BYOD Security: Cloud-Based Business Communications and Data Storage

In the age of BYOD, cloud-based businesses have to worry not only about internal security, but also about the security of customer data they store remotely. As companies strive to accommodate their mobile-minded workers, the rise of unauthorized apps and Shadow IT have forced a renewed focus on shielding vital information that is stored remotely by third-party hosts. When that information consists of sensitive customer data — like the kind many businesses require to validate the identity of a caller or visitor to a website — the stakes are raised even higher.

Encryption

Encryption is a word that exudes a feeling of confidence in security. But in the age of BYOD, data encryption can give businesses a false sense of safety. You send encrypted data so that it is safe in transit, but do you really know who decrypts it on the other end?

Service providers are often companies that exist on tiny profit margins. They can go out of business, or even be acquired by other firms without your knowledge. They — like you — have employees working for them who may be operating on a BYOD scenario similar to yours. While most of their employees are probably honest, and are likely to be working diligently to protect your data, it takes only one rogue working on the margins to compromise your security.

Insist that your service provider stores your encryption key away from your data on a physically separate server. If they can't guarantee this, work only with a cloud-storage company that allows you to maintain your encryption-key software on-site at your own facility, safe — or at least safer — behind your corporate firewall.

Storing Recorded Calls

All of the telephone security in the world won't matter if the recordings of those calls aren't stored properly. Prior to the advent of cloud computing and data warehousing, securely storing call data was a fairly simple affair — the biggest challenge of which was usually storage space. Remote call-data storage, however, exposes your customers' most sensitive data — which they share when purchasing a product or verifying their identity — to a vast array of new threats. When warehousing call recordings, consider working with a third-party host that specializes only in that function.

Due Diligence

Most experts agree that storing large amounts of sensitive data — even in a BYOD workplace — can be at least as safe as traditional, on-site storage. The reality is that it is up to the individual business to perform the necessary due diligence regarding the capabilities and limitations of their chosen cloud vendor. The healthcare industry is responsible for storing some of the largest amounts of the most sensitive data of any sector, and the Healthcare Information and Management Systems Society has a comprehensive toolkit and checklist for businesses in all sectors to reference when scrutinizing their cloud vendor.

The age of BYOD has unshackled legions of employees from the constraints of workplace technology. Allowing them to use their own mobile devices as business machines helped them achieve a higher degree of productivity and to take a giant leap forward in flexibility. Those benefits, however, came with drastically different and heightened security issues. The widely accepted assessment is that cloud computing and data storage in the age of BYOD can be safe, but it can also be dangerous. Each company will take different steps to meet the unique challenges they face. But as employees become more liberated, IT and security teams will have to become more ingenuitive.