How to Keep Your Data Safe on Their Mobile Devices

Posted on January 20, 2015

As any IT professional can attest, the main challenge with BYOD can be summed up in a single sentence. "IT does not control the content and configuration of the device."

Since the mobile devices belong to individual employees, IT policies calling for the company to view or wipe personal data are problematic. So most enterprise mobility management or mobile device management tools piggy-back on top of the user's personal data, so that it can be removed when the device is no longer used for work.

"The key to doing this is a personal device profile," explains Jared Hansen, CEO of secure mobile printing leader Breezy. "Depending on the device operating system, a personal device profile can provide IT the option to control device passcodes Wi-Fi, VPN settings, ActiveSync, traditional POP/IMAP email, calendar and contact access, certificates and installed apps."

One increasingly popular security feature to protect company data is to keep most of that data from actually residing on the device, by enforcing browser-based apps available through a VPN, or by publishing them to a secure website with lots of security. "This is certainly one way to secure the data," Hansen says. "However, it's not always possible to keep the data on the server instead of the user's device. That's why I think on-device encryption is still the best option."

If It Can Happen to Sony?

Walt Mossberg's Recode site says there are now just two kinds of companies left in the U.S.: Those that have been hacked, and those that don't yet know they've been hacked. Huge companies like Sony, Target, Home Depot and all the other high-profile victims in 2014 had dedicated security staff and sizable security budgets. Each company thought that its data was protected.

Does your company have the resources to employ a chief security officer and IT staff committed to cybersecurity? Do you have a comprehensive mobile device security strategy that includes secure mobile printing? Most companies do not. Even if you do, if it can happen to Sony and the others, it can happen to you.

So how can companies protect data, especially data that resides on mobile devices owned by employees? By training and motivating the human beings who are at the forefront of data security: your non-IT employees. The mobile security market is expected to grow at a compound annual growth rate of 38.30% through 2018, according to a new report from Reportstack.

"But there is no substitution for an informed and motivated employee," Hansen says. "They're your frontline defense against some of the most devastating forms of cyber attack through mobile devices, because only they can avoid clicking on a spear-phishing link or downloading a dangerous piece of malware."

Ojas Rege, vice president of strategy at security solutions company MobileIron, told the Telegraph newspaper that the role of the IT department is changing in the mobile age. Rege sees the role of the IT department in the mobile age as being much less about "command and control" and much more about partnership. With people getting more used to technology in their personal life, the demands of what it can do in their business life are becoming much greater.

"Instead of being focused on restricting user actions, IT departments now have to focus on giving the user a great experience, protecting their privacy and giving them choice," says Rege. "For MobileIron, it's about listening to the IT needs of your employees and working with them."

Worry About Apps, Not Just Connections

In addition to focusing on user behavior and needs, IT departments need to rethink where their security is focused. "It used to be that the focus on IT security was on making it hard for potential hackers to connect to the network," Hansen says. "That's still necessary of course, but today's mobile-centric world requires that IT security worry about mobile apps, not just network connections. Although Apple and Google's app stores do their best to filter out malicious apps there is still a risk that the user may download one. And once the app is on a mobile device that's connected to your network, it's much harder to stop the app from leaking information."

Rege says that's why MobileIron integrates technology from app reputation companies like Appthority, FireEye and Veracode. "If a user downloads an app on a corporate device that they are not supposed to, an automatic rule will notify them to remove it. If they don"t, access to the enterprise from that device will be removed."

According to MobileIron, the security risk in the mobile space isn't just limited to malware. One factor that firms need to consider is the integrity of the device's operating system.

"All bets are off when you tamper with an operating system," explains Rege. "It's very important for a company to provide devices that haven't been tampered with which is why we offer jail-breaking detection."

Mobile security also has to consider "man in the middle" attacks where sensitive data is intercepted, typically over a public Wi-Fi connection or cloud connection when an employee tries to perform an everyday task like printing a document from a mobile device. "Man in the middle attacks are not just common, they are now ubiquitous," says Rege.

Breezy partners with leading Enterprise Mobility Management (EMM) companies including MobileIron to ensure mobile access to critical enterprise information without compromising security. Breezy's secure integration with these management platforms ensures you can access and print the content you need when it's needed, Hansen says.

Three Steps to Better Mobile Security

So the three steps to better mobile security for 2015 include:

Companies that take these three steps, Hansen says, will be in a much stronger position than those that do not. "The rate of attacks is not going to go down. And the cost of a successful data breach is continuing to rise. Lawsuits against Sony and the class-action suit against Target are expected to set new precedents on employer liability for personal data breaches suffered by employees as well as consumer recourse against companies after a data breach. So if you don't have a comprehensive mobile device security solution in place that includes secure mobile printing as a protection against man-in-the-middle attacks, it's time to put one in place."

For more information on mobile device security and secure mobile printing, watch this video from Breezy, download The Definitive Guide to Mobile Printing, a free ebook, or click here to schedule a Breezy demo now.

Easy to deploy and manage

Customers report that Breezy installations are among the easiest they’ve ever seen for an enterprise product.