ENTERPRISE INFORMATION PROTECTION

The ability to access sensitive corporate data from anywhere at any time has become a strategic foundation for businesses around the world. Competitive and employee pressures have required businesses to evolve towards “consumerization” policies which expand support for mobile data platforms beyond corporate-owned laptops and removable media to include employee-owned devices like personal laptops, smartphones and tablets.  However, the increased flexibility of supporting new interfaces for mobile data brings with it new risks which must be managed, so it is the job of IT Managers to make any ‘mobile data experience’ equally secure and productive whether accessed via a corporate laptop inside headquarters, or through an employee’s personal smartphone halfway around the world. 

The problem for IT Security Managers is that the standard technologies of network-based data loss prevention have been unable to address the security challenges presented by the wide range of mobile devices driving consumerization policies. By definition, mobile devices do not require network dependencies, so a data-centric approach to security is the only way to ensure policy enforcement anywhere mobile data is at risk. 

Mobile Device Management (MDM) solutions help to provision and manage tablets and smart phones to ensure default security settings like disk encryption are properly configured, and local applications are authorized by policy before allowing a connection to the internal network; however, they are not designed to discover or classify sensitive data; manage data-level security policies; or provide flexible enforcement options appropriate for the risk to mobile data.  As the business need to increase data mobility and accessibility by any type of device grows, mobile users will continue to be the weakest link for companies unable to adopt an equally flexible and agnostic mobile data security solution.

Without an adequate data protection strategy for employee-owned devices, mobile users will routinely put sensitive corporate data at risk, often completely unaware of their actions, and increase the chances of their compromised device infecting the network.  Risky activities for mobile users include:

• Accessing the Internet through unsecure wireless hot spots instead of secure VPN connections, or thin clients (Citrix, VMware)
• Sending sensitive email to external users unencrypted
• Copying sensitive information unencrypted from a virtual desktop/application onto their mobile device
• Having a mobile device filled with PCI, PII, Intellectual Property, or other sensitive data stolen or lost, and being unable to confirm exactly what information was stored on it
• Downloading unknown applications containing malware to a mobile device and spreading the infection to the corporate network
• Changing or turning off the device’s security settings for convenience without understanding the increased risks

For companies ready to expand their mobile data policies to include consumerization support, Verdasys’ scalable Enterprise Information Protection (EIP) security platform extends to include specialized software and policies rules that create the industry’s first data-centric solution to protect sensitive mobile data on virtually any employee-owned device, called EIP Mobile.    Today, EIP Mobile includes the full range of Digital Guardian’s forensic visibility and data policy enforcement through Virtual Desktop Interface (VDI) and Virtual Machine (VM) solutions from Citrix, VMWare, and Microsoft Hyper-V on any supported mobile device, as well as advanced email security policy enforcement for devices connected to Blackberry Enterprise Server (BES) and Exchange ActiveSync infrastructures. 

The Digital Guardian EIP Mobile solution provides the security foundation on which organizations can safely enable their mobile users to access and use sensitive information on their choice of devices.  For instance, today EIP Mobile allows an executive to securely access data on the network through a virtual desktop session with a similar user experience whether she uses her iPad, Blackberry phone, and a Mac OSX laptop to remotely access email or sensitive file shares.  With future upgrades to the EIP Mobile platform users will be able to classify, encrypt, and separate personal from corporate data on their device with a full audit of files, applications, and activity to ensure end-to-end policy compliance of sensitive information from whatever interface it is accessed, used, or stored across the enterprise.

• Digital Guardian's agents audit and protect data inside and outside of the network, within virtual environments (including on iPads, iPhones, Android, and MacOSX platforms), and on mobile email servers like Blackberry Enterprise Server and Exchange ActiveSync
• Extends VM/VDI protections on mobile devices to include full forensic audit of all applications and files activities, and applies appropriate controls to safely move approved data from a VDI session onto the device
• Complete data-in-motion policy enforcement – including policy-based encryption – for all mobile data devices including USB, Firewire, CD/DVD, Blackberries, and Bluetooth channels, and any storage device using Media Transfer Protocol (MTP) such as MP3 players, digital cameras, etc.
• Integrated email and file-level encryption in virtual environments on mobile platforms.  User and session-level activity logging give full visibility into the use of corporate data accessed via employee-owned devices
• Prevents malware-infected mobile devices and removable media from compromising the corporate network
• Evidentiary-quality audit of files and event forensics that are digitally signed and admissible in court