Current Filter: Network>>>>>Opinion>

   

For all of its merits, mobility among staff has produced a range of issues around data protection, causing CIOs to guard against attacks from third parties and even their employees. These issues present a real threat to employers tasked with securing sensitive company data. Encryption alone may not provide the complete solution.

Mobile data loss can in many cases be prevented and its impact mitigated. Most issues exist because there is a lack of stringent regulation on employees using their own devices for work, and who may be more likely to sharing files accidentally, or less inclined to sufficiently encrypt their data. Employers should be aware that solutions are available, either through software designed to control intentional or accidental corporate data sharing, or by ensuring that staff isolate their work browsing from any personal activity.

This requires a thorough understanding of the categories of mobile threats. Mobile data loss threat vectors typically fall into four categories. The first is the risky and malicious apps which can infiltrate data from the mobile device. Second is jailbreak or rooting activity, which can leave the device open to vulnerabilities leading to data exposure. Thirdly is user data loss including a lost or stolen device, and lastly there are those unprotected, open WiFi networks and rogue access points, which are an ideal environment for attackers to intercept data-in-motion and launch Man-in-the-Middle Attacks.

With such events a real possibility, action is needed. Devising a security strategy involves careful considerations regarding the user, device and network. Enterprise Mobility Management (EMM) platforms can provide the necessary proactive and reactive controls to mitigate these threats. Additionally, CIOs supporting a mobile workforce can safeguard sensitive data in a number of ways.

The first is to safeguard sensitive data by implementing device password and encryption, plus lockdowns and restrictions to prevent or limit screen captures, cloud backups, USB connections and camera use. Secondly organisations should be able to containerise corporate and employee data, making sure that corporate data is protected from the rest of the device, using encryption, DLP controls, and separate container passwords. Organisations should also be able to Jailbreak and wipe corporate data from the device, automatically, even when the device is lost or stolen.

In the mobile world, anti-virus and anti-malware is just another app on the device. Instead, organisations should use App Risk Management or App Reputation Services tied into the EMM to perform an automated quarantine of the device. They should also be more restrictive by allowing only specific corporate apps to access the network, blocking all other apps, including malicious apps via Per-App VPN and Application Tunnels. Last but not least, organisations should use client certificates for remote access to authenticate to email, Sharepoint, fileshares, Secure Browsing, and Apps. This mitigates data exposure arising from users connecting to open WiFi and Man-in-the-Middle (MitM) attacks.

Controlling mobile data loss can be accomplished by leveraging a mature EMM platform that is not only mobile device aware (Mobile Device Management/MDM), but also MAM (Mobile Application Management) and MCM (Mobile Content Management) aware. This can provide the necessary controls to mitigate data loss stemming from the user, device and network. Additionally, the EMM platform must employ both proactive and reactive security controls. This not only prevents mobile data loss, but also responds to threats by isolating the device and removing sensitive data.

When approaching a mobile security strategy, it is essential to incorporate a defence-in-depth approach and the approach outlined here can help to form the basis of sucha strategy. In this way, the organisations can take control of the risk of mobile data loss and achieve its desiredcompliance targets as well.