BYOD’s Dark Side: Data Protection

Bring Your Own Device (BYOD) is now the norm at most large businesses and enterprises. Even those environments that don’t have a BYOD policy have seen the use of laptops proliferate. Users can now be productive anywhere, often on the platform of their choice. There is a dark side to this improved user productivity and flexibility, data protection. According to IT research firm Gartner approximately 70% of corporate data is on a PC. That means that if there is not a specific strategy to protect user laptops that over 2/3’s of an organization data is at risk.

The real concern should be in the data found from a recent study by IT research firm, Forrester, which found that 61% of users say they have taken their own steps to protect data, mostly through consumer grade online solutions. As a result if the employee leaves the company their data goes with them, BYOD policy or not.

Despite these staggering statistics only 37% of enterprise data centers provide any sort of endpoint data protection. The opportunity for data leakage and outright data loss is tremendous. Additionally there is the loss of opportunity in capturing this information for litigation readiness and re-use.

To make maters worse these endpoints has become increasingly more powerful and sophisticated. They are able to generate gigabytes, even terabytes worth of content before they connect back to the central data center. In fact, some users may never connect locally to the primary data center. Consequently laptop data needs to be consistently protected and its cumulative value untethered from these devices, all while increasing user productivity.

Subject to Loss

In addition to hardware failures, there is a high probability that these devices will get stolen; either from your car, public Wi-Fi hotspots, or when clearing TSA security at an airport. In fact research, conducted by the Ponemon Institute shows that up to 12,000 laptops are lost in U.S. airports each week. In most cases, these systems are formatted and taken to the local pawn shop or sold online to the highest bidder. The real loss is the data that might need to be re-created if it was not properly protected. It is critical that the unique data, again as much as 70% of the corporate data asset, on these laptops be secured so that important corporate information is not lost.

Enterprise Endpoint Data Protection

Because the risk of loss of unique corporate data is so high, the protection of these devices must be taken seriously. It can not be left up to either the good will of the users to remember to do their own backups or to contract with a consumer based public cloud provider to fulfill this essential function. Not only is this backup strategy unreliable it also promotes data leakage.

For the enterprise, protection of these devices needs to be an IT service that is managed and monitored centrally to ensure that all data is being systematically protected. This is critical from a data protection standpoint as well as to ensure that the data can be leveraged for future litigation readiness, data mining or monetization opportunities.

Value to The User

It is important, however, that this level of protection does not impact or get in the way of the users getting their work done. Protection should be a seamless process that happens automatically when the user connects to a network and critically, it should not impact the quality of service (QoS) of that connection or of the laptop itself. Ideally, the protection process should also empower the user to perform anywhere, on-demand, self-service data retrieval and restoration capabilities. For example, restoring previous versions of files directly from the backup catalogue database. HP enables this but also takes it a step further by allowing users to optionally restore files to their smartphones or tablets.

Value to The Enterprise

There also has to be enough value to the enterprise in order to justify the investment in an endpoint data protection solution. First and somewhat obviously, these solutions have to protect the endpoints they are assigned to protect. This is primarily the mobile users laptop but should also include on premise desktops and even potentially home desktops. Since many organizations are implementing their own enterprise file, sync and share capabilities, corporate data can be almost anywhere. The solutions need to be flexible and scalable enough to be installed easily on almost any system.

Something that is ignored for now is smartphones and tablets. Most of these systems have some sort of sync to desktop/laptop capability or can sync with the enterprise’s file, sync and share solution. What does need to be captured, however, is the directory on the user’s system where the backups of these mobile devices are being catalogued.

Data Migration

Data migration is another key value for the enterprise. There are two important needs here. The first is the replacement of a lost, stolen or broken laptop. If proper backups have been done of the endpoint, recovery can be a simple point and click recovery. Furthermore, it is important to make sure that the endpoint solution can do recoveries to dissimilar hardware, since it is unlikely that the replacement laptop will be exactly the same as the original.

The second need for data migration is the ongoing need to refresh user laptops. New versions of operating systems are continuously appearing and the ability to seamlessly move a user to the new version can be invaluable. Unlike the lost, stolen, broken example discussed above, these recoveries are to the exact same system after the operating system has been upgraded. Again it is important that the endpoint recovery solution has the ability to handle this unique kind of recovery.

End-point data protection solutions like HP’s Connected Backup allow an organization to extract added value from the backup solution. It can be used to not merely recover accidentally deleted files, but also provides a full breadth of services that add value to users while saving IT organizations time.

The Information Advantage

The final value for the IT department is the ability to move beyond just endpoint data protection and layer in comprehensive endpoint data management that delivers an information advantage to the organization. This would allow protected endpoint data to not only be managed for compliance reasons but also be mined for monetization opportunities. At the same time, IT cannot sustain yet another silo of information that needs to be accessed and managed separately. The endpoint data needs to be fed into a single enterprise information repository that can be managed and mined for value.

The repository would also make the organization litigation ready. Since data can be searched by name, content and date range, most all legal discovery requests can be handled by leveraging sophisticated search capabilities.

Key Requirements for Enterprise Endpoint Protection


Scalability is probably the most important capability of any enterprise endpoint data protection solution. But scaling takes on a different meaning when endpoint protection is considered. First, it must be able to scale small enough that enterprises with a few dozen laptops can take advantage of its capabilities. At the same time, it needs to be able to scale to support backups from 250,000+ endpoints. The unique ability to scale small and big is something that not many endpoint data protection solutions are able to achieve.

Scaling involves being able to store PBs of data, while leveraging data efficiency techniques to keep data growth under control. It also means being able to ingest backups from hundreds of simultaneous endpoints at the end of the day while at the same time not inhibiting restore operations when needed.

Enterprise Management

Management needs a similar granularity of scale. The interface into the software needs to provide a robust overall health status and report on unprotected endpoints while at the same time, provide granular control of specific endpoints based on roles and departments. The endpoint backup solution should be able to provide reporting even across clusters, regions, or various data centers to executive management on data protection status, projected data growth and potentially deliver a charge back capability so value can be assigned to the function.

Secure Mobile Access

As mentioned above, many data centers are deploying enterprise file, sync and share applications but are struggling with managing them. The endpoint data protection framework strategy may provide all the functionality required to enable end user file collaboration capabilities. After all, the data is totally centralized. All that remains then is to make the data remotely accessible in a compliant and secure manner from a variety of endpoints, including smart phone and tablets. HP’s Connected product does this by providing secure, remote access to the protected data from a laptop, a desktop system and even smart phones and tablets.

Private or Public Deployment Options

Finally, the endpoint data protection should have the option to be publicly or privately deployed depending on the need and the organization’s requirements. Some organizations may not want a cloud model and instead may want to own all the storage assets themselves. Others may want to outsource the costs to acquire, power and cool the physical assets to a trusted provider. The problem is that too many software applications are “either or”. This inhibits flexibility and the reality is that organizations may very well change direction and move to, away or intermix public storage clouds.


Endpoint protection by enterprise IT is no longer an option. There is too much risk for data loss and leakage. Maintaining productivity is also critical, the time it takes to re-create data, rebuild laptops from scratch and migrate to new OS versions can all be avoided with the proper investment in an endpoint data protection solution.

IT can no longer sit on the sidelines hoping that users “do the right thing” with an organization’s data. Doing so leads to a variety of problems including loss of data control. IT needs an endpoint data protection solution that adds value to the users, so they will embrace it. It should also add value to the organization so it can protect itself from data loss as well as leverage corporate data on user endpoints. Finally an endpoint protection strategy should bring value to IT itself so its job can be completed easier and more efficiently. HP’s Connected Backup is an excellent example of solutions that can do just that.

George Crump is the Chief Marketing Officer of StorONE. Prior to StorONE, George spent almost 14 years as the founder and lead analyst at Storage Switzerland, which StorONE acquired in March of 2020. In his spare time, he continues to write blogs on Storage Switzerland to educate IT professionals on all aspects of data center storage. He is the primary contributor to Storage Switzerland and is a heavily sought-after public speaker. With over 30 years of experience designing storage solutions for data centers across the US, he has seen the birth of such technologies as RAID, NAS, SAN, Virtualization, Cloud, and Enterprise Flash. Prior to founding Storage Switzerland, he was CTO at one of the nation's largest storage integrators where he was in charge of technology testing, integration, and product selection.

Tagged with: , , ,
Posted in Article

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 21,783 other followers

Blog Stats
%d bloggers like this: