Enterprises have sensitive data that resides on a variety of clouds, servers, files and databases — whether they are banks that store credit card numbers, health care providers that need to secure sensitive patient health records and comply with Health Insurance Portability and Accountability Act regulations or product innovators that need to keep their designs a secret. The value of this information is unlocked and enhanced when accessed and updated by users such as employees. Mobile reduces the time it takes to retrieve and update the information to near-real time, which boosts productivity for all stakeholders involved. Content security is crucial to secure this data.

The information itself can be in the form of documents or as data on databases that are accessed via applications. In either case, end users then access this data via an endpoint such as a laptop, smartphone or tablet. With the proliferation of mobile devices around the world, employees now expect access to corporate information on their devices of choice. Mobile adoption is unprecedented in its scale and speed, with approximately 1.3 billion smartphones shipped in 2014 alone. Enterprises need to ensure data and content security on these new form factors and the apps that run on them. As the bring-your-own-device (BYOD) trend continues to grow, it is even more important for corporations to isolate enterprise data from personal data on the device to ensure enterprise data security while simultaneously maintaining user privacy.

Securing the content requires focusing on two components: the back end (cloud or on-premises server) where the data resides and the device itself, which allows end users to access the data.

Securing the Back-End Infrastructure

The back end needs to ensure only authorized devices and users access the data irrespective of software-as-a-service or on-premises solutions. This is achieved by monitoring and blocking unauthorized access based on the device and user security posture, typically in conjunction with access management tools. This could be as simple as a username and password or as full-fledged as an identity and access management system.

Device-Side Data Security

The device side, however, requires a completely new set of security capabilities given that mobile device operating systems have a different user interaction model from those on laptops. The data storage and flow between apps on the device can be better controlled with the help of mobile device management (MDM) and enterprise mobility management (EMM) solutions. EMM solutions not only provide visibility of the environment and secure the devices, but they also secure the apps and the content on them.

BYOD smartphones and tablets now necessitate that chief information officers (CIOs) completely isolate and control the corporate data without touching the personal data on the device. One way to ensure this complete separation of corporate content is through containerization.


The EMM industry has evolved from managing just the device to the concept of containerization in order to isolate all the corporate data via an encrypted app on the device. With containers, multiple encrypted apps share common code (via a software development kit or wrapper) and can then be configured over the air by security policies through an EMM solution. For BYOD devices, IT can now manage just the corporate data without even having to control the entire device. This quells fears among employees that their workplace is now monitoring their devices and/or activities. Containers can be used to deliver a complete corporate persona for work-related activities such as email, calendar, contacts, documents and browsers for intranet access.

For content, end users can be allowed access to a wide variety of corporate repositories for document access with a single-app user experience. IT can still enforce strict security via EMM on how these documents are stored and used on the device.

Some of the important security features for containers include encryption and data leak prevention. Through encryption, data can be stored in an encrypted database on the mobile device. Through data leak prevention, the flow of content between apps can be controlled through the following features:

  • Managed open-in, which allows documents to flow between work-related apps that IT has approved and distributed through the enterprise app store.
  • Cut/copy/paste restrictions, which disable inadvertent leakage of data out of corporate apps.
  • Selective wipe, which is offered either through core MDM or via the container. All the corporate content can be wiped out in case the employee leaves the company, the device is lost or the device does not report back to the EMM server for a predefined period.
  • Per-app virtual private networks, which allow users to access internal, behind-the-firewall repositories seamlessly, irrespective of the network they are on, without a device-level virtual private network.

The rate of mobile adoption has been so fast and so robust that malicious apps and newer threats are detected regularly. However, it is up to the CIO, chief information security officer and IT teams to ensure corporate content is secured for mobile access. With EMM and content security, mobile can be a great success story in enabling employees to access corporate information right at their fingertips wherever they are — and there is a great opportunity for IT to be an enabler.

Learn more about securing mobile devices in the business environment

Image Source: iStock

More from Endpoint

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

Direct Kernel Object Manipulation (DKOM) Attacks on ETW Providers

Overview In this post, IBM Security X-Force Red offensive hackers analyze how attackers, with elevated privileges, can use their access to stage Windows Kernel post-exploitation capabilities. Over the last few years, public accounts have increasingly shown that less sophisticated attackers are using this technique to achieve their objectives. It is therefore important that we put a spotlight on this capability and learn more about its potential impact. Specifically, in this post, we will evaluate how Kernel post-exploitation can be used…

Cybersecurity in the Next-Generation Space Age, Pt. 1: Introduction to New Space

Working as a cybersecurity engineer for many years, and closely following the rapid evolution of the space ecosystem, I wholeheartedly believe that space systems today are targets of cyberattacks more than ever. The purpose of this article is to give you a glimpse of cybersecurity threats and challenges facing the New Space economy and ecosystem, with a focus on smallsats in Low Earth Orbit (LEO), as well as some technologies to assess space cybersecurity risks. The article series is divided…