Critical.
Authoritative.
Strategic.
Subscribe to CIO Magazine »

Mobile data: Are you carrying a suitcase or a safe?

This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.

If you were packing for a trip and needed to take reams of documents with personal data, such as bank statements and medical bills, would you rather put them in a suitcase or a safe?

This example may seem exaggerated, but the reality can be even more daunting. Every time end users step out the door, they may be carrying thousands of dollars worth of corporate information in their pocket. Mobile devices such as smartphones and tablets are great for productivity, but one wrong move and all that sensitive information could end up in the wrong hands.

SURVEY: Mobile devices, virtualization seen as biggest security challenges

SURVEY: Surging mobile device use creating big security headaches

The key is for emphasis to be placed on securing the data, not just the device. While losing a mobile device might be a setback of several hundred dollars, the loss of sensitive customer data can cause tens of thousands of dollars of damage or more. That's where encryption comes in.

While it's not always possible to control where users take their mobile devices and the sensitive data on them, organizations can protect the data using encryption technology. By implementing comprehensive data encryption on all devices used to access corporate information, the potential damages will be greatly reduced.

There are several key points to remember, however, as an organization considers encryption solutions. The following suggestions will help you take full advantage of mobile devices while keeping them as secure as possible.

* Choose devices carefully -- Phones and tablets offer different security options, so you have to confirm each device or platform includes the needed security controls. An important aspect to understand is how strong encryption is incorporated. Is it built into the mobile operating system or into the device? In the case of device encryption, ensure that the encryption can be enabled across all risk areas, as some products encrypt data stored on the device, but not data stored on removable memory. Also, confirm strong algorithms and key sizes (a minimum of 128-bit AES) is used for encryption. Finally, as encryption is useless without good key management, ensure the key management policies comply with corporate standards.

* Limit sensitive data stored on devices -- Though it is unrealistic to eliminate storage of sensitive data on mobile devices, limiting the amount stored is an option. Doing so limits the risk surface. In such a scenario, access to encrypted information not stored on devices is achieved via recommending or requiring files be stored in a cloud-based service or corporate network.

* Implement a user-friendly solution -- Changing end user behavior is hard, so wherever possible tailor security to existing user behavior. This means encryption methods such as sandboxing that keep data isolated on the device and make it difficult to access and modify encrypted information less than ideal. To more effectively use encryption, organizations should look for business applications with embedded encryption capabilities to allow the user to securely access sensitive corporate data. [Also see: "Enterprise smartphone and tablet incursion to grow in 2012"]

* Balance security with availability -- Even the best encryption software can be left useless in the case of a network outage. And, since one of the hallmarks of the mobile workforce is travel, having no network availability is a real concern. It's important, then, to utilize a solution that will maintain constant security, whether the mobile device is currently connected or not. By implementing encryption technology that runs on the device itself, independent of connectivity, data will always be protected. If an email is being prepared while outside the service area, for example, the information will still be encrypted throughout the entire process, until it is sent. This keeps productivity as high as possible without sacrificing security.

* Educate users about keeping control of their device -- Though strong encryption goes a long way in protecting sensitive data, it is prudent to prevent potential attackers from having physical access to the data. Some recommendations to consider are:

• Require devices to have an idle time lockout -- a setting that locks devices after a set period of inactivity; locks on keypads/screens and voicemail should be considered, too. • Recommend that employees store mobile devices in pockets, briefcases and purses, not on a table -- especially in restaurants, hotels and airports -- which makes it easy for a thief to distract people and walk off with a device. • Create a lost device reporting process for employees so IT can react quickly. • Consider employing remote wipe technology to safeguard data on lost or stolen devices. [Also see: "3 tips for avoiding tablet management headaches"]

Employing data encryption on mobile devices brings a new level of security to your sensitive business information, allowing IT to provide support while imposing as few restrictions on mobile workers as possible. You can rest easy knowing that wherever users are, they are carrying a safe, rather than just a suitcase.

Symantec provides security, storage and systems management solutions to help consumers and organizations secure and manage their information-driven world. More information is available at www.symantec.com.

Read more about anti-malware in Network World's Anti-malware section.

Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.

More about: AES, etwork, Symantec
References show all

Comments

Post new comment

The content of this field is kept private and will not be shown publicly.
Users posting comments agree to the CIO comments policy.
Login or register to link comments to your user profile, or you may also post a comment without being logged in.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: data encryption, data protection, data security, enterprise smartphones, enterprise tablets, Mobile device management, mobile encryption, networking, security, smartphone security, tablet security, wireless
Latest Blog Posts
Whitepapers
  • How progressive companies are using social technologies
    Social networks and collaborative technologies are now commonplace in many workplaces. Having first been used “on the quiet” by highly-networked employees, in increasing numbers they are now being proactively used by businesses keen to connect more effectively with their internal and external audiences. Web collaboration is now viewed as critical to company success and as having multiple benefits and applications to the business. Read on.
    Learn more »
  • Optimizing Data Quality in the Enterprise - How to Tackle Your Bad Information
    Data quality – the measure of data accuracy, completeness, and consistency across a business – has become the core focus of information management efforts among many of today’s organizations. Problems with data quality continue to plague corporations of all types and sizes. In this paper, we will discuss some techniques companies can implement to enhance data quality across the entire enterprise. We will also highlight data quality management solutions, which provide businesses with the ability to effectively and economically enhance the correctness, completeness, and consistency of information in each and every system within their technology infrastructure.
    Learn more »
  • Becoming a Social Business
    As global business accelerates ever faster and companies work to quickly respond to customer demands, competitive threats and rapidly evolving trends, the richness and efficiency of social collaboration plays a key role in enabling future success. The challenge then is finding the best approach. Read on.
    Learn more »
All whitepapers
rhs_login_lockGet exclusive access to Invitation only events CIO, reports & analysis.
Recent comments