Mobile Data Leakage Prevention

Similar documents
Taking Your Enterprise Mobile: The Executive Checklist

The 10 musthaves for secure. enterprise mobility

A Zenprise White Paper. The Shift to MDM 2.0

RFI Template for Enterprise MDM Solutions

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

Symantec Mobile Management for Configuration Manager 7.2

The Ten Must Haves for Secure Mobile Device Management

Choosing an MDM Platform

WHITE PAPER. Mobile Security. Top Five Security Threats for the Mobile Enterprise and How to Address Them

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

EXECUTIVE SUMMARY Cloud Backup for Endpoint Devices

The Future of Mobile Device Management

EasiShare Whitepaper - Empowering Your Mobile Workforce

Total Enterprise Mobility

If you can't beat them - secure them

What We Do: Simplify Enterprise Mobility

ENTERPRISE MOBILITY USE CASES AND SOLUTIONS

Athena Mobile Device Management from Symantec

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

Enabling mobile workstyles with an end-to-end enterprise mobility management solution.

Securing Office 365 with MobileIron

Symantec Mobile Management 7.2

SAFELY ENABLING MICROSOFT OFFICE 365: THREE MUST-DO BEST PRACTICES

Securicom (MDM) Mobile Device Management

ForeScout MDM Enterprise

CHOOSING AN MDM PLATFORM

Which is the Right EMM: Enterprise Mobility Management. Craig Cohen - President & CEO Adam Karneboge - CTO

The ForeScout Difference

Securing Corporate on Personal Mobile Devices

Readiness Assessments: Vital to Secure Mobility

Symantec Mobile Management 7.1

Securely. Mobilize Any Business Application. Rapidly. The Challenge KEY BENEFITS

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

Symantec Mobile Management 7.1

Secure Data Sharing in the Enterprise

Mobile First Government

IT Self Service and BYOD Markku A Suistola

Why Encryption is Essential to the Safety of Your Business

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

MaaSter Microsoft Ecosystem Management with MaaS360. Chuck Brown Jimmy Tsang

BYOD File Sharing Go Private Cloud to Mitigate Data Risks

When enterprise mobility strategies are discussed, security is usually one of the first topics

IBM United States Software Announcement , dated February 3, 2015

The Maximum Security Marriage:

White Paper. Protecting Mobile Apps with Citrix XenMobile and MDX. citrix.com

SECURE FILE SHARING AND COLLABORATION: THE PATH TO INCREASED PRODUCTIVITY AND REDUCED RISK

MDM and beyond: Rethinking mobile security in a BYOD world

SAP White Paper Enterprise Mobility

activecho Driving Secure Enterprise File Sharing and Syncing

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Ensuring the security of your mobile business intelligence

#ITtrends #ITTRENDS SYMANTEC VISION

SECURITY OF HANDHELD DEVICES TAKE CONTROL OF THE MOBILE DEVICE

MobileIron for ios. Our Mobile IT Platform: Purpose-Built for Next Gen Mobility. MobileIron Platform: Accelerating ios Adoption in the Enterprise

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

Technical Whitepaper. Secure Docs

Security and Compliance challenges in Mobile environment

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

How To Protect Your Mobile Devices From Security Threats

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Copyright 2013, 3CX Ltd.

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

Feature List for Kaspersky Security for Mobile

EndUser Protection. Peter Skondro. Sophos

BYOD: End-to-End Security

Document Sharing on Mobile Devices. Securing Productivity on the Go!

Cloud Backup and Recovery for Endpoint Devices

RightsWATCH. Data-centric Security.

BYOD: BRING YOUR OWN DEVICE.

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

SAP Document Center. May Public

A Secure, IT-approved Alternative to Personal File Sharing Services in the Enterprise

IBM MobileFirst Protect: Secure & Manage your mobile enterprise

Whitepaper. Simple and secure. Business requirements for Enterprise File Sync and Share solutions.

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

Top. Reasons Federal Government Agencies Select kiteworks by Accellion

How To Support Bring Your Own Device (Byod)

FileCloud Security FAQ

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Mobilize with Enterprise-Grade Security and a Great Experience

Don t Lose the Data: Six Ways You May Be Losing Mobile Data and Don t Even Know It

Data Security on the Move. Mark Bloemsma, Sr. Sales Engineer Websense

Citrix ShareFile Enterprise technical overview

Transcription:

Mobile Data Leakage Prevention Three Best Practices for Liberating Users, Not Data A Z E N P R I S E W H I T E P A P E R

Contents Mobile Opportunities... 2 Mobile Security Concerns... 2 There is an explosion of smartphones, tablets, and mobile apps in the workplace... 2 There is more mobile access for a greater number of users... 3 The growth and mobilization of file synchronization applications... 3 Three Best Practices: Mobile DLP in Action... 3 Best practice 1: Use Mobile DLP to securely distribute content... 3 Best practice 2: Use Mobile DLP to secure access to and storage of sensitive content... 4 Best practice 3: Content- and context-aware enterprise control... 4 Key Requirements for Mobile DLP... 4 About Zenprise... 5 2012 Zenprise, Inc. 1

Mobile Opportunities Opportunities abound for your mobile enterprise. Tablets and smartphones change the way your users access information and collaborate to get their jobs done. Employees are happier and more productive when they re given mobile access to their email and corporate applications, and likewise, companies running their businesses on mobile gain competitive advantage and drive top-line growth. In a recent survey, Aberdeen found that best in class enterprises are three times as likely as all others to tie business workflow to users mobile devices. 1 Yet, according to nearly every analyst study, security is the primary inhibitor to both enterprise mobility and bring your own device (BYOD) programs. CSO Magazine recently reported that 17 percent of enterprises have already experienced a mobile breach. 2 Mobile Security Concerns While mobile security concerns range from passcode enforcement to locking down mobile network access, data breach and data leakage are at the top of the list for implementers of mobile programs. According to enterprise security expert Jack Gold, organizations will lose 3-4x as many smartphones as notebooks each year, and he (rhetorically) asks us with 32 or 64 GB of memory, how many records does a lost smartphone or tablet contain? 3 At an estimated cost of more than $250 per lost record, 4 a data breach can be costly. In fact, some research estimates the cost of a mobile breach at more than $400,000 for an enterprise and more than $100,000 for a small business. 5 This concern resonates more profoundly as an increasing number of smartphones and tablets connect not only to the corporate network, but access an increasing number of business applications. There are many factors that lead to mobile data leakage risk. Three such factors include the following: There is an explosion of smartphones, tablets, and mobile apps in the workplace With Forrester reporting that nearly 60 percent of organizations are supporting a BYOD program 6 and enterprise IT spending set to reach $16 billion on ipads alone in 2013, 7 mobile device volumes in the enterprise are not only skyrocketing, but they re also crossing over from being an executive-only tool to a tool for the masses. Whether mobile devices are corporate-issued or personally-owned, the number of applications on those devices is increasing. Asymco reported an average of 60 applications per ios device. 8 Given over half of organizations are supporting more than one device type 9 and best in class organizations support an average of 3.3 device types 10, the exposure of the corporate network to potentially non-compliant or malicious applications is immense. Though these facts point to a malware risk, consider the Wall Street Journal finding in the article, Your Apps are Watching You : Of 101 mobile applications studied, 56 transmitted device ID, 47 transmitted location data, and 5 transmitted personal information from the device to a third-party server. 11 Even though the study was focused on consumer applications, it points to the fact that devices and the corporate network are beholden to the apps that are installed on devices. 1 Mobility in ERP 2011, Aberdeen, May 2011 2 Global State of Information Security Survey, CSO Magazine, 2012 3 MDM is No Longer Enough, Zenprise webinar with enterprise security expert, Jack Gold, October 2011 4 U.S. Cost of a Data Breach, Ponemon Institute, March 2011 5 State of Mobility Survey, Symantec, February 2012 6 Market Overview: On-Premises Mobile Device Management Solutions, Forrester, January 3, 2012 7 Global Tech Market Outlook for 2012 and 2013, Forrester, January 6, 2012 8 More Than 60 Apps Have Been Downloaded for Every ios Device, Asymco, January 16, 2011 9 Market Overview: On-Premises Mobile Device Management Solutions, Forrester, January 3, 2012 10 The Need for Mobility Management, Aberdeen blog, February 17, 2010 11 Your Apps are Watching You, Wall Street Journal, December 17, 2010 2012 Zenprise, Inc. 2

Even if they aren t considered malicious, apps can access, collect, and transmit sensitive data against corporate policy, and in a way that can bypass traditional enterprise security monitoring mechanisms. There is more mobile access for a greater number of users At all levels of the organization, enterprises have a strong desire to arm the workforce with mobile devices and give them mobile access to corporate applications and data. Between Aberdeen s findings that best in class organizations are arming users with business process on their mobile devices to Symantec s findings that a third of enterprises are implementing custom mobile applications 12, lines of business in many organizations are seizing the mobile opportunity. This can range from retailers arming salespeople with tablets on the department store floor to warehouse operators providing ruggedized Androids to workers to service fleets supplying field personnel with smartphones. This access shows tremendous promise, but it also means that more corporate data will be in a greater number of user hands via an increasing number of access mechanisms, thus multiplying risk. The growth and mobilization of file synchronization applications The data leakage use case we hear most about in the mobile device management market centers around device loss or theft. However, the big threat is not device loss but rather uncontrolled data sharing through an endless tapestry of file sharing technologies. With millions of users sharing files consumer and business the potential for data leakage via mobile file synchronization dwarfs that of the device loss/theft scenario. File synchronization technologies are especially concerning because of the multiplier effect: files that are saved outside of the corporate network aren t just shared with one device, but with all of the devices that are connected in a viral manner via the file-sharing service. Three Best Practices: Mobile DLP in Action Mobile DLP is a way to seize the opportunities that these trends offer, but give the enterprise a fighting chance in protecting sensitive corporate data. As we observe how our customers use and interact with the Zenprise Mobile Data Leakage Prevention (DLP) solution, a number of best practices have emerged. Here are three: Best practice 1: Use Mobile DLP to securely distribute content Despite the data security risks, the increase in collaboration and productivity from file synchronization is significant. In some cases it holds such promise that organizations are willing to hold their noses and use the technology in spite of the risks. But a best practice that we have learned from our customers is that organizations can use mobile DLP to securely synchronize content across mobile devices. With a secure content container on each mobile device that serves as a secure alternative to some of the popular file sharing technologies, enterprises can distribute content whether confidential documents, the latest corporate pitch, or a human resources training video from enterprise collaboration tools and content repositories to groups of users on their mobile devices. If they can do so in a secure, controllable fashion, but one that doesn t disrupt the native application experience, they can achieve the benefits of file synchronization technology without the data security and compliance risks. Organizations can distribute files of any type in a role- and policy-based way, make sure that they automatically synchronize whenever content changes, ensuring version control (so when the corporate pitch changes, all users automatically have the latest on their tablets), and time-expire content to reduce errors associated with users having outdated or inaccurate information as well as reduce the risk of content exposure. 12 State of Mobility Survey, Symantec, February 2012 2012 Zenprise, Inc. 3

Best practice 2: Use Mobile DLP to secure access to and storage of sensitive content In addition to content distribution, organizations are using Mobile DLP to secure access to and securely store sensitive content. They can use Mobile DLP to give users access to sensitive content in a role-based way and have them store it in the secure container on the device. That way, users can get to the content when and where they need to (without having to remain logged into the network) and interact with the content in its native application format. The enterprise can ensure data security and compliance with key regulatory and industry policies that specify the lock-down of personally-identifiable, health, or credit card information by encrypting data in the content container on the device so it is secured at rest, as well as encrypt the communications channel between the secure container and back-end applications so it is secured in transit. Best practice 3: Content- and context-aware enterprise control Beyond protection of data at rest and in transit, organizations want control over content while in use. Using Mobile DLP, enterprise IT can set context-aware policies that govern mobile user actions on the content, including save, print, email, email link, and copy/paste on a file-by-file basis, on files in a secure area of the repository, or based on content classification or tagging. They can also set policies to delete sensitive data when certain conditions are met that may indicate a data security threat such as too many failed login attempts or device jailbreak. Key Requirements for Mobile DLP These best practices require certain Mobile DLP capabilities to complete the use case. In the table below, we break down each practice into a set of discrete Mobile DLP requirements to help organizations understand what s needed to give users mobile access to data while also protecting those data. Best Practice Requirements Secure content distribution Secure access to and securely store sensitive content Content- and contextaware enterprise controls Secure content container on the mobile device that serves as a secure enterprise alternative to consumer file synchronization technologies Integration with enterprise content repositories and collaboration tools for seamless content management, distribution, and synchronization Encryption of data at rest in the secure content container and data in transit with a secure communications channel from the content container to the back-end application Support of multiple data formats so user interaction with content preserves the native application experience Role- and policy-based governance over user actions such as file save, print, email, email link, and copy/paste Governance on a file-by-file basis, on files in a secure area, or based on content classification or tagging Context-aware policies such as data wipe on failed login attempts or device jailbreak Zenprise Mobile DLP Zenprise Mobile DLP, an add-on module to Zenprise s mobile device management solution, features a secure, data-agnostic content container that lets your users access presentations, documents, video, and other files from their mobile devices. Content owners can edit files and have these changes automatically synchronize across all mobile devices whose users have access to the file in their container. Similarly, organizations who want to distribute files such as presentations, training videos, or service documents to groups of users can use this to manage, lock down, time expire, and ensure version control of these documents. 2012 Zenprise, Inc. 4

A global medical device company uses Zenprise Mobile DLP to distribute sales collateral to field sales on mobile devices. When product versions are released, content owners make the edits to the documents in SharePoint and those changes automatically synchronize to field users secure containers on their mobile devices. Zenprise Mobile DLP offers the following capabilities: Data Protection Activity Key Capabilities Enable Automatically synchronize content across mobile devices Distribute files to groups of users easily Ensure file version control Save files from device into secure container Control Create rules on file access based on user roles Integrate with Active Directory to auto-enable/disable file access Map DLP policies on a file by file basis, across entire directory structures, and/or on a user by user basis Integrate with enterprise collaboration tools and content repositories starting with Microsoft SharePoint and Office 365 Protect Protect data at rest, data in use, and data in transit Secure data stored in secure Mobile DLP container via AES 256 bit encryption Prevent leakage of sensitive data through context and content-aware security policies and secure data containers Prevent users from opening certain files in third party applications (e.g., cloud based file sharing apps) Stop users from sending sensitive documents via email, such as to a personal account Block users from copying and pasting sensitive file data into emails or apps Block users from printing sensitive documents Prevent users from downloading confidential files locally to their mobile device Enable controls to time-expire content on devices Selectively wipe corporate data from the container Enable automated wipe upon device jailbreak Enable automated wipe upon failed user authentication Disable content transfer when roaming Zenprise Mobile DLP lets our customers have their cake and eat it too letting them give users mobile access to data even sensitive corporate data so they can do their jobs and be more productive, while giving IT governance and control to protect those data from leakage or breach. Everybody wins. A European logistics company uses Zenprise Mobile DLP to provide meeting packets to its Board of Directors on their ipads prior to the company s monthly Board meeting. IT sets a content policy blocking users from saving, printing, or emailing the slides, or copying/pasting the slides, and time-expires the content after each meeting. About Zenprise Zenprise is the leader in secure mobile device management. Zenprise MobileManager and Zencloud let IT say yes to personal and corporate-owned mobile devices without sacrificing security and compliance requirements. Only Zenprise protects the mobile enterprise end-to-end with the industry s easiest-to-use MDM solution. This lets executives take their businesses mobile, gives IT peace of mind, and makes employees more productive on-the-go. www.zenprise.com. 2012 Zenprise, Inc. All rights reserved. Zenprise is a registered trademark of Zenprise Inc. All third-party trademarks, trade names, or service marks may be claimed as the property of their respective owners. WP-20-1 Zenprise, Inc. 1600 Seaport Blvd. Suite 200 Redwood City, CA 94063 +1 650 365 1128 www.zenprise.com 2012 Zenprise, Inc. 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information