Today's Mobile Device Data Protection Must Go Beyond Encryption

Wednesday, August 21, 2013

Cam Roberson

52a995fead03e1d828980d4b3efd2719

Not too long ago, ensuring data security was a fairly straightforward task for most companies: slap a password on every desktop computer in the office and call it a day. Sure, this may be a slight oversimplification – corporations have long had to protect against external security breaches, and they have never been immune to internal threats, either. But protecting data stored within the company's firewall wasn't nearly the tall task that it is today.

The generally accepted "encrypt it and forget it" strategy of recent years no longer cuts it. For a couple very good reasons. First, corporate data now lives not just on stagnant desktops, but on laptops, smartphones, tablets and is also routinely stored and transferred on tiny flash drives. Adding to that, employees frequently access and manipulate data while working on their sometimes-sanctioned, sometimes-unsanctioned personal devices. All of this activity takes place outside of local area network (LAN) protection, rendering even the most impervious firewall irrelevant.

Employers can be diligent in installing encryption protection software on the devices their employees use, but what happens if the password is compromised? Whenever the password is known, the laptop, smartphone or tablet is at no less security risk with encryption as it is without. Once the device is authenticated the contents of the device are de-crypted and the data is available for whomever has the device.  Even diligent employees write passwords down. Thieves steal computers while powered on (and de-crypted). Employees are transient and can leave the firm but still have the device and its password credentials. Then what?

Encryption is certainly a good start, but it's really just the baseline in today's data-security landscape. In selecting a data security strategy and implementing a system, companies shouldn't fret over which option provides the most robust encryption – they're likely all about the same. Rather, they should focus on the elements layered on top of encryption. They need features that will make their system flexible enough to corral widely dispersed data on many different mobile platforms and be able to protect that data under conditions where we must assume that the password is vulnerable.

Here, then, are four essential features of any corporate data security system. While some - or perhaps all - of the items on this list might have been viewed as luxuries not too long ago, they are fast becoming requirements in our rapidly evolving computing environment.

1. Flexible Encryption

With many data security platforms, encryption is an all-or-nothing proposition: You either encrypt the entire hard drive (system and all), or you don't encrypt it at all. As hard drives have grown larger, this situation has induced frustration in employers and employees alike. A 500-GB hard drive often takes not hours but days to encrypt, no matter if only a small portion of it is actually being used. Delays caused by encryption software can fray tempers and hamper productivity.

This binary encryption option will often be overkill in these situations, so companies should consider encrypting just the data – data files and locations – and not the system itself, with executables and applications that really pose no threat. A recommendation not to encrypt something might seem out of place, but they goal of any data protection implementation has to balance security with productivity. Encrypting what doesn’t need it will only lead to excessive boot times and slower performances on data-intensive applications. By leveraging a device’s built-in encryption systems with additional software that only controls what needs controlling, companies can have the best of both words: greater data security without compromising productivity.

2. Remote Monitoring

With the proliferation of sensitive business data on many different devices, both company and employee-owned, business leaders need to understand where these vulnerable devices may be and feel comfortable that they’re within the organization’s control. Evidence that encryption is in place. Assurance that employees are abiding by the company's data-protection policies – after all, employees often take shortcuts that may endanger company data in the name of efficiency.

Many of the data-security systems on the market give managers a way to follow up on these concerns, allowing them to modify controls in response to what they're seeing.

Such systems also allow administrators to establish different levels of authorization for different classes of employees, and to change those authorization settings on the fly. Authorization shouldn't be permanent, and these systems recognize this truth by allowing administrators to revoke it at any time – whether or not they have physical access to the devices the employee is using.

3. Remote Data Access Control

Passwords won't do much to protect information stored on a stolen mobile device from which an employee has failed to log out, or on a tablet that is still in the possession of a fired employee who should no longer have access to the data stored on it. So in addition to encryption, companies need the ability to remotely control access to the data on these devices remotely in the event of a breach.

The methodology to data access denial can be drachonian and permanent like a 7x overwrite to a DOD standard – appropriate when the organization knows a device is stolen (and highly unlikely to ever return). Data erasure is also a useful tool when it comes to retiring devices.  Shorter product lifecycles and the quickening pace of technological advances have caused devices to fall into obsolescence at a faster clip than ever before. While many companies find the task of deleting data on each retired device to be a daunting (not to mention costly) one, remote erasure makes the job as simple as point-and-click. And the fact that administrators can use a single console to track which devices have been erased and which haven't diminishes the risk that some devices will be overlooked.

A recoverable approach to data access control is the notion of remote “quarantine,” where the organization can utilize tools that temporarily deny access to the contents of a device. If and when the organization feels as though there is no longer risk to that device or its contents, it can again remotely restore access and use of the device. This technique is remote and immediate without harm to the contents of the device.

4. Automatic Security Features

The fact that administrators can now exercise more control over data on devices their employees use doesn't mean that they should be responsible for monitoring those devices at every moment. Accordingly, data-security systems should include automatic in-device features, as well. One common example of this type of feature are automatic responses to a string of invalid log-on attempts. A company might like to pre-determine what the device should automatically do in response to such a risk. Furthermore, it might like to choose responses that escalate in severity as the risk itself escalates. A device shutdown might even be appropriate after a few invalid log-on attempts. Or, quarantining the device might be the right response after 7 or 8 invalid log-on attempts. Well-designed automatic features can go a long way toward alerting administrators to issues and bottling up threats before they come to management's attention.

About the Author: Cam Roberson is the Director of the Reseller Channel for Beachhead Solutions, a company that designs cloud-managed mobile device security tools.

Possibly Related Articles:
18838
Enterprise Security
Information Security
Encryption Security mobile
Post Rating I Like this!
Default-avatar
lafseo wify The generally accepted encrypt it and forget it strategy of recent years no longer cuts it. For a couple very good reasons. First, corporate data now lives not just on stagnant desktops, but on laptops, smartphones, tablets and is also routinely stored and transferred on tiny flash drives. Adding to that, employees frequently access and manipulate data while working on their sometimes sanctioned, sometimes unsanctioned personal devices.
http://neueseoservices.ca/
1398842779
Default-avatar
Mic Micac Your approach to this topic is unique and informative. I am writing an article for our school paper and this post has helped me. Thanks.
http://ireport.cnn.com/docs/DOC-1157114
1409669174
Default-avatar
Mic Micac I have been teaching a class and we are looking at this subject in the next week. I will be directing my student to look at your post for good information.
http://www.kiguone.com/
1409671362
Default-avatar
abdul bari Chanessra Thanks for the info, really appreciate it. Keep Blogging! What a great idea for a post! Thanks for sharing I really enjoyed it. cheap quinceanera dresses under 100
1410763974
Default-avatar
abdul bari Chanessra Thanks for the info, really appreciate it. Keep Blogging! What a great idea for a post! Thanks for sharing I really enjoyed it. cheap quinceanera dresses under 100 http://www.uwdress.com/c/cheap-quinceanera-dresses-under-100.html
1410763991
Default-avatar
abdul bari Chanessra Your approach to this topic is unique and informative. I am writing an article for our school paper and this post has helped me. http://besocial-blog.weebly.com/
1410766280
Default-avatar
Mic Micac I am currently working on an assignment and I have been exploring your blog for a few hours. Thank you for your post it proved helpful for me.
http://prx.im
1411130215
Default-avatar
sikawai duluan What to Look for in a Steam Mop : A reputable brand, Weight, Handle design and length, Mop head, Indicator Lights, Covers, On and off switch, Warm-up time, Attachment. Source http://www.steammopreviewspro.com
http://siratu.com
http://www.oliveoilforhairhq.com/
1411922099
Default-avatar
Anna Maria Resources like the one you mentioned here will be very useful to me! I will post a link to this page on my blog http://griyamobilkita.webs.com . I am sure my visitors will find that very useful
1412052178
Default-avatar
Terry Kane I have been exploring this topic for a some long time. You have offered great information in your post and some things I have not seen in other content I have read by my friends. http://bestproteinpowderguide.co.uk/
1413337870
Default-avatar
Leo nardz I have been researching this subject for a few days now for a report I am writing. Your post has been very helpful in this regard. Thanks for another great post.
http://freevpn.me
1413381708
Default-avatar
karna karn Case in point, you may do a reversal to the perusing and http://www.copyessay.com/ stage on the off chance that you discover an alternate valuable content, or maybe to rehash to spot particular data.
1414638979
Default-avatar
leeza jion The executors in charge of the Michael Jackson estate will be investigated in a documentary, “Follow the Money,” being produced by Edward Bass, who is already in a legal battle with them.Edward Bass Los Angeles
1416987467
Default-avatar
leeza jion The executors in charge of the Michael Jackson estate will be investigated in a documentary, “Follow the Money,” being produced by Edward Bass, who is already in a legal battle with them.https://www.linkedin.com/in/edwardbass1
1416987491
Default-avatar
leeza jion Reverse My Disease Today: Dr. Patel And Ken Drew Reveal A Step-By-Step Protocol For Identifying Hidden Food Allergies, Eliminating Inflammation From Your Gut, And Protecting Your Body From Chronic Illness, No Pill Popping Required..http://www.rebelmouse.com/reversemydiseasetodayreviews
1416999901
Default-avatar
vflpqu vflpqu I have read your blog it is very helpful for me. I want to say thanks to you. I have bookmark your site for future updates.
URL Opener
1417600918
Default-avatar
Ellen carter Data protection is becoming the serious issue with the passage of time. Data theft is creating serious problems. To protect the data in mobile everyone must used a high level security systems so in case of any problem he/she can easily erased the data with the secondary options.
http://small-fridge.net/something-for-everyone-in-the-sears-small-fridge-range/
1417664097
Default-avatar
abdul bari Chanessra The article has actually peaks my interest. I am going to bookmark your web site and maintain checking for brand new information. https://www.rebelmouse.com/ryanshedplansreviews/
1420184938
Page: « < 1 - 2 - 3 > »
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.