Security, Convenience & Privacy: A Neverending War

By Michael Covington, VP of Product Strategy, Wandera

The veritable “Sophie’s Choice” among security decision-makers has increasingly become the three-way tug-of-war between security, convenience, and privacy. With the introduction of the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) in 2018, there’s a clear global trend toward prioritizing consumer privacy. However, the COVID-19 pandemic has spurred unprecedented numbers of remote employees, leaving organizations grappling with a novel set of challenges when it comes to security. Yet according to Verizon’s Mobile Security Index 2020 (MSI), organizations continue to sacrifice security, with 52 percent of respondents citing convenience as a top reason to let security take a backseat.

When GDPR took full effect in 2018, it was tangible evidence that people were ready to take more control over their personal data. The terms of GDPR require organizations to ensure that the personal information that is gathered during normal business transactions remains protected while still respecting the privacy rights of data owners, demonstrating a heightened sense of concern over personal data privacy. The passing of the California Consumer Privacy Act (CCPA) in the same year was further confirmation that consumers were concerned about where and how their personal data was being used, and legislators affirmed they were within their rights to know.

So, the pressure for organizations to remain transparent while simultaneously protecting the security of their employees and users has been steadily building, leaving business and security leaders at a crossroads. So the question remains: how are organizations to choose between security, convenience, and privacy when it comes to their employees and customers alike?

Industry giants have chosen to approach this ongoing dilemma in different ways. Particularly as it pertains to mobile security, Microsoft has tackled this challenge with the implementation of Mobile Application Management without enrollment (MAM-WE). As work environments become increasingly remote, organizations face an entirely new security landscape that will require them to adapt to BYOD scenarios. MAM-WE gives organizations the ability to manage individual apps to protect sensitive employee data, even from a personal device, in a setting outside the office. Microsoft’s offering is just an example of ways that companies have broached the issue of security, without sacrificing convenience and privacy.

There was roughly 24 percent of the full-time U.S. workforce working remotely for at least a portion of their workweek in pre-pandemic days, but that number is steadily rising as a result of COVID-19.  It’s now critical that security decision-makers not overlook the importance of mobile and cloud security in this evolving landscape. Our own analysis shows that as of March 30, the number of connections to collaboration tools like Zoom and Microsoft Teams has increased by 109% since the first week of February.

As Verizon’s Bryan Sartin put it, “The types of devices, diverse applications, and further emergence of IoT devices further complicate security. Everyone has to be deliberate and diligent about mobile security to protect themselves and their customers.” Reiterating the sentiment that leaders will have to recognize the inherent risks of increasingly mobile and cloud-connected environments and take proactive action. There is a way to strike a balance between providing a convenient user experience that also maintains the security and privacy of users. One recommendation would be for organizations to put policies in place that utilize offerings like Wandera Private Access or MAM-WE to ensure that the security of corporate data is not compromised, even when employees use a personal device. Outlining and adopting formal acceptable use policies within organizations will also be a step toward finding this balance.

The findings from recent mobile threat research indicate a trend that decision-makers still believe they have to make a choice between security, convenience, and privacy for their organizations. But with more privacy-preserving and user-friendly security solutions becoming available, a harmonizing middle ground can be found. It’s time to leave the notion that organizations can’t have both in the past, and focus on solutions that allow for the security, convenience, and privacy trifecta moving forward.

About the Author

Michael J. Covington AuthorMichael J. Covington, Ph.D., is a seasoned technologist and the Vice President of Product Strategy for Wandera, a leading provider of mobile security. Michael is a hands-on innovator with broad experience across the entire product life cycle, from planning and R&D to executing company strategies. He previously held leadership roles at Intel Labs, Cisco Security, and Juniper Networks. With a diverse background as a published computer science researcher and as an IT professional, Michael has experienced technology from all sides and enjoys bringing innovations to the market, specifically in the areas of mobility and connectivity. He can be reached at @MJCovington and at https://www.wandera.com/