Page 33 - Mobile Data Loss
P. 33

Mobile Security Countermeasures  27


            adoption or causing users to circumvent security controls in other
            ways, commonly referred to as Shadow IT. Some of these options can
            include fingerprint authentication through Apple’s Touch ID or
            Samsung's fingerprint scanner. This can be use to authenticate at a
            device or container level.



            CLOUD

            One of the key questions most people ask is how can an organization
            separate personal cloud from enterprise cloud (Enterprise File and
            Sync Share services). Early on, mobile administrators would blacklist
            the personal cloud apps, but this is like playing “whack-a-mole.” If
            you block one personal cloud repository, the users will just find
            another.

               At a device level it’s important to provide an enterprise solution to
            users. Some of the most popular solutions have an Enterprise version
            of their app, which can also embed the SDK provided by an EMM.
            This allows that app to then work in unison with the EMM containeri-
            zation to require users to upload enterprise data (in the container)
            using only that app versus personal cloud apps. Another approach is
            to leverage a containerized documentation collaboration app that
            allows webdav access to the enterprise cloud repository. For additional
            tips, see the “File-Level Security” section in this chapter.



            FILE-LEVEL SECURITY

            Users want to store documents and files in personal cloud services. In
            many cases they don’t distinguish between personal and corporate files;
            therefore it’s common for an employee to upload a file to share with
            another employee, business partner, or prospective client. Mobile Data
            Loss Prevention (DLP) controls and containerization are designed to pro-
            hibit such behaviors to avoid mobile data loss. But when these controls
            ruin the user-experience, employees will attempt to circumvent those con-
            trols resulting in Shadow IT. To overcome this issue, another approach is
            to embrace the personal cloud services rather than block them.

               File-level security is about tying security to a corporate document.
            With this approach, a user can use their favorite cloud service for
            uploading and sharing corporate documents. When a file is shared to a
   28   29   30   31   32   33   34   35   36   37   38