Dell Delivers Five Best Practices for Maximizing Mobility Benefits while Maintaining Compliance with Data Security and Privacy Regulations
- Tips for deploying or expanding BYOD programs while remaining compliant
- Recommendations for securing and controlling access to devices, data and networks
- Guidance for deploying solutions designed to help ease BYOD management and compliance
Dell recommends that companies carefully align their bring-your-own-device (BYOD) program with data security and privacy regulations to avoid any pitfalls concerning compliance. While BYOD initiatives can be great for employees, they often pose a potential nightmare for employers as failure to comply with regulations can result in companies suffering financial penalties, litigation and damage to their reputation.
For example, to meet Health Insurance Portability and Accountability Act (HIPAA) standards, healthcare providers, insurers, employers, schools and other organizations must secure access to all patient healthcare and payment information. Likewise, to comply with the Payment Card Industry Data Security Standard (PCI DSS), merchants must protect cardholder information for credit, debit and other types of payment cards. Even in sectors with fewer regulations, organizations are under increasing pressure to protect private information.
For that reason, Dell advocates the following five best practices for protecting regulated data and employee privacy:
Best Practice No. 1: Identify, Confirm and Protect Regulated Data
Start by identifying all regulated data and then determining which data will be generated on, accessed from, stored on, or transmitted by BYO devices. Once regulated data has been identified, organizations can decide on the best strategies for protecting it and ensuring compliance. Heavily regulated data may require a multifaceted approach, including a combination of:
- Encryption to keep data safe in the event of a breach;
- Secure workspaces to keep regulated data from commingling with personal information;
- Virtualization for heightened IT control of applications and the data they access;
- Data leakage protection (DLP) to control which data mobile employees can transmit through BYO devices and to prevent the transfer of regulated data from a secure app to an insecure app; and
- The ability to remotely wipe data from a device, if necessary.
Best Practice No. 2: Control Access to Data and Networks
Deploy solutions for monitoring, tracking and controlling access rights according to a user’s identity, device type, location, time of access and resources accessed. In addition, prevent employees from accessing data on unsecured (or jailbroken) devices or transmitting unsecured data using their own device.
A complete solution for identity and access management (IAM), firewalls and virtual private networks can protect data and networks. It also can help control administrative complexity and support numerous device types, operating systems, user roles, data types and regulatory requirements. The solution should make it simple for authorized users to access information and resources from personally owned devices to maximize mobile flexibility and productivity.
Best Practice No. 3: Secure Devices
Demand extra security for employee-owned devices. As a first step, require a password to access devices or the secure workspaces on them. In addition, a smart card reader or fingerprint reader can prevent unauthorized access to tablets and laptops if they are lost, stolen or inadvertently used by family or friends.
Best Practice No. 4: Develop Compliant Apps with Proof of Compliance
Be sure the applications developed for mobiles devices maintain compliance. To assess application compliance, ask the following questions:
- Can the multifactor authentication required for enterprise applications be employed on smartphones?
- Are the mobile devices storing sensitive information as an employee interacts with an enterprise application?
- Does a secure web session expire in the same amount of time on a tablet as it would on a corporate desktop?
To assist with the application compliance process, many companies enlist the help of an application development consultant with experience and expertise in ensuring the compliance of mobile apps. To show proof of compliance, be sure the solution supports appropriate reports and audit trails while controlling complexity.
Best Practice No. 5: Train Employees on the Importance of Maintaining Compliance
Employees must understand the critical importance of adhering to regulations and potential consequences of compliance failures. Mobile employees must be especially sensitive to potential breaches while outside corporate walls. A signature on a document promising adherence to rules is not enough. Ongoing education is essential.
Overcoming Mobility Compliance Challenges with Dell Mobility/BYOD Solutions
Dell’s extensive portfolio of mobility solutions includes end-user computing devices, wireless networking, secure remote access, next-gen firewalls, IAM, enterprise mobility management, and services. Together, mobility solutions from Dell span the device to the data center to drive end-user productivity and improve business processes without sacrificing compliance.
Dell Enterprise Mobility Management is an end-to-end mobile/BYOD enablement solution that blends the company’s industry-leading secure remote access from Dell SonicWALL, encryption from Dell Data Protection | Encryption, mobile device management from Dell Wyse, systems management from Dell KACE and new, application-based secure workspaces to reduce cost, complexity and risk.
Neal Foster, executive director, Mobility and Integrated Solutions
“The increase in BYOD can pose a potential nightmare for employers when it comes to compliance. The best way to maximize mobile flexibility for employees without jeopardizing compliance is to embrace a set of best practices for identifying regulated data, controlling and protecting access to devices and networks, and developing compliant apps that align with data security and privacy regulations.”
Delivering Complete and Connected Software Solutions
Dell Software empowers companies of all sizes to experience Dell’s “Power to Do More” by delivering scalable yet simple-to-use solutions that can increase productivity, responsiveness and efficiency. Dell Software is uniquely positioned to address today’s most pressing business and IT challenges with holistic, connected software offerings across five core solution areas, encompassing data center and cloud management, information management, mobile workforce management, security and data protection. This software, when combined with Dell hardware and services, helps customers simplify IT, mitigate risk and accelerate business results.
Dell Inc. listens to customers and delivers innovative technology and services that give them the power to do more. For more information, visit www.dell.com.
Dell is a trademark of Dell Inc. Dell disclaims any proprietary interest in the marks and names of others.