When it comes to data, IT is tasked with the ever-increasing demands of users to do more, wherever and whenever they want, on any device. The demand to meet the needs of end-users has to be balanced with the need to protect data, and in this IT is often left with a difficult balancing act. Restrict data too much and employees will find a way to circumvent the rules. Give too much freedom and data remains unprotected.
In an article on TechTarget, Eddie Lockhart talks about this unique balance, reminding organizations that the burden for data security is not isolated. Though in the end the responsibility for data security does fall upon IT / the board / executives, the day-to-day responsibility for data security must be a shared effort:
“Without balance, a BYOD strategy can easily fail, and it's important to remember that responsibility is a two-way street: IT may ultimately be liable for any major breaches or incidents, but employees must understand what acceptable use looks like and exercise common sense to keep corporate data safe."
Without education on their role in protecting data, and an awareness of the importance of protecting data, employees will continue to put data at risk. The Verizon DBIR released earlier this year tied up to 90% of all security incidents to employee mistakes, phishing, bad behaviour, lost stuff, etc.
As the TechTarget article suggests, a holistic approach to data security will include the right elements of “people” with complementary technology solutions. The article in particular touches on the importance of lifecycle management and enterprise mobility management (EMM), which integrates a user-focused approach to mobile and data management.
This article ties in nicely with our newly released Information Security - Best Practices Guide, which outlines five goals for better device and data security.