How to Select the Right Encryption Solution

In today’s fast-moving and fast-changing world, coupled with the influx of smart devices and IoT, securing data and protecting it from falling into malicious hands has become extremely challenging, complex, and necessary. The workplace no longer adheres to a typical 9-to-5 routine. Technology has created the ability to work remotely from anywhere and at any time through laptops, tablets, smartphones, etc. The gates to breaches have thus significantly increased in number, resulting in greater need to use encryption, scaling to not just a computer but to the numerous smart devices that are constantly used to access data.

Ponemon Institute conducted a survey and came up with the most prominent drivers that propel industries to consider encryption as a defense against data breaches.

We saw in one of our previous blogs how the number of breach incidents has risen to staggering heights this year. IT experts collectively agree that encryption is the key solution to this humongous problem, but it has to be the right type of encryption that is applied to the industry. A thorough knowledge of current tools and technologies that are prevailing in the market is very important before implementing any type of encryption. A customized encryption solution, apt for the said enterprise, will not only protect the loss of data but also save time and money. Now, what is the criteria for determining the type of encryption solution suitable for the enterprise? The following points will answer this question.

  1. Basic Requirements – A Must

The encryption solution should meet the following basic requirements:

  • Encryption should be automated, simple for end users to comply with, and provide non-disruptive protection.
  • There should be a robust access authentication of users, resulting in appropriate access to the data by authorized users only. The encryption should also have a provision for regular checks on user access control for validity.
  • It should be able to protect wide array of smart devices across multiple platforms such as Windows, Mac, and Android. Most smart devices already offer some kind of base protection, but this might not be sufficient for big enterprises dealing with highly sensitive data.
  • Type of encryption will also further depend on the type of data that has to be protected. This could be data in motion, data at rest, or data in use. The company might require full-disk encryption or just file encryption.
  • The need for managing the encryption keys must be assessed – can it be done by the IT department itself or should the services of a vendor be considered.
  • Another characteristic is that the encryption implemented should grow as the enterprise expands. The growing demands of the company should not hamper the prevailing encryption or render it ineffective.
  • The encryption should be such that if the data were to fall into the hands of hackers, it would be deemed incomprehensible and useless.
  1. Encryption Key – Vendor-managed or Customer-managed

An encryption vendor-managed key or a customer managed key scheme uses a pseudo-random encryption key generated by an algorithm. An unauthorized interceptor cannot access the data without this key. Customer managed key (CMK) empowers the customer completely as it makes physical location of the files less relevant, since no party can decrypt the data if the customer has chosen to withdraw access to the encryption keys.

  1. Key Management

Managing the keys is another important aspect in encryption. Depending on how big the organization is, there could be a large number of keys that need to be managed uniformly and tracked constantly. Towards this, Zecurion Zserver secures and protects confidential information at the processing and storage level on corporate servers. The Zserver Enterprise Key Management Server (EKMS) minimizes administrative overhead for encryption by generating, storing, managing, and automatically loading encryption keys across the enterprise.

According to a report by CSC, “While individuals are responsible for most data creation (70 percent), 80 percent of all data is stored by enterprises.” Encryption may not be the silver bullet to thwart data breaches completely, but is a necessary step towards mitigating the accidental or deliberate loss of critical and sensitive data. Enterprises, both small and large, should make it a mandatory requirement  and implement encryption company-wide.

Mobility and Security Go Hand-in-Hand

“By the end of 2017, market demand for mobile app development services will grow at least five times faster than internal IT.” Gartner

The reason for Gartner’s prediction of a fast growing industry is that more and more organizations across multiple sectors are adopting the bring-your-own-device (BYOD) culture. With most functionalities going digital, many employees have started to use their mobile devices not only for communicating with their peers but also for storing and accessing business-critical data on and off company premises. While this has added a lot of ease and reduced time to respond, it has invariably led to a laundry list of issues, especially regarding security.

The Vulnerabilities

While organizations are worried sick about hackers stealing critical data, they have come to realize that often the enemy lies within. Employees who can access business data over their smart devices may—knowingly or unknowingly—share critical data with competitors or simply lose their devices that may have accessible data. Such data in the wrong hands may prove to be very costly.

These problems have made employers lose sleep, worrying and fretting about the safety of their data. Even though these problems may be resolved by a seamless implementation and integration of a robust security system with firewalls and servers that allow communication via mobile devices, there are still many security threats that loom large.

Banking and financial sectors along with organizations dealing with security need to be the most careful about such events, and must try to curtail losses ASAP. As per SafeNet’s Breach Level Index, “…not all breaches are reported and many, especially those involving insiders, may go unnoticed or take a long time be discovered.” Furthermore, regardless of the number of incidents, SafeNet’s report claims that insiders account for more than half of the actual information lost.

The more the time taken for the realization that crucial data has been compromised due to an internal threat, the more severe the losses will be, which may be monetary or related to loss of reputation. Both could eventually lead to loss of a customer base.

When it comes to insiders, “ignorant users” are known to be the biggest threat. However, almost 70% of IP thefts are committed by disgruntled, grudge-bearing employees or by employees that are looking for monetary gains. Emails are another common method by which employees can steal data. With all the company data now available on their smart phones there is a huge security concern with these employees. With the explosion of social media—Twitter, Facebook, Instagram, and every other new information-sharing app—in addition to their heightened the accessibility by almost all employees, it is very difficult to control what critical information is being made public.

Apart from this, a lot of organizations are shifting toward storing (sometimes critical) data online using cloud-based platforms. In case such data is breached and is made public, it may result in enormous losses.

With organizations allowing external hard-disks and USB access to employees, this may in fact turn out to be the easiest means of data theft in the electronic format unless it is controlled and supervised. Coming to the more physical aspect of data theft, unsupervised printouts seem to be an obvious choice.

What Is Needed?

Mobile DLP helps prevent data leakage from mobile devices and safeguards unencrypted information. It acts as a gatekeeper to control confidential information from compromised and unauthorized access by routing the traffic through a corporate virtual private network (VPN) server.

Mobile DLP also allows access restriction for applications. The solution can help enforce a restriction on usage of select applications by blacklisting them or exceptionally allowing some applications to users by whitelisting them based on user business requirements and approvals.

Further, mobile devices connected to the corporate network can be monitored for voice chat activities through control of HTTP/HTTPS and can also log all outgoing text as well as multimedia messages to prevent data leakage. DLP solutions act like control centers for sensitive data, user profiles and device information.

With enhanced security and business flexibility, Mobile DLP offers the perfect combination required for securing data on mobile devices. Protecting the 3Cs—content, credentials, and configurations—is an essential element of any data security strategy and Mobile DLP helps address all the possible channels for vulnerabilities.

Is the Hospitality Industry in Danger?

Long back in 2005, Meyers and Mills had said that using biometric technologies could improve hotel security and enhance the ability to recognize criminal activities. Fast forward to 2016 and we are seeing that the hospitality sector has become an easy prey for cyber criminals.

The leap in technology has made it easy for the hospitality industry to gather a lot of personal
data about customers that has helped them increase sales and profit margins. A recent report by Sabre Hospitality Solutions confirms that the proper use of Big Data generated can give a ‘definitive market edge’ to hoteliers.

It’s Green for the Hackers!

This has also made it easy for hackers to commit financial crimes at a larger scale. While hackers attack smaller enterprises as they usually have systems that can be easily breached, they hack into bigger franchises for gaining access to a global database. Especially for the hospitality sector, this is due to day-to-day operations of the industry involving online reservations, card-based transactions, and rewards programs. This generates a humongous database of user data that, if exposed to the wrong hands, will create havoc in personal and financial lives.

Criminals across the globe try to hack into hotel networks to rob credit card details of guests. In essence, they are trying to target thousands of cardholders together. Not only do hotels may have vulnerable systems, they may be able to detect a breach long after it has occurred. An average time as per Trustwave Spider Labs is 173.5 days.

Cybercrime is a huge risk that hotels must deal with on a regular basis. Social engineering attacks such as phishing and Advanced Persistent Threats (APT’s) are the most dangerous types of cyber-attacks as they can bypass the current security setup. Hotel Wi-Fi networks therefore need to be secure, with built-in wireless intrusion prevention and detection for enhanced security.

Sample this: As per the 2015 Trustwave Global Security Report, the global hospitality industry now sits on top of the three industries most frequently targeted by hackers.

The Challenge

This challenge of data security and safety also increases the liability of the hospitality industry as any security breach may lead to heavy financial losses (legal), loss of brand and reputation, and also loss of customer loyalty. This will lead to financial instability and failure in the long run.

Repercussions of a Security Breach

Hotels have to spend through their nose if there’s a breach of private data. The areas where the cash will flow usually cover legal processing, fines, penalties, forensic investigation expenses, credit monitoring, business interruption losses, and hiring PR professionals to help control damage and save reputation. Additional costs are required towards recovering lost data and fixing the actual cause of breach.

Several organizations that analyse security and data breach trends cite hospitality as the ‘single most vulnerable industry’. Thus, IT leaders in hospitality are making data security their number one priority.

There are Ways to Stop This Loss

Most states today have privacy laws for issuing notifications if anyone’s personal or financial information is compromised, lost, or stolen. To add on, there are multiple practices that support data loss prevention (DLP), such as the Payment Card Industry Data Security Standard (PCIDSS) that ensures ‘that all companies that process, store, or transmit credit card information maintain a secure environment’. Practices such as PCIDSS if implemented properly, can help control a lot of such incidents.

Hotels of any size must secure their network to protect hotel operations and guests’ data. They must also annually review their information technology to proactively respond to threats. To save themselves from the fate that even the likes of Hilton, Marriott, Mandarin Oriental etc. could not avoid, hotels need to employ the best security experts that can suggest digital encryption strategies about point of sale (POS) terminals, data servers and internal networks.

Image Credit: Rawpixel.com/ Adobe Stock

2016: Data Breach Statistics, Year until 10/19/2016

*The ITRC tracks seven categories of data loss methods: Insider Theft, Hacking, Data on the Move, Subcontractor/Third Party, Employee Error/Negligence, Accidental Web/Internet Exposure, and Physical Theft.

The ITRC tracks four types of compromised information: Social Security number, Credit/Debit Card number, Email/Password/User Name, and Protected Health Information (PHI).

Total records exposed only include records for which count is available.

Zecurion offers deeper insight into selected incidents caused either by accidental or intentional data breaches. With all such incidents, the common elements describing the impact of this growing problem are financial loss, compromised intellectual property and dwindling customer confidence. Let us see how some sectors have been impacted as of October 2016. The excerpts below only provide a glimpse of some of these incidents – the list goes on.

Government

August 26, 2016 – County of Sacramento, California, issued a statement that an unknown number of records with personal data were exposed due to an error in the online automated application for Emergency Medical Service license. The information included name, address, social security number, driver’s license, phone number, date of birth of the applicants. Although there has been no report of misuse of PII, yet the county offered one year credit monitoring services of Experian to the affected people as a precaution.

Source: California Attorney General

 Healthcare

September 26, 2016 – One worker at Yale- New Haven Hospital and her friend were arrested for illegally procuring classified personal information of at least 20 near death patients and using the stolen data to obtain credit cards, becoming beneficiaries in their insurances among other planned crimes. This had been going on for two years before they were caught. A year’s credit monitoring has been offered to the victims.

Source: Media: News 3

August 12, 2016 – Bon Secours Health System disclosed that R-C Healthcare Management, a third-party vendor managing their Medicare and Medicaid reimbursement, accidentally left patients’ files accessible over the internet while updating network settings. About 665,000 records containing patient name, health insurer’s name, health insurance identification number, social security number and some health information was exposed to the general public. A forensic investigator was hired to correctly identify people that were affected by this breach and then informed about the incident. 435,000 were from Virginia and the rest were from Kentucky and South Carolina. No misuse of the exposed data has been reported so far.

Source: Media: http://www.nbcconnecticut.com/

Business

September 22, 2016 – Premier America Credit Union, California, reported that a departing employee sent an account list containing name, address and maybe social security and/or employer Identification number to his personal email address for most likely solicitation purposes in future. The employee was reminded of his obligations and company regulations and advised not to use any of this information for any purpose. The management further offered complimentary one year credit monitoring services of Experian to the victims.

Source: California Attorney General
August 8, 2016 – 7-Eleven reported that in June 2016 during a regular maintenance cycle some of the franchisees received the records of employees other than their own franchisee’s employees. The exposed information contained name, address, phone number and social security number of 7,820 employees. The correction was completed within 5 days. 7-Eleven offered 12 months of First Watch Technologies’ professional identity monitoring service to the victims in addition to $1,000,000.00 in identity theft insurance with no deductible.

Source: California Attorney General

Keep Sensitive Data Secure on a Tight Budget

As more services move towards the cloud, it is important to establish network security so as to ensure secure data transfer. Similarly, businesses that manage critical personal data need to maintain airtight security policies and procedures. Not having such policies in place may lead to security breaches or expensive client lawsuits. According to a 2016 report from the Ponemon Institute, almost 50 percent of small organizations that were surveyed experienced a data breach in the previous year. Another research by Symantec found that almost 43 percent of cyber-attacks in 2015 were targeted towards small businesses, up from 18 percent in 2011.

Small businesses make for an enticing target as they usually do not have the necessary security controls in place to secure their financial data from internal as well as external threats. Here are some low budget tips that can help small businesses keep their financial data safe.

  • Install proper network and work station controls such as properly configured firewall, anti-virus software, and updated patches for all hardware and software. Criminals usually try to exploit sensitive data such as Personally Identifiable Information (PIT), business trade secrets, financial data and other critical company information. Organizations must have restrictions in place for allowing only the least number of employees having access to sensitive information, especially financial or that related to security. Strict compliance must be ensured and employees must be trained and updated about it. This will help reduce incidents of data loss/ theft. Access to all storage, computing and online-based media like servers and databases must be restricted to only a few trusted employees.
  • Establish a culture of security by training and informing employees about accessing unsafe websites while at work that may result in major breaches. Companies may also resort to block access to certain sites for security reasons.
  • Conduct periodic testing to keep a check on vulnerabilities. The frequency of testing must depend on functional criticality and size of the company. With smartphones being used as devices for transfer of data, companies must ensure that these devices also fall under the purview of DLP policies and practices. Mobile devices must have anti-virus software installed and be up-to-date.
  • Get finance teams/ CTOs involved to understand the risks involved and get a holistic view of what can be done to mitigate these risks at the base level – without incurring too much cost.
  • Implement two-factor authentication along with strong password policy. Two-factor authentication requires use of a password plus a code or a biometric marker to access data. The additional layer of security makes access to sensitive data more difficult.
  • Set aside a small budget specifically for continuous monitoring or security-related loopholes to help ward off any attacks and threats. If utilizing the services of third party vendors for securely managing data, have a Service Level Agreement (SLA) which details security expectations and gives the right to thoroughly audit the vendor to confirm and ensure compliance with policies.

In essence, by just implementing and following certain basic tenets of security, most organizations can secure their sensitive data with bare minimum costs.

Is Cloud Storage Right for Your Business?

Storing data locally in your own data center has a number of limitations. Storage capacity and redundancy are limited by the server and drive space available in the data center. Increasing capacity to meet demand is costly and time-consuming. If demand falls off, you are left with wasted capacity sitting idle.

In the event of a hardware failure or power outage in the data center, your data will be unavailable, and could possibly end up corrupted or permanently damaged. In the event of a catastrophe, any backup data stored locally could be wiped out along with the production data, which would be devastating for most companies.

Benefits vary from vendor to vendor and depend on the service level you negotiate, but here are some of the primary benefits of storing data in the cloud:

  • Scalability―Cloud computing allows you to quickly and easily scale capacity, either increasing or decreasing available storage space to meet current demands. That means you will be able to handle unexpected spikes in capacity needs without having to over-invest in hardware that will spend most of the time idle.
  • Redundancy―Cloud storage providers generally provide multiple sites that are geographically separate, but with mirrored copies of all data. Hardware failures, power outages, or natural disasters affecting a site will be transparent to you because your data will still be accessible from the alternate sites.
  • Hardware Upgrades―Hardware changes so rapidly that your data center investment can be bordering on obsolescence when you have barely implemented it. A third-party vendor dedicated to providing hosted online storage will invest in hardware and infrastructure upgrades over time so you get the benefit of newer technology without having to constantly re-invest in new hardware.
  • Disaster Recovery/ Business Continuity―Storing data in the cloud also means that it is being stored offsite. In the event of a catastrophe or natural disaster impacting the local office, the data itself will still be protected and available online. Business will be able to continue almost seamlessly from alternate locations, and the data will be immediately available once normal operations resume at the primary office facility.
  • Cost―Considering what you get, scalable, redundant storage that also doubles as a disaster recovery and business continuity solution, the cost of cloud storage is typically quite reasonable. Consider as well that by engaging a third-party host for your data, you don’t have to hire personnel to manage data storage in-house, with their associated salaries and benefits. With the economies of scale offered by a cloud storage provider, adding additional space is a fraction of the investment that would be required for new hardware, and the power and cooling necessary to accomplish the same thing in an internal data center.

Leveraging cloud data storage provides a scalable, reliable, cost- effective storage solution. While there are multiple benefits, the type of cloud storage solution that works best for your company is based on your own specific needs.

Why is On-Demand Cloud Security Gaining Momentum?

 

Demand for cloud computing is high

Cloud computing today is the new normal. The need for cloud services is evidenced and accelerated by the growing number of organizations that are increasingly adopting cloud-based applications for communications, collaboration, business processing and storage. The use cases for the need is only strengthened by business drivers (cloud-driven innovation, user satisfaction, etc.) and technology drivers (agility, scalability, and costs).

Resistance to cloud adoption is gradually waning

In the near past, organizations have not been entirely comfortable with switching over to cloud computing. A big concern was (and to an extent, still is) the lack of faith in the provision of security in the cloud. Naturally, this means that organizations are not sure if data stored in the cloud is safe from incidents such as hacking and data theft. Add to this, the proliferation of bring-your-own-device (BYOD) to work―and the level of risks and concerns just shoot through the roof. A survey by HyTrust found that more than 45% of organizations identify security as a top concern when deploying cloud infrastructure.[1]

Organizations have, however, identified a mid-way through emergence of the hybrid model. The model allows organizations to leverage the benefits of cloud computing while retaining critical applications in their own data centres.  Towards this, a positive finding from the HyTrust survey is that nearly 70% of respondents believe that data breaches and other security risks are becoming less of an obstacle to cloud deployment.[2]

The shift to an on-demand cloud security model

Traditionally, organizations have deployed on-premise security controls to maintain greater control and flexibility over access and usage of data and applications. With confidence around cloud deployments growing, organizations are now extending security controls across the traditional on-premise model to an on-demand model. The drivers are the same as for any other cloud application―scalability, flexibility and cost.

The on-demand model brings in a lot more flexibility enabling organizations to deploy security agents based on usage. The benefits are immediate as the service can be deployed quickly. This allows organizations to scale their security as per business needs, without adding to costly administrative resources.

While some security controls are made available by cloud service providers, it becomes complicated and costly for organizations to keep a track of a plethora of cloud workloads. Towards this provision of an on-demand service, that gives clear visibility on all instances, streamlines security and greatly enhances operational efficiency.

As business threats are growing and getting complicated, organizations are realizing the benefits that the on-demand cloud security model can bring. While its adoption is yet to accelerate, the time is right to pause and think prudently―are you ready to do everything yourself or do you want to focus on your core business and deploy a managed service that takes care of all your vulnerabilities as well as compliance. It is time to act now.

[1] http://www.enterprisetech.com/2016/04/22/security-concerns-easing-cloud-deployment/

[2] Ibid.

How Cryptography Helps Prevent Data Theft

In a world driven by a complex network, where critical data (business or personal) can easily be accessed (stolen/ hacked), it is imperative that strict measures be taken to prevent any instances of data theft. Thankfully, there is a multitude of options available for securing your data. One such measure for securing information is Cryptography.

What is Cryptography and why is it needed?

Before we get to the how, let us take a quick peek at what Cryptography is. The word Cryptography has Greek roots where ‘kryptós’ means “hidden”, and ‘gráphein’ means “to write”. Therefore, Cryptography is the art of writing information in a hidden manner. Stating it in an even simpler manner, it means writing secret messages that can be comprehended only if the receiver knows how to decipher the code.

Cryptography played a very important role in the framing of global history and was used extensively for critical communications among heads of states, military generals, spies, and more for both planning – and curbing coups and more.

Fast forward to the present day.

In todays’ world connected via the net, securing transportation of data between different components is a major challenge – and a business critical requirement. Cryptography has become a critical tool that safeguards data such as digital cash, digital signatures, and passwords that act as the doorway for accessing business secrets of huge organizations – both in the public and private sectors.

So how does Cryptography help prevent data theft?

A cryptosystem is a suite of ciphers (-algorithms for encryption and decryption), protocols (- rules regarding how to use Ciphers), and user-prescribed actions implemented together as a system.

As long as the key to decrypt information (the Secret-key cipher) remains a secret, no one will be able to steal your sensitive data. A few specific cryptography tools and techniques that can be used to prevent data theft are:

  1. Disk encryption: This means encrypting USB and flash drives, etc. which are today a potent means of data theft.
  2. Public Key Infrastructure (PKI): The Public Key Infrastructure (PKI) helps in implementing a robust framework for securely exchanging and managing keys. The two main features of PKI are encryption of messages by means of recipients’ public key, and digital signatures that serve as non-repudiation mechanisms as defined in SOAP standards.
  3. Hide data with steganography: This is rather an interesting way to hide your data. This facilitates, for example, hiding a text message within a .JPG or an MP3 file!

Conclusion

With the number of threats increasing with regards to data theft, it is a relief to note that there are also multiple options available for encrypting and safeguarding your precious data. Organizations can encrypt data in line, or during transmission, or by using hardware devices. That said, it is imperative that an all-out effort is made so as to ensure the safety of sensitive data – especially during transit.

Why Biometrics Should be Used?

Biometrics is a way of making sure that the user is who he or she claims to be, thus eliminating unauthorized access to information and safeguarding it from internal threats. With data breaches becoming more complicated and impacting all sectors, organizations are gradually complementing traditional authentication techniques, especially passwords, with biometric technology. To fully understand the potential that biometrics offers towards enhancing data security, let us first understand what biometric identifies are, how they can be deployed and advantages that the technology offers.

Biometric Identifiers

The term “Biometrics” is coined with two words “bio” and “metric” meaning life and measure respectively. The underlying meaning is that every human is unique and can be recognized/ identified by his or her intrinsic physical or behavioral traits.

Fingerprints, face, retina, voice, ear features, typing rhythm, gait and gestures constitute as biometric identifiers. For security, a single or a composition of multiple identifiers can be used. Research and development is actively underway to encompass brainwave signals, electronic tattoos and microchips under biometric identifiers.

Biometrics Deployment

Fingerprint scanners, face recognition software and biometric hand reader are some of the platforms that are based on biometric technologies. Adoption of biometrics at various access points and endpoints is greatly beneficial in preventing unauthorized access and hence data loss either accidently or on purpose.

A study by ABI Research states that consumer and enterprise spending on biometrics is growing at a rate of 29% per year, with market size expected to reach $36.8 billion by 2020. Retail and banking sectors are leading in the adoption of biometric technologies because of the sheer volume of sensitive data they process.

Biometrics Advantages

While biometrics is gradually becoming a part of our daily lives – common examples being checks at international airports and fingerprint recognition on mobile devices – a number of organizations are yet to fully realize the capability that the technology offers. There are many advantages of deploying biometric technologies. These are:

  • Biometrics are extremely accurate, though not 100%, as the identifiers are unique to each user.
  • While passwords can be replicated making the system vulnerable to unauthorized users, biometric identifiers are difficult to break and thus offer very reliable data security mechanism.
  • Automated biometric verification is a very quick process.
  • Biometrics do not require multi-layer authentication. They are user friendly and lift up the burden from the user to remember various complex passwords. This saves time without compromising the security of sensitive data.

Conclusion

Organizations can enhance traditional authentication methods that they use by introducing biometrics – an additional security layer that answers “Who I am”. While barriers to adoption remain high, mainly being cost and privacy, the number of real-word applications for biometrics has been increasing. It remains to be seen if biometrics will emerge as the answer to most data theft problems or if it will only continue to act as an additional assurance to prevent data loss.

Why Mobile DLP is an Essential Security Tool for Enterprises


With increasing enterprise mobility, organizations are increasingly making effort to secure their data on mobile devices. The bigger question IT managers are worried about is, “Do we have any single solution that is employee friendly and delivers strong security while preventing data loss on a real-time basis?” The answer is affirmative. The comprehensive approach of certain DLP solutions makes them ideal solutions because:

DLP allows prevention of data leakage and safeguards unencrypted information.

Users send and receive email from corporate and personal accounts, upload information to cloud services and send files to social networking sites. According to industry reports, the majority of data loss is generated by well-meaning insiders using standard information-sharing tools (email, Web upload, etc.) since the information is not sent in an encrypted format through mobile devices. A DLP solution acts as a gatekeeper to control confidential information from compromised and unauthorized access by routing the traffic through a corporate virtual private network (VPN) server.

DLP allows access restriction for applications.

Information access privileges are usually 100 percent for each mobile device user. A DLP solution can help enforce a restriction on usage of select applications by blacklisting them or exceptionally allowing some applications to users by whitelisting them based on user business requirements and approvals.

DLP allows protection of real-time data and FSS.

Most data loss from mobile devices occurs through emails, multiple third-party apps allowing data exchange and Internet tools for file sharing and synchronization (FSS). DLP solutions offer data routing and information scanning through corporate VPN to ensure no confidential information leaves the corporate network.

DLP allows monitoring of chat (messages and voice).

Mobile devices connected to the corporate network can be monitored for voice chat activities through control of HTTP/HTTPS and can also log all outgoing text as well as multimedia messages to prevent data leakage. DLP solutions act like control centers for sensitive data, user profiles and device information. With careful definition of these three areas, they can offer lots of security and business flexibility—a perfect combination for mobile devices.

Using Zecurion Mobile DLP Solution

The Zecurion Mobile DLP provides a unique security approach to prevent data leakage from a device in or outside a corporate network.

Unique Security Approach

Zecurion Mobile DLP helps protect your organization from accidental and deliberate data leakage. It acts like a traffic controller and routes all data flow to the network DLP (i.e., Zgate) for analysis and action. This includes analysis and protection of sensitive data sent from email clients, Web browsers and applications such as Facebook, Twitter, Dropbox, etc. In the event of an incident, the user is notified of the violation of security policies.

Mobile DLP Security Model

Zecurion Mobile DLP offers an end-to-end solution to ensure data traveling between smart devices is fully protected from the start to end points. The Zecurion security model has two key elements:

  1. Data Protection—It segregates personal data from corporate data and ensures personal data is protected from monitoring and corporate data is protected from leakage or loss.
  1. Securing Network Access—It ensures data that travels in the network is secure, based on analysis of the content of the messages and file sharing on Google Talk, Yahoo Mail, etc. It also keeps tab on the information uploaded to cloud services, covering all information flow on HTTP/HTTPS.