The Challenges of Securing a Mobile World
September 13, 2017
Once upon a time our most precious assets were confidently protected behind layers of security defenses. Cash was neatly stacked in a cast metal safe which was bolted to the floor of the building. Customer lists and bank records were locked in a filing cabinet and only accessible to the person who had the key. And Human Resource records were protected by the shelter of the impenetrable HR office door.
Then, digital electronics revolutionized the typical business office. Instead of accessing records from a locked filing cabinet, employees now used computers to navigate a digital file system which contained an abundance of information – much of it considered to be confidential. The sensitive documents that were once tangible and secured behind a physical lock and key were now accessible in digital format and stored in the data network for end users to access.
Security controls such as passwords and file permissions were established to protect the confidential information in its new digital format. This was a time however, when computing devices were stationary and did not typically leave the confines of the physical office. Employees would report to the office for work, log onto their computer, and only then – be granted with access to confidential information. The data that companies treasured most rarely – if ever – left the building.
The same statement cannot be made today. Mobile computing devices are very popular and can be found in most corporate computing devices. Employees are no longer forced to work on a computer that is tethered to the floor beneath their office desk. Laptops, tablets and smartphones have provided employees with the freedom and flexibility to work from just about anywhere. Mobile devices have also changed the corresponding security landscape too.
The Customer Lists, HR records and Bank Statements are now leaving the building.
It is incredibly easy for sensitive information to find its way onto an employee’s iPad, laptop of smartphone. And once it is there, it is as mobile and portable as the device itself. The crown jewels of the organization are located on mobile devices that travel – anywhere. Think about where you have taken your laptop. On the subway? Through an Airport Terminal? On Vacation?
There are two significant risks associated with mobile computing devices:
People lose them, and
People steal them.
The most common item stolen by thieves is cash, the second is electronic devices. So what happens when the hotel maid swipes your tablet? Or, when will you accidently leave your cell phone at the movie theater?
The answer to both questions is simple: Someone now has a device that contains sensitive and confidential information. And chances are that “Someone” is not a trusted entity at all. Many data breaches start with a stolen laptop, or other mobile device. The stolen property is then compromised and the thief has access to the confidential information.
There is no doubt that mobile computing devices pose a real security challenge. We have grown accustomed to the elasticity they provide and it is unreasonable to think we will revert back to using the stationary computer we once used at our desk. Laptops, tablets and smartphones are here to stay.
Human beings will continue to lose these devices and criminals will continue to steal them. And although we can fight to minimize these occurrences through effective awareness training, the reality is that we will not be able to prevent them all together. You will leave the phone in the taxi cab. And the burglar who smashed your car window will almost certainly take the iPad you left on the front seat with them.
A great security control that can be used to prevent an actual data breach is encryption. Device Encryption will transparently encrypt data on laptops, and other mobile devices. This protects organizations from the loss or theft of mobile devices that contain confidential information.
If a lost or stolen mobile device is encrypted, then its new owner (the thief who took it from your car or movie theater attendant) will not be able to access the information that is stored on it. This includes customer lists, bank statements, HR records, etc.
Sure, you will have to replace the laptop, which stinks, but – you can rest assure that your companies prized data is unreadable and unusable for any unauthorized person.