Page 32 - Mobile Data Loss
P. 32

26    Mobile Data Loss


             Typically the container is separately encrypted from the rest of the
          device. This autonomous encryption can prevent the container data
          from being exposed, even if the device is compromised or infested by
          malware. And furthermore, when a device is compromised the con-
          tainer can wipe the container data in real-time. People frequently ask
          about targeting data in memory on a mobile device. Aside from some
          device specific vulnerabilities, most device compromises require jail-
          break or rooting behaviors, which additionally require a reboot of the
          device. Therefore to complete the compromise, you reboot the device
          thus wiping volatile memory. So previously viewed documents are
          gone, and not exposed to memory analysis tools such as IDA Pro,
          after the compromise. There are always exceptions to every scenario, so
          it’s important to embrace the other outlined layered security to elimi-
          nate any single point of exposure. In this case, app reputation, mobile
          threat prevention, requiring mobile operating system updates and
          patches before accessing corporate data, operating system compromise
          detections, quarantine, and numerous other controls can further
          protect against these types of exposures.



          PINs, PASSWORDS, AND PASSCODES

          Determining passcode enforcement policy can be challenging for some
          organizations. It typically stems from traditional PC and Server
          8-character password policies that require various complexities to achieve
          compliance or traditional security best practices. This is a prime example
          of traditional policies that just don’tworkwellinthe mobile world.
          Requiring a user to enter an 8-character complex password to unlock their
          mobile device makes for a horrible user-experience.

             Users are accustomed to a 4-character PIN. Most EMM policies can
          then enforce various complexities or wipe a device after 10 bad PIN
          entries. Many security conscious organizations have embraced App-level
          or Container-level passcodes to protect corporate data. And in those
          cases, some have incorporated a 6-character PIN or passcode at an
          App-level or Container-level.
             Bottomline: it comes down to the organization, but it’s very impor-
          tant to consider the broader mobile security controls not found in the
          typical PC world (eg, Wipe after 10 bad passcode entries). It’s impor-
          tant to balance that with the user-experience to avoid lack of mobile
   27   28   29   30   31   32   33   34   35   36   37