|
Mobile data has become a foundation of the daily operations of businesses around the world. Not only has data itself become more mobile, but the users holding that data have as well; as companies employ increasing numbers of global salespeople, telecommuters, ‘country-hopping’ executives, and employees simply taking their work home for the night. Whether an executive with a USB filled with strategic plans, an HR manager accessing sensitive employee information through a VPN or Citrix, or an engineer with a laptop filled with intellectual property, all of that mobile data is concurrently necessary for valuable processes and a risk to the business. It is the job of IT Managers to make this ‘mobile user experience’ no different than if the user was inside the office and connected to the network, and just as secure.
The problem for IT Security Managers is that the standard technologies of network-based data loss prevention have been unable to address the challenges presented by the growing quantities of mobile workers and data. Companies are quick to turn to multiple ‘point-solutions’ to close this risk. One solution handles USB devices, another CDs, and yet another, stolen or lost laptops. Each of these solutions adds cost and complexity to the company’s IT operations. In addition, with every new change in technology or point of egress from the network, a new solution is needed. As the business market evolves, mobile users are quickly becoming the weakest link in companies protecting their information.
With inadequate mobile security solutions and a lack of understanding or disregard of company security policies by employees, mobile users routinely put sensitive data at risk - often completely unaware. Risky activities include:
- Accessing the Internet through poorly protected wireless hot spots instead of VPN connections, or thin clients (Citrix, WYSE).
- Copying unencrypted sensitive data to a USB, CD, or DVD that can be easily lost or stolen.
- Uploading information to an unprotected or all-together blacklisted remote server or website.
- Having a laptop filled with PCI, PII, Intellectual Property, or other sensitive data stolen or lost. The risk is not only knowing the data is gone, but not knowing the full extent of what was on the laptop.
- Downloading freeware, shareware and personal software programs, such as MP3 players, to a company laptop while off the network and later infecting the network with spy-ware, bots, and malware.
- Easily changing or turning off existing security settings when on the road for convenience, creating greater risk.
|
