Mobile device usage in the enterprise environment, particularly from BYOD, has resulted in increased sales and customer numbers for 75 percent of companies, reports Info World. However, the business benefits are counterbalanced by the security vulnerabilities these devices bring into the office. Mobile devices present a threat of accidental data exposure that must be addressed in order to protect trade secrets, customer records and sensitive employee information. Mobile security policies should address common vulnerability points and how to mitigate the risks.
BYOD usage is allowed at 60 percent of enterprises, according to Security Intelligence, and is creating an environment where corporate data sits side by side with personal data and apps. A secure mobile container separates the enterprise environment from the employee’s personal mobile usage. The data and apps in this container are encrypted, and access is controlled through authentication handled by enterprise mobility management software.
Containers are also useful for addressing the physical security of the mobile device. Consumer Affairs reports that 5.1 million smartphones are either lost or stolen annually. Without proper authentication, a smartphone thief can’t access the confidential data stored within the container.
Classification and Flow Control
Enterprises need to establish data classification and flow control to ensure authorized employees are the only ones looking at the data, and that the data doesn’t get transferred outside of the organization without permission. Ponemon found that 63 percent of enterprises experienced data breaches related to poor mobile security policies.
Data classification dictates the data type and sets controls on which employees, teams or departments can access the information. With proper classification, it’s easier to handle the access controls for specific data sets. After establishing who can access the data, flow control allows the security team to see where the data goes. Flow control’s primary purpose is to track whether employees are attempting to move sensitive data to unsecured locations, such as a personal email address.
Enterprises have several strategies to narrow gaps in order to cut down on data breaches and other mobile security issues. Enterprise mobility management solutions supporting integration with third-party solutions allow businesses to expand their security capabilities beyond the base features available in their existing system.
It’s impossible to prevent all possibilities of a data breach, so enterprises should also work on decreasing the time between a breach incident and how long it takes for the mobile security team to detect the issue. Fast detection allows the security team to address issues, minimize the data breach damage potential, and quickly address issues with employees who are moving data to unauthorized locations.
Effective enterprise mobility management enables companies to enjoy the benefits of mobile devices while mitigating as many mobile security drawbacks as possible.