Protection of mobile devices’ data entails the use of preventive data loss techniques like dual persona technology to guarantee the safety of company’s information.
The first step to take in your quest for securing your business enterprise is safeguard info on mobile devices. The fact is, even when your device is well encrypted and with full password protection, mobile devices could get lost, or your employees could ignorantly download some malicious content from the Internet.
Now, what should be done in such instance? The second part of this series on Mobile Information Management will teach you how to keep your mobile devices secured from external threats.
Securing lost or stolen devices
An organization is exposed to a serious threat when a mobile device in which confidential business information is stored gets lost or stolen. Normally, the device’s data ought to be encrypted and password activated, but employers will want to completely have the threat out by erasing such data from the device, which can be done by various methods.
Firstly, IBM’s Notes Traveler and Microsoft’s Exchange ActiveSyn are tools that protect your data with remote-wipe. The phone’s data is completely erased as soon as the wipe command is sent, this include private apps, photos, music ringtones etc.
Since the device is assumed to be with some unknown persons, the owner may prefer to have the content wiped off. The user would be lucky if he had initially followed some instructions on regular data backup.
Another likely occurrence that needs to be addressed is when a staff leaves the company. A Mobile Device Management (MDM) in such a situation will keep user’s personal data intact and wipe off the organizational data. It also has the capability to do a complete wipe, based on user’s choice.
However, the fact is that remote wiping has a major disadvantage; if the phone is not connected to a network, it cannot be wiped e.g. if it’s in airplane mode, switched off or if the phone is somewhere it cannot receive network reception. This makes this method less effective.
Moreover, if the MDM client is uninstalled, or if the account of the Exchange or Notes Traveler is deactivated, there will be no response to the wipe command sent, although, most often when the MDM is uninstalled, or email account is deactivated, this automatically and completely wipe off the device’s data.
Prevention of Data Loss
Although the loss of a mobile device can make the organization to lose control of its vital information, MIM is not restricted to this issue. Users tend to forward corporate emails to their private email addresses or put up some organizational files on services like Dropbox. If all other option fails, staffs can simply copy corporate information and paste wherever they wish.
The good news is; MDM providers have well developed ways to be protected against such threat, as they know the potential risk the threat possesses. The key tool here is referred to as a sandbox or a secured container. This is a software-defined area on the device that is password protected. This region stores organizational data separately from the personal content of users. In a situation where an employee leaves the organization, the sandbox or secure container is remotely wiped.
The secure container has another key feature which is, corporate data sent to it are all tagged, and such data cannot be forwarded from the container. You can neither transfer or forward attachment or emails nor copy and paste their content.
Other applications can also be stored in the secure container and users cannot forward such contents. MDM integrates the capability of protected cloud storages to strike out the need for services like Dropbox.
Securing Mobile Apps
Ironically, these protective measures can crash down by malware infection. Mobile apps can be gotten from a wide range of sources, and there are various methods used by vendors to verify that apps are free from malware before they are distributed.
Exposure to threat becomes complicated if the device is “rooted” – an android term (the iOS term is “jailbroken”). This process has to do with disabling the inbuilt security mechanism on the device, thereby enabling installation of applications regardless of their sources. You can easily get the software to root or jailbreak your device on the internet.
Practically every MDM product allows you detect rooting or jailbreaking, after which such a device maybe denied access to corporate emails and some other vital data until the device’s status is restored. From reports so far, Windows Phone and Blackberry Phones have not recorded cases of rooting or jailbreaking, this is as a result of their design, hence rooting and jailbreaking tends to be restricted to Google’s Android and Apple’s iOS.
When a user downloads apps from Apple’s iTunes store, they enjoy a high level of protection. Before apps are distributed on Apple’s store, they ensure the apps are scrutinized for any possible malware infection. However, when a device becomes jailbroken, iOS apps can be downloaded from any source, and the outcome is unpredictable.
Android, till presently, has always been a victim of a majority of mobile malware. According to a report by McAfee, a security firm in 2013, the growth of Android malware had risen by one-third in just a quarter, with a whopping 680,000 samples been registered.
To secure mobile devices against this threat, detection of rooting or jailbreaking is paramount. In the instance where there is no MDM provided for, the mobility policy of the organization ought to enforce a prohibition of Rooting or Jailbreaking.
The use of MDM systems allows employers to bar specific applications. Available also are anti-virus products for androids from firms like Bitdefender and Kaspersky Labs and Avast. According to AV-Test, an IT security company, a lot of the good products are up to 95% effective.
To control your mobile apps better, most organizations are contemplating building their individual app stores. MDM vendors and experts like App47 or Apperian provides these facilities. Outside regulating distribution of apps and their updates, internal app stores may also operate whichever corporate-licensed software