Endpoint
April 27, 2015 By Kaushik Srinivas 3 min read

Enterprises have sensitive data that resides on a variety of clouds, servers, files and databases — whether they are banks that store credit card numbers, health care providers that need to secure sensitive patient health records and comply with Health Insurance Portability and Accountability Act regulations or product innovators that need to keep their designs a secret. The value of this information is unlocked and enhanced when accessed and updated by users such as employees. Mobile reduces the time it takes to retrieve and update the information to near-real time, which boosts productivity for all stakeholders involved. Content security is crucial to secure this data.

The information itself can be in the form of documents or as data on databases that are accessed via applications. In either case, end users then access this data via an endpoint such as a laptop, smartphone or tablet. With the proliferation of mobile devices around the world, employees now expect access to corporate information on their devices of choice. Mobile adoption is unprecedented in its scale and speed, with approximately 1.3 billion smartphones shipped in 2014 alone. Enterprises need to ensure data and content security on these new form factors and the apps that run on them. As the bring-your-own-device (BYOD) trend continues to grow, it is even more important for corporations to isolate enterprise data from personal data on the device to ensure enterprise data security while simultaneously maintaining user privacy.

Securing the content requires focusing on two components: the back end (cloud or on-premises server) where the data resides and the device itself, which allows end users to access the data.

Securing the Back-End Infrastructure

The back end needs to ensure only authorized devices and users access the data irrespective of software-as-a-service or on-premises solutions. This is achieved by monitoring and blocking unauthorized access based on the device and user security posture, typically in conjunction with access management tools. This could be as simple as a username and password or as full-fledged as an identity and access management system.

Device-Side Data Security

The device side, however, requires a completely new set of security capabilities given that mobile device operating systems have a different user interaction model from those on laptops. The data storage and flow between apps on the device can be better controlled with the help of mobile device management (MDM) and enterprise mobility management (EMM) solutions. EMM solutions not only provide visibility of the environment and secure the devices, but they also secure the apps and the content on them.

BYOD smartphones and tablets now necessitate that chief information officers (CIOs) completely isolate and control the corporate data without touching the personal data on the device. One way to ensure this complete separation of corporate content is through containerization.

Containerization

The EMM industry has evolved from managing just the device to the concept of containerization in order to isolate all the corporate data via an encrypted app on the device. With containers, multiple encrypted apps share common code (via a software development kit or wrapper) and can then be configured over the air by security policies through an EMM solution. For BYOD devices, IT can now manage just the corporate data without even having to control the entire device. This quells fears among employees that their workplace is now monitoring their devices and/or activities. Containers can be used to deliver a complete corporate persona for work-related activities such as email, calendar, contacts, documents and browsers for intranet access.

For content, end users can be allowed access to a wide variety of corporate repositories for document access with a single-app user experience. IT can still enforce strict security via EMM on how these documents are stored and used on the device.

Some of the important security features for containers include encryption and data leak prevention. Through encryption, data can be stored in an encrypted database on the mobile device. Through data leak prevention, the flow of content between apps can be controlled through the following features:

  • Managed open-in, which allows documents to flow between work-related apps that IT has approved and distributed through the enterprise app store.
  • Cut/copy/paste restrictions, which disable inadvertent leakage of data out of corporate apps.
  • Selective wipe, which is offered either through core MDM or via the container. All the corporate content can be wiped out in case the employee leaves the company, the device is lost or the device does not report back to the EMM server for a predefined period.
  • Per-app virtual private networks, which allow users to access internal, behind-the-firewall repositories seamlessly, irrespective of the network they are on, without a device-level virtual private network.

The rate of mobile adoption has been so fast and so robust that malicious apps and newer threats are detected regularly. However, it is up to the CIO, chief information security officer and IT teams to ensure corporate content is secured for mobile access. With EMM and content security, mobile can be a great success story in enabling employees to access corporate information right at their fingertips wherever they are — and there is a great opportunity for IT to be an enabler.

Learn more about securing mobile devices in the business environment

Image Source: iStock

 |  |  |  |  |  | 
Kaushik Srinivas
Product Manager, IBM

More from Endpoint
November 28, 2023

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

October 30, 2023

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

October 19, 2023

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

October 5, 2023

Does your security program suffer from piecemeal detection and response?

4 min read - Piecemeal Detection and Response (PDR) can manifest in various ways. The most common symptoms of PDR include: Multiple security information and event management (SIEM) tools (e.g., one on-premise and one in the cloud) Spending too much time or energy on integrating detection systems An underperforming security orchestration, automation and response (SOAR) system Only capable of taking automated responses on the endpoint Anomaly detection in silos (e.g., network separate from identity) If any of these symptoms resonate with your organization, it's…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature