28    Mobile Data Loss


          personal cloud service, the file is first encrypted before being uploaded.
          If the file is then shared with another employee, the key escrow at their
          company allows the file to be downloaded and decrypted for the
          employee to access and use the document. But when the file is shared
          with a nonemployee, the file remains encrypted and unusable by the
          nonemployee. This is a nice compliment to a defense-in-depth mobile
          strategy and creates a great user-experience for mobile users.



          SUMMARY

          Threats will always exist and continue to evolve. Implementing a
          layered security approach is key to succeeding in your mobile security
          strategy. But success is not always about avoiding a breach altogether,
          but also being prepared to respond to it. A thorough incident response
          plan can mitigate data loss and prepare you for when a breach occurs.
          If your security team doesn’t have a mobile-specific incident response
          methodology, they should. Engage your team to ensure the vetted
          processes are in-place to response. Many times we’ve heard “it’s not a
          matter of if, but a matter of when”; be prepared. All of the recommen-
          dations outlined should also have a tie-in to your incident response
          plan. The countermeasures defined in the chapter should help in
          implementing your defense-in-depth mobile security strategy.