Page 43 - Mobile Data Loss
P. 43
CHAPTER 5 5
Developing Your Mobile Device
Security Strategy
When developing a mobile device security strategy one should embrace
both security and the users. Without embracing the users and making
security as invisible as possible, users may become frustrated and
abandon the solution. Additionally, it may cause “Shadow IT” causing
users to find ways to bypass security controls. This is a different mindset
to traditional security approaches, and should be incorporated into any
mobile security deployment to ensure success. It’s not about restrictions,
but about enablement.
PROACTIVE CONTROLS
Any holistic security strategy should include proactive, reactive, and live
monitoring controls. Proactive controls should protect the data-at-rest
and the data-in-motion. Fundamentally, a device PIN/Password and
encryption are important, but for a security conscious organization,
further DLP controls are required. For example, if a user receives a
corporate email with an attachment, there’s nothing preventing an
employee from opening the attachment and uploading it to a cloud
service, sharing it with nonemployees, and more. This is where separa-
tion of personal and enterprise data becomes important.
An encrypted container for enterprise data provides proactive
protections from the personal persona on the device to avoid comin-
gling of the data and data loss of enterprise data. Through both
encryption and DLP controls, the organization can control enterprise
data, while leaving the user’s personal data alone. This will provide
protections against accidental or intentional sharing of enterprise data
with cloud services, other email accounts, copy/paste, screenshot, and
more. Additionally, this container provides a level of protection
against malware downloaded outside the container, as the container is
encrypted and controlled separately from the rest of the device. While
Mobile Data Loss. DOI: http://dx.doi.org/10.1016/B978-0-12-802864-3.00005-2
© 2016 Elsevier Inc. All rights reserved.
