Protecting Your Data In The Age Of Mobile

Today, one of the main tasks for all institutions is achieving maximum protection for their data while ensuring full accessibility and mobility. Protecting your data has become the responsibility of both users and the organization holding it.

The complexity and the resulting problems are caused by a following sequence:

Increased mobility leads to improved employee productivity leading to wider dispersal of data leading to increased chance of dangerous data leakage

Below, I will focus on the example of the widely used DROPBOX tool.

The challenges we face tend to increase as the tools providing accessibility and mobility improve drastically.  A good example of this is DROPBOX – it enables users to effectively access their data, while the integration and training efforts for them are kept to a minimum.  This tool is very much liked by most users, and they work with it extensively. DROPBOX gives us the ability to access the data from any mobile device anyplace, and enables us to work OFFLINE as well.

I do not doubt the fact that DROPBOX is a very effective tool that can significantly increase employees’ productivity.  For example, a salesperson can quickly generate a price offer while being on the move, using a mobile device, and instantly share it with his co-workers – this is quite an achievement!

So if it is true, then why has DROPBOX earned such a bad reputation within IT managers’ community as a tool contributing to harmful data leakage?

This is first and foremost an issue of control!

DROPBOX can sometimes lead to a loss of control, resulting in some segregated files leaking outside the institution.

It is important to note that a similar problem can also occur in any Windows Server environment, but the ease of using DROPBOX can be very conducive to such problems happening much more often.

How do we stay in control?

The newer and more sophisticated product, DROPBOX FOR BUSINESS, does offer advanced control facilities, such as compartmentalization, 2-Form Authentication, control of outside sharing, centralized file management and Active Directory authorization management (using an additional third-party tool, though).

Is all this enough?  Sadly, no…

All these features help in protecting your data if your company’s employees are honest and dependable, and not tinged with corruption or carelessness, which can easily lead to data leakage.  In addition, these tools cannot provide protection in an OFFLINE mode, which is especially important in cases of your device being misplaced or stolen.

The protection should be applied to the files themselves, and not to the outer envelope that contains them. The protection/encryption should be applied on the file level itself, so the files would be protected at all times while opened in different gadgets or applications:

  • PC/laptop
  • Smartphone
  • Tablet/PDA
  • DROPBOX
  • SkyDrive

Basic RMS by Microsoft and more advanced tools, such as Secure Islands IQP, provide effective encryption solutions that focus on safeguarding the files, and not the outer shell, which is proving to be so difficult to protect nowadays.

The mobile devices themselves should be encrypted, so the data will still be safe even in case of lost or stolen devices.

  • For most laptops – use the file encryption system such as centrally controlled BitLocker
  • For mobile devices such as smartphones or tablets – several centrally-controlled MDM tools that can enforce the devices’ encryption from a central node

All your mobile devices should be equipped with centrally-activated active encryption, ensuring that losing the device will not lead to data misappropriation. This process is an effective way of protecting your data.

Conclusions:

  1. A classified file that has been properly encrypted, with a tool such as Secure Islands IQP, can be disseminated on all kinds of media and devices – office computer, tablet, home computer, mail program, DROPBOX.  In all the cases the access to the file will be open only to a person authorized for it
  2. A standard file, protected by DROPBOX (for example), and placed in the DROPBOX offline cache directory, will still be protected, even if the mobile device was lost or stolen

So, can the use of the DROPBOX tool on employees’ tablets work with data security rules? The answer is YES – if the IT System is designed correctly, using the modern methods of data security assurance!

Eli Migdal, CEO of Migdal Computing Solutions LTD

Visit our Information Security page for more information and find out how we can help you.