Page 31 - Mobile Data Loss
P. 31

Mobile Security Countermeasures  25


            most organizations have is to enforce a PIN or passcode on the device
            to protect the data in the event that the device is lost or stolen.
            Smartwatches typically use a proximity-based approach. This can rely
            on identification of it residing on the user’s wrist, and when it’s removed
            a PIN or Passcode prompt is enabled to protect it. In other smart-
            watches, this proximity-based protection is based on whether the device
            is communicating over Bluetooth to the paired mobile device. When the
            Bluetooth connectivity is lost, the PIN or passcode is enabled. 2
               Management APIs are starting to appear for the Apple Watch.
            Apple has provided the ability to detect when an Apple Watch has been
            paired to an Apple iPhone. Other controls include blocking access to
            enterprise data using containerization as well as blocking the smart-
            watch pair apps. Look for this area to mature over the next few years.
            For now, considering using App-level security or containerization to
            mitigate the syncing of enterprise data to smartwatches. In the case of
            the Apple Watch, there are methods of embracing the Watch Kit exten-
            sion for those enterprise apps that you would like to sync with a smart-
            watch, and level the encryption capabilities in combination with this.



            DEVICE ENCRYPTION AND CONTAINERS

            Most of the devices today across iOS, Windows, Android, and more
            provide operating system-level encryption either enabled by default or
            as an option. Furthermore, this can be enforced by the EMM as part
            of the enforcement policy. This is one of the fundamental requirements
            of most mobile security strategies.

               But encryption alone doesn’t prevent users from sharing data. To
            accomplish that requires a container to control sharing of corporate
            data through separate encryption and data loss prevention controls.
            This container can include email, secure access to corporate content
            (fileshares), web browsing, and corporate apps and data. Data can be
            shared across the apps within the container, but can block unwanted
            cloud services or sharing of data with apps outside of the container. In
            addition, it should provide controls to copy/paste, open-in, sharing,
            and other behaviors that allow moving of data to and from the corpo-
            rate container.

            2 https://www.mobileiron.com/en/whitepaper/smartwatches-wearables-and-mobile-enterprise-security
            MobileIron Analysis of Smartwatch Security Risks to Enterprise Data
   26   27   28   29   30   31   32   33   34   35   36