The increase in mobile usage for work-purposes is a mutually beneficial development for businesses. It allows employees more flexibility and agility, both professionally and personally. And, in turn, this results in companies being able to reach their strategic goals in an effective way. The problem that businesses are facing with this increase in mobility, is that it inevitably means an increase in endpoints that a Data Loss Prevention (DLP) system has to cover. With roughly 90% of Americans now owning cellphones, many of which are brought into the workplace and even used for work in companies with BYOD (bring your own device) policies, it is essential to know what you should be doing to keep your files secure.
The risk is, of course, that increase in endpoints from mobile devices, wireless networks, and other mobile and cloud computing services. This creates an environment with no boundaries, unlike the in-office environment that DLP strategies generally cater for.
What exists currently
Mobile policies for companies tend to vary wildly from organization to organization, meaning there are no standard guidelines to follow. Many companies hope that their employees will follow their mobile policy when it comes to the sharing of confidential files on mobile. However, a policy is not a preventative strategy in the same way that a comprehensive DLP strategy is. It relies on a certain level of faith, and, given the level of work activity, and the level of access to work files, on mobile, this completely reduces the effectiveness of the entire DLP strategy.
What do companies do
Many companies avoid invasive software and protocols for mobile devices, often down to privacy issues, especially with BYOD workplaces, and device compatibility. Data Loss Prevention is normally not employed on mobile, so that comprehensive range of solutions for in-office, is not available for mobile in the same way. Therefore, workplaces find themselves in a situation where employees can get around DLP protocols and send sensitive information to their phones and onto cloud sharing platforms at just the swipe of a button.
In some cases, employees are actually more likely to compromise confidential information by leaking or sharing it when they are out of the office, and therefore perceive themselves as less likely to be physically caught.
Some companies use Virtual Private Networks (VPNs) and Cloud Access Security Brokers (CASBs) to assist in reducing the risk, but there are major concerns with both. VPNs don’t have any control over interfaces that companies are increasingly starting to move towards such as Software as a Service (SaaS) apps like Salesforce, and Office 365. CASBs appear to get around this by allowing control over SaaS apps, however they offer very limited DLP capabilities, rendering them not a viable solution at all for most companies serious about DLP.
So, how do companies extend their security to the mobile arena? You don’t want to prohibit the easy sharing and transfer of content that enables your employees to work on the go, so generally it is best to place the focus specifically on prohibiting the transfer of the sensitive information you cannot have released:
- Place a watermark on confidential content
- Block screen captures and clipboard functions for sensitive information
- Prevent download of sensitive files to mobile
- Multi-factor authentication for apps
- Log mobile activity and track suspicious circumstances
While DLP may not have the comprehensive architecture for mobile quite yet, that doesn’t mean it’s worth ignoring the risk. There are plenty of DLP solutions out there that can provide your organization with the focuses above and find a happy medium between complying with privacy guidelines and protecting your organization’s data.