix enables our customers to embrace mobility while protecting what matters most. And follow @CitrixSecurity on Twitter.
About the author
Stacy Bruzek Banerjee is the director of solutions marketing for Citrix and is responsible for global security, business continuity and BYOD solutions. Prior to Citrix, Stacy worked to build Guidewire to explosive growth and a successful IPO. She has held marketing leadership roles at Oracle, Symantec and VISA, where she focused on data management, security and collaboration. She holds a bachelor’s degree from the University of Minnesota. Feel free to read more of Stacy’s blogs.