Recently, one of the strictest data privacy laws ever enacted officially goes into effect. As organizations around the world review how they handle employee and customer information, many are finding that mobile devices present a significant risk for noncompliance.
Officially implemented on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) is designed to standardize data security legislation across Europe. However, it will have a global impact. Any company, regardless of location, must comply with the GDPR if it stores or processes personal information about citizens of any of the EU’s 28 member states. Larger organizations face fines of up to 4 percent of their global revenues for noncompliance. Small to midsized businesses (SMBs) get some leeway due to the smaller amount of risk they present.
GDPR requirements regarding personally identifiable information (PII) are particularly problematic in highly mobile environments. The regulation mandates that companies must know exactly where every instance of someone’s personal information is located. However, our increased dependence on mobile computing is making it difficult for organizations to keep track of information held outside of corporate IT systems.
In one recent survey, 84 percent of U.S. security and IT executives said they believe they are at risk for GDPR noncompliance because of personal data accessed on employees’ mobile devices. The survey found that 78 percent of U.S. employees have access to corporate contacts on their mobile device, and 85 percent have access to enterprise apps, which likely store sensitive corporate data.
This data makes mobile devices attractive targets for cyber criminals. What’s more, mobile security has been surprisingly lax. Employees often use their own devices for work, and they tend to take very few security precautions. One recent survey found that 65 percent of mobile device users just assumed that their service provider was providing protection.
Identity and access management (IAM) solutions can help boost GDPR compliance by giving organizations more control over the information they collect and who can access it. IAM solutions can also help organizations generate an audit trail that demonstrates compliance to internal or external auditors.
Increased automation is one of the chief ways IAM solutions decrease risk. The manual processes commonly used to add, change and delete user information and permissions are woefully inadequate, particularly in highly mobile environments. In many cases, user identities must be updated across both mobile and on-premises applications and resources, leading to data entry errors and delays that increase the risk of security breaches.
Mobile IAM provides greater control over information access by allowing organizations to verify a mobile user’s identity and then implement policies regarding data and application access. Users can be blocked from accessing certain apps and data if they are using a device that doesn’t comply with security policies. Policies can also be created to restrict access from specific locations or networks.
We all understand that securing data and protecting privacy is difficult. It seems there’s a new report every day of a breach that exposes millions of personal records. While the GDPR may create headaches for your organization, it is important to view compliance process as an opportunity to improve your data protection capabilities. Give us a call at 571.483.2728 to discuss the role of mobile IAM in today’s regulatory environment.
Give us a call at 571.483.2728 to discuss the role of mobile IAM in today’s regulatory environment.