You Can’t Win the Data Loss Blame Game – So End It

Featured article By Omer Eiferman, CEO of Cellrox

The bring-your-own-device (BYOD) movement is tempting Murphy’s Law on an unprecedented scale and changing the nature of the IT ‘blame game’ on Wall Street. In a world of desktops, tracking data leaks was much easier. If an employee digitally leaked corporate data or insider information, IT could usually pin down when and where it happened. However, with personal smartphones now being used for business – with or without permission – the blame game is not so simple, and unintentional leaks are far more probable when mobile devices can be forgotten in restaurants, subways and airplanes.

So are employees abusing IT security policies with BYOD, or is IT failing to meet its responsibilities by ignoring BYOD? Either way, the data loss blame will be a loss for everyone in Wall Street as long as IT departments continue to ignore or deter BYOD.

At the same time, heavy-handed mobile device management (MDM) solutions will scare away talent. Who wants to work for a firm that can remotely delete all your personal photos and messages, monitor your communications and track your location? No one. Who wants to carry around a second business smartphone and juggle the two all day? No one.

This is why Wall Street needs to embrace ‘multi-persona’ BYOD and effectively end the data loss blame without abusing anyone’s privacy.

Secure and Private

We know that wherever corporate data is stored, leaks will happen. We also know that employees will ignore or circumvent any IT policies that are inconvenient or invasive. This is why multi-persona BYOD is an elegant solution to Wall Street mobile security concerns.

A multi-persona BYOD solution divides a smartphone into personal and professional personas at the operating system level. An employee could, for instance, create one personal persona for everyday use, one encrypted persona for health and personal finance apps, and then one IT-managed professional persona for work.

The IT department would be able to monitor and secure data within the professional persona, but the personal personas would remain out of their reach. For example, IT could not lock and wipe data on the personal personas, but they could choose to have that ability on the professional persona. As employees migrate between Wall Street firms, IT would be able to create, encrypt and, if necessary, eventually block the corporate persona on personal devices. If employees donate or sell their smartphones, IT can also guarantee that corporate data remains encrypted and unrecoverable.

No More Blame Game

By securing corporate data on personal devices without invading privacy or requiring two smartphones, multi-persona lets employees work the way they normally work. Yet, the professional personas, which might include multiple personas for individual clients and different business functions, will allow IT to monitor every byte of corporate data that comes in or out. This effectively ends the blame game.

Data leaks and losses also become less likely because IT can continually improve security policies. In the event of an unintentional or malicious leak, IT can easily figure out what went missing and how. They can then refine professional persona policies to preserve data security while still meeting employee expectations and business requirements. IT gets the degree of visibility it has with office desktops.

Virtualized Identities

Essentially, multi-persona virtualizes smartphones, creating a much needed partition between personal and professional uses. Rather than worrying about a physical device, IT can reduce its scope of management to a specific virtual persona. For personal use, employees open their personal personas, and for business use, they open their professional persona, which is managed by IT. There is no longer a need or desire to blend personal data with corporate data on a single persona. The risk of invisible data leaks is greatly reduced.

In organizations without a BYOD solution, accountability for data leaks will remain opaque, and disasters will inevitably happen. At the same time, Wall Street firms will lose talent to competitors if they take a Big Brother approach to mobile security. Multi-persona allows IT departments to eat their cake and have it too by providing personal privacy and convenience alongside stringent corporate security and mobile management.

The data loss blame game is helping no one. Let’s introduce multi-persona BYOD on Wall Street and call it a truce.

Omer Eiferman is the CEO of Cellrox and former pilot in the Israeli Air Force. He is a graduate of Bar-Ilan University with a degree in Computer Science and Statistics. Prior to Cellrox, Omer served in a variety of marketing, development and product management roles in technology.