We’ve all seen the numbers about the growth of mobile computing, i.e. smartphones and tablets sales expected to pass the billion mark this year; mobile enterprise infrastructure software and services growing at a compound annual growth rate of 16.3%; and mobile device management enterprise software solutions roaring along at a CAGR of 31.43% over the period 2011-2015. Good to know, but that still leaves the problem of dealing with data leakage, from lost or stolen devices, as well as when employees leave and take their BYODs with them. Then there’s the challenge of viruses and malware sitting on devices that can breach enterprises.
Mobility has changed the work landscape in many ways, but it’s brought with it a brand new set of problems, said Bill Ho, President, of Biscom, a developer of solutions around secure file transfer, synchronization, file translation, and mobile devices. “It brings huge productivity benefits. At the same time, you get the IT guy going wait a minute, you’ve just opened a huge hole in my network.”
Biscom said mobile devices have two primary vulnerabilities. The first is leakage of corporate or protected data outside of sanctioned mobile device apps, while the second is transferring confidential data from the mobile device to external parties using unsecure methods (i.e. personal or corporate email and unsecure, consumer-based file sharing services).
“It’s a big problem, what happens when I leave, or the device is lost,” said Ho. “An even bigger problem is apps; you download apps that seem legitimate (but aren’t). Malware is a huge problem.”
Many firms do not have adequate protection and recovery policies or tools in place to manage their ever-increasing volumes of data, according to an IDC whitepaper released earlier this year. Throw in mobility and BYOD and the situation just gets worse.
‘The mobility revolution and BYOD have allowed end users the luxury of increased productivity and creativity; however, they have done so at the expense of data security and control in the eyes of IT. The prevailing tools that have been embraced by groups focused on mobility for sync, collaboration, and file sharing have acute shortcomings. Security and encryption are nonexistent.
Large and/or regulated enterprises tend to fall into the mobile data protection (MDP) market, which Gartner describes as having two primary purposes — first and foremost, to safeguard user device data by means of encryption and access control; and second, to provide evidence that the protection is working. Most companies, even if not in sensitive or regulated industries, recognize that encrypting business data is a best practice.
In its Magic Quadrant for Mobile Data Protection, released in September, Gartner estimated MDP seat sales were up slightly higher, 45 million, over last year’s 43 million. The three-year cumulative seats sold (2010, 2011 and 2012 combined) are estimated at 119 million.
According to security vendor Sophos, data loss commonly occurs via email and mobile data storage devices (including laptops, USB keys and optical media). The majority of these losses – 95% – are unintentional: for example, someone accidentally chooses the wrong recipient using the mail client’s auto-complete feature.
A recent study points out the risks – and the costs – of just one aspect of this mobile nightmare, rogue IT, which costs US organizations almost $2 billion. According to the August survey, over 40% of workers ignore corporate document policies by using unsanctioned cloud services to get work done; 1 in 2 experience tangible damage as a result. The greatest fear of IT is the risk of a data meltdown due to compromised documents lost via unsecured file sync services (followed by downloading malware and viruses).
What Ho calls next-generation industrial espionage is a growing problem. There is a lot of hacking going on to get intellectual property, often coming through their partner – or supplier – ecosystems.
Biscom has one client in the rocket industry that has processes so advanced it won’t patent them for fear of their competitors discovering their existence. “Now they’re breaking in to steal that IP.”
Encryption, authentication, reporting, tracking and audit trails, along with increasing automation, are all important in improving security, said Ho. “It’s very easy to share information, but very hard to do it securely.” However, if it’s not easy to use, they won’t adopt it, he added.
Bisom’s Data Leakage Tips
There are steps that can help avoid data leakage on mobile devices:
-Corporate users should have a secure delivery system that can be used by anyone in the organization without IT support or intervention. Users can use a Web interface, mobile app, or email add-in to quickly send files.
-Ideally, an email notification should be delivered to the recipient who must provide the proper credentials in order to access files. When a recipient downloads a file, an email receipt is returned to the sender with notification that the file was delivered successfully.
-IT should have an audit trail for compliance purposes.
-A collaborative environment is one of the most important characteristics of a successful corporate BYOD workplace.