Mobile Device Security Can't Be Contingent on Worker Status

Posted on February 17, 2015

What percentage of the workers who connect to your company network every day are contingent workers? That is, how many people with access to your network are temporary employees, independent contractors, or workers employed by an outside contractor"

More importantly, how much control do you have over the mobile devices and security practices these non-employees use every day? The Institute for Research on Labor and Employment (IRLE) at the University of California at Berkeley says that the standard job, where workers are full-time, permanent, and directly employed by a corporation is rapidly becoming an archetype " a general ideal " rather than the norm for American workers.

IRLE defines contingent work as any work arrangement which does not contain an explicit or implicit contract for long-term, full-time employment, and says that the number of contingent workers has been growing across the U.S. workforce since the 1990's. That's no surprise to IT, where at least 35% of all workers in computer-related occupations are employed by staffing or consulting firms, and another 20% are independent contractors, temporary, or part-time workers.

Robert Bartley wrote last week in FierceMobileIT that the next big challenge for mobile device management is bringing contractors and third-party workers into the enterprise mobility management fold. Bartley says that many businesses left an unfortunate gap in their mobile device policies and security models: consultants, contractors, partners and other contingent workers. The result, he says are inaccessible enterprise apps, inflexible mobility programs, and untested workarounds that compromise otherwise secure networks.

Hyoun Park, chief research officer at Blue Hill Research, says that mobile device security is a spectrum, with accessibility on one end, and security at the other. The challenge, he says, is to find a middle ground that balances enterprise mobility management with accessibility, so that the system works for both full-time employees and contractors.

Park said. "But for the part-time employees, for the consultants, this is where the next big challenge for mobility management actually is. It's going to need more nuance and more flexible solutions."

At this point, organizations are handling these situations on an ad hoc basis, muddled workarounds pushed out case-by-case. According to Park, some workarounds companies use include loaning compatible devices to part-time workers, texting or emailing sensitive information and even printing out data for physical handling, options that range from inconvenient to irresponsible.

Walking the Line

Jared Hansen, CEO of secure mobile printing leader Breezy, says that much of the challenge in enterprise mobility management is walking the line between accessibility and security. "It doesn't matter who is accessing your network," Hansen says. "You have to have a policy and procedures in place that give workers access to the tools and data they need to do the job without compromising security. And that's where the challenge is: walking the line required to identify what kind of access users need, and securing company data."

ZDNet says that one of the most difficult problems companies face is how to handle personally-owned mobile devices. What if a device is lost or stolen, or if an employee attempts to jailbreak or root their phone, putting company data at risk? One of the most common solutions to these difficult problems is a policy of remotely wiping company data stored on mobile devices, but that can lead to problems of its own.

For example, what happens in a scenario that is less clear-cut than a stolen phone, such as a security alert triggered by a child attempting to access an unattended phone, or an unapproved app that violates a policy? And what happens when a mobile device owned by a non-employee (such as a contractor, or consultant) has personal data or data belonging to another company wiped in an attempt to keep your data secure? "No one wants to find themselves caught up in a legal battle," Hansen says. "That's one important reason why an EMM solution that includes automated controls and behavior-based notifications that alert IT if unusual activity is occurring on devices connected to the network is so important."

Make sure to include everyone who accesses company data in your EMM solution, he adds, whether they are contractors, temps, consultants, or regular full-time and part-time employees. "Communication is critical. Let them know what the policies and concerns are, and explain how your EMM solution handles their personal data in the event security is compromised. Then, be consistent in how you apply the policy, so that every mobile device that connects to your network can be secured no matter who owns it, or what their employment status is."

Breezy's secure mobile printing technology is fully integrated with EMM providers like AirWatch, Citrix, Good Technology, IBM (Fiberlink's MaaS360), and MobileIron and many others, and can add an extra layer of protection to the mobile devices that connect to your network or store your data. For more information on mobile device security and secure mobile printing, watch this video from Breezy, download The Definitive Guide to Mobile Printing, a free ebook, or click here to schedule a Breezy demo now.

Easy to deploy and manage

Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.