Category Archives: Mobile Data Security

Mobility and Security: What You Need to Know

The increase in mobile usage for work-purposes is a mutually beneficial development for businesses. It allows employees more flexibility and agility, both professionally and personally. And, in turn, this results in companies being able to reach their strategic goals in an effective way. The problem that businesses are facing with this increase in mobility, is that it inevitably means an increase in endpoints that a Data Loss Prevention (DLP) system has to cover. With roughly 90% of Americans now owning cellphones, many of which are brought into the workplace and even used for work in companies with BYOD (bring your own device) policies, it is essential to know what you should be doing to keep your files secure.

The risk
The risk is, of course, that increase in endpoints from mobile devices, wireless networks, and other mobile and cloud computing services. This creates an environment with no boundaries, unlike the in-office environment that DLP strategies generally cater for.

What exists currently
Mobile policies for companies tend to vary wildly from organization to organization, meaning there are no standard guidelines to follow. Many companies hope that their employees will follow their mobile policy when it comes to the sharing of confidential files on mobile. However, a policy is not a preventative strategy in the same way that a comprehensive DLP strategy is. It relies on a certain level of faith, and, given the level of work activity, and the level of access to work files, on mobile, this completely reduces the effectiveness of the entire DLP strategy.

What do companies do
Many companies avoid invasive software and protocols for mobile devices, often down to privacy issues, especially with BYOD workplaces, and device compatibility. Data Loss Prevention is normally not employed on mobile, so that comprehensive range of solutions for in-office, is not available for mobile in the same way.  Therefore, workplaces find themselves in a situation where employees can get around DLP protocols and send sensitive information to their phones and onto cloud sharing platforms at just the swipe of a button.

In some cases, employees are actually more likely to compromise confidential information by leaking or sharing it when they are out of the office, and therefore perceive themselves as less likely to be physically caught.

Some companies use Virtual Private Networks (VPNs) and Cloud Access Security Brokers (CASBs) to assist in reducing the risk, but there are major concerns with both. VPNs don’t have any control over interfaces that companies are increasingly starting to move towards such as Software as a Service (SaaS) apps like Salesforce, and Office 365. CASBs appear to get around this by allowing control over SaaS apps, however they offer very limited DLP capabilities, rendering them not a viable solution at all for most companies serious about DLP.

The solution
So, how do companies extend their security to the mobile arena? You don’t want to prohibit the easy sharing and transfer of content that enables your employees to work on the go, so generally it is best to place the focus specifically on prohibiting the transfer of the sensitive information you cannot have released:

  • Place a watermark on confidential content
  • Block screen captures and clipboard functions for sensitive information
  • Prevent download of sensitive files to mobile
  • Multi-factor authentication for apps
  • Log mobile activity and track suspicious circumstances

While DLP may not have the comprehensive architecture for mobile quite yet, that doesn’t mean it’s worth ignoring the risk. There are plenty of DLP solutions out there that can provide your organization with the focuses above and find a happy medium between complying with privacy guidelines and protecting your organization’s data.

Instant Messaging Apps – an Instant Threat

The Internet has revolutionized communication forever. Remember the time you’d spend all your money on text messages and multimedia messages? Those days are long past. Real-time and instant messaging is the rage now, allowing you to stay connected with friends round the clock. Apart from simple text messages, they also allow you to exchange voice messages, video recordings and pictures, and even allow you to make voice/video calls with clarity unlike ever before. All of this and more at no cost at all!

Facebook Messenger, Whatsapp, and Google Hangout are some of the more popular messaging applications the world over. Other old favorites are Viber, Snapchat, and WeChat. All these applications allow you to send and receive texts, share pictures, videos, and other files. These days IM apps also allow users to make voice and video calls and send voice messages. Group chats are also permitted in most of these applications. The new IM apps that are gaining popularity are LINE, Telegram, Kik Chat. Even applications that are traditionally not meant for messaging such as Instagram now allow users to send private messages and thus work like IM applications. Applications like Whatsapp and Snapchat have recently introduced encrypted messaging which is a secure form of messaging.

Data Leaks and Security Threats

While IM applications have definitely brought the world to our fingertips, they have also opened up gaps for hackers to steal personal and sensitive data. From identity thefts to stealing financial and corporate information, IM apps make just about everything possible. More the integration, greater the risk of a data leak through the messaging app.

Some common threats to our data and security come in the form of strangers posing as friends, seeking personal or financial information, passwords etc. Sneaky hackers send IMs from a new number with your friend’s name and photograph. Identity theft is as serious as financial theft. Sharing of devices or IM accounts with acquaintances can also leads to serious breach of security, often from unexpected quarters. Unauthorized access to smartphone or mobile device by guests, colleagues, or friends is another security threat. Accidental data sharing to groups while the intended recipient is an individual is very common.

Malware stealing personal, proprietary  and financial information can be installed into your smartphone, sneaked in by videos or links sent by unknown senders. Similarly, you must look out for new and unknown IM applications which could be created in order to steal personal data.

Data Leaks Prevention and Precautions

There are some simple precautions that can be taken to prevent data leak through IM applications. Personal information and sensitive corporate information should not be disclosed to anyone without establishing their identity. Do not be fooled by the DP (Display Picture) and name. Your friends and colleagues will never ask you for your details and passwords over IM. When you find strangers asking for your personal/financial information, do not hesitate to be generous with the “Block” button. Never share your passwords and sensitive data with anyone, not even bank personnel or colleagues you are working with over IM. It is best if you do not save your credit card or bank account details in any phone or mobile device.

If at any time you are under compulsion to send your personal information or credit card details to a family member or friend over IM, or if a colleague needs some sensitive information that is holding back a deal or a project, ensure that the chat uses end-to-end encryption. In case of latter, it is best to implement a mobile data loss prevention solution to prevent data leakage over mobile phones.

Activating the numeric lock or fingerprint reader is a good precaution to keep your device safe. This simple measure will ensure that no one can access your smartphone or mobile device when you’re not around. Lock IM apps with a pattern reader for added protection. Refrain from accessing web versions of IM applications from public computers.

Hacking, phishing, and phreaking are some of the top security threats in the world of technology these days.  Never click on links sent to you by unknown people. Malware are often sent in the form of innocuous links or even videos. These are installed in your smartphone or mobile device when you click them and transmit information that you send over messages. Also, do set all system downloads to “manual” to avoid unintended malware installation on your mobile device.

Messaging Apps bring our dear ones closer. They also make corporate teams work more closely together. But unfortunately, they also bring the wily data thief within harming distance. With a little precaution your instant messaging can be made as safe as a face-to-face conversation.

Ensuring Application Security in Mobile Environment

With concepts such as bring-your-own-device (BYOD) becoming almost indispensable in today’s business environments, employees have both official and personal data on their smartphones and other devices. Because many of these devices are not very secure, hackers are having a field day. Apart from this, the risks of inadvertent data loss have also greatly increased.

In a recent analysis of downloaded applications within organizations, IBM found that these apps had access to confidential business data.

Anyone using a smartphone is aware that downloaded applications require frequent OS updates. Frequent updates cause greater exposure and vulnerability for the phones, which means that they may get corrupted or lose precious, business-critical data. Additionally, because mobile apps can access security-critical servers, storage, and networking systems, these apps are prone to and vulnerable to external attacks in which hackers can intercept data and cause huge losses. In a recent case involving an Android application, a weakness was found that could put personal user information at risk, including not only phone numbers and location details but also account balances.

Because compromised applications may at times lead to irrevocable losses for organizations in terms of finances, brand loyalty, confidential customer information, and intellectual property, application-security testing teams need to be on their toes at all times. They need to think about how to implement a robust, automated, and scalable mobile-specific security management program that can eliminate the looming risks to enterprise data with ease and efficiency.

On a positive note, most organizations have data-loss prevention (DLP) policies in place for blocking devices as soon as they are reported lost. However, most organizations do not have a clue about the type of applications installed on their employees’ mobile phones, and this is a huge cause of concern. To ensure that only safe applications are installed on corporate-owned and corporate-controlled devices, organizations have moved toward implementing mobile application management solutions. Many organizations involved in the generation and management of critical data, such as data relating to finance and security, use advanced DLP measures to control logins and access to data on mobile devices.

What is needed to ensure that your organization has a robust risk management system in place for your applications?

To ensure that mobile applications are secure in all aspects, organizations must follow basic rules:

  • Perform stringent tests (perhaps utilizing a cloud-testing lab) for all application types (web, native, and hybrid), for all browsers, for iOS and Android (especially if it is open source), and for all software that might access the application once it is installed.
  • Perform continuous static and dynamic analyses; monitor applications to detect problems.
  • Perform checks for threats to the application due to weak encryption, client-side injection, and data storage.
  • Minimize and verify functionality and permissions, thus simplifying the code. In addition, conduct thorough data validation and perform end-to-end testing of the code to check for any shortfalls related to security.
  • Test the back end for any weaknesses in the emulators running the mobile applications.
  • Perform thorough testing (automated penetration, functional, performance, etc.) on the application for loopholes related to security and for any weaknesses related to viruses.
  • Try to avoid the data storage and transmission. If this is necessary, encrypt data during the process.
  • Detect integrity violations using a taint analysis.
  • Hard-code the applications so that no one can modify them externally.
  • Invest in an automated mobile-app security-testing tool that can perform security assessments, penetration testing, for apps being built using agile methodology.

App developers must also make their apps third-party-friendly and easy to download. This will dissuade mobile users from wanting to jailbreak or root their mobile devices, which makes the devices vulnerable and renders the features related to OS security ineffective. App developers must be motivated and trained to build apps that have strong, built-in security controls to thwart any unwarranted breaches.

If organizations perform the above tests, follow strict app development guidelines, and implement robust frameworks for security testing, they will have done all that is required to keep the mobile applications—and, more importantly, the user data—secure. These measures, coupled with use of DLP, will effectively lead to implementation of stronger security practices.

Why Mobile DLP is an Essential Security Tool for Enterprises


With increasing enterprise mobility, organizations are increasingly making effort to secure their data on mobile devices. The bigger question IT managers are worried about is, “Do we have any single solution that is employee friendly and delivers strong security while preventing data loss on a real-time basis?” The answer is affirmative. The comprehensive approach of certain DLP solutions makes them ideal solutions because:

DLP allows prevention of data leakage and safeguards unencrypted information.

Users send and receive email from corporate and personal accounts, upload information to cloud services and send files to social networking sites. According to industry reports, the majority of data loss is generated by well-meaning insiders using standard information-sharing tools (email, Web upload, etc.) since the information is not sent in an encrypted format through mobile devices. A DLP solution acts as a gatekeeper to control confidential information from compromised and unauthorized access by routing the traffic through a corporate virtual private network (VPN) server.

DLP allows access restriction for applications.

Information access privileges are usually 100 percent for each mobile device user. A DLP solution can help enforce a restriction on usage of select applications by blacklisting them or exceptionally allowing some applications to users by whitelisting them based on user business requirements and approvals.

DLP allows protection of real-time data and FSS.

Most data loss from mobile devices occurs through emails, multiple third-party apps allowing data exchange and Internet tools for file sharing and synchronization (FSS). DLP solutions offer data routing and information scanning through corporate VPN to ensure no confidential information leaves the corporate network.

DLP allows monitoring of chat (messages and voice).

Mobile devices connected to the corporate network can be monitored for voice chat activities through control of HTTP/HTTPS and can also log all outgoing text as well as multimedia messages to prevent data leakage. DLP solutions act like control centers for sensitive data, user profiles and device information. With careful definition of these three areas, they can offer lots of security and business flexibility—a perfect combination for mobile devices.

Using Zecurion Mobile DLP Solution

The Zecurion Mobile DLP provides a unique security approach to prevent data leakage from a device in or outside a corporate network.

Unique Security Approach

Zecurion Mobile DLP helps protect your organization from accidental and deliberate data leakage. It acts like a traffic controller and routes all data flow to the network DLP (i.e., Zgate) for analysis and action. This includes analysis and protection of sensitive data sent from email clients, Web browsers and applications such as Facebook, Twitter, Dropbox, etc. In the event of an incident, the user is notified of the violation of security policies.

Mobile DLP Security Model

Zecurion Mobile DLP offers an end-to-end solution to ensure data traveling between smart devices is fully protected from the start to end points. The Zecurion security model has two key elements:

  1. Data Protection—It segregates personal data from corporate data and ensures personal data is protected from monitoring and corporate data is protected from leakage or loss.
  1. Securing Network Access—It ensures data that travels in the network is secure, based on analysis of the content of the messages and file sharing on Google Talk, Yahoo Mail, etc. It also keeps tab on the information uploaded to cloud services, covering all information flow on HTTP/HTTPS.

Best Practices for Enhancing Mobile Data Security

Data loss, whether intentional or unintentional, not only leads to financial loss but also leaves a lasting impact on goodwill of the organization. With increased enterprise mobility, organizations need to implement strict regulations and safeguard confidential resources from falling into wrong hands.

BYOD, the key driver for enterprise mobility, has increased productivity and reduced costs as employees can now access corporate emails, messages, text and work files from their own personal device. They can be virtually anywhere while still being productive.

The stereotype work culture of commuting to the office or working from one fixed desktop is already a thing of the past. According to Fliplet, worldwide more than 1.3 billion workers use various mobile devices for work. Studies have also shown that usage of smart phones by mobile workforce results in increased productivity of work – a six weeks’ worth equivalent to almost 240 more hours per employee annually. BYOD is therefore here to stay and is being recognized as a megatrend impacting small and big enterprises.

However, the flip side to it is that it has also resulted in increased vulnerability of mobile data. Towards this, Zecurion recommends 10 best practices to enhance mobile data security.

  1. Classify, Tag and Analyze Data

Classifying and digitally tagging data will prevent data loss in case it falls into wrong hands. Classification of data is compulsory in order to correctly deploy the tool to thwart the loss.  Once classification of data is completed by a team of experts – comprising business process managers, legal and compliance specialists – it is easier to choose a DLP tool that best suits the need. These tools are essentially automated controls protecting data at rest, data in transit and data in use.

  1. Integrate with Mobile Device Management

Mobile Device Management (MDM), a content- aware solution, simply lets the administrator define roles and authorizations for users. This way only selected users have access to all the information and DLP can be better managed. MDM also offers jailbreaking/ rooting detection feature. Until the device is deemed safe, the mobile device will not be able to access anything on the company’s server. MDM can also block specified applications.

  1. Encryption of Data

Encryption should be a rule of thumb for any wireless mobile communication – be it cloud-based or over virtual private network. To access the encrypted data, an encryption key is required. An unauthorized interceptor can therefore not access data without this key.

  1. Authenticate Identity of the User

Multiple forms of authentication, a.k.a. biometrics, should be used for mobile devices. These include fingerprint, facial, retina and voice recognition. Biometrics is a way of making sure that the user is who he or she claims to be, thus eliminating chances of unauthorized access and preventing data loss.

  1. Test for Vulnerability of Mobile Data Periodically

Penetration testing on mobile devices must be undertaken on a regular basis. Accordingly, organizations must come up with mitigation plans in case of a breach.

  1. Train Staff Regularly

Conduct periodic training on mobile DLP to educate corporate mobile users about access policies and usage behavior.

  1. Deploy Endpoint Security

Implementing endpoint security just as in other non-mobile environments. With endpoint protection, unauthorized users or devices that do not comply with the security program cannot access, copy, share or store confidential information either accidentally or on purpose.

  1. Implement COPE – Company Owned Personally Enabled Mobile Devices

Depending on the nature of business, organizations should implement COPE – antidote to vulnerabilities arising from BYOD. COPE enables the IT department to maintain control on devices connected to enterprise networks while offering work flexibility to employees. Also in case the device is stolen or lost, the organization will have the ability to wipe out the entire data remotely. Further, COPE allows IT to control the installation of third party software and prevent any malicious software from being installed on mobile devices.

  1. Monitor Outflow and Inflow of Mobile Data

Install mobile DLP solution that successfully monitors the data that the mobile device accesses or downloads from the organization’s server. Personal and business emails can easily be bifurcated and chances of sensitive information being leaked from mobile devices are drastically reduced.

  1. Destroy Obsolete Hardware

Make sure that unused or discarded mobile devices are wiped clean of any sensitive data. Have strict well defined policies in place for proper disposal of mobile devices. Installing customized firewalls will give limited access to organization’s data to mobile users and prevent sensitive data loss.

How Zecurion Can Help

Zecurion offers Mobile DLP which is a full data prevention solution that offers content analysis for Android devices and contains all the necessary functionality for data protection. It provides complete monitoring of corporate information on employees’ mobile devices, preventing data leaks at various stages of information processing, storage, and transfer.

Zecurion Mobile DLP can help ensure data traveling between mobile devices is not compromised and provides monitoring of connecting mobile devices to computers and other devices. Zecurion Mobile DLP finds copies of confidential documents on users’ mobile devices and blocks their transfer via unsecured open networks. All traffic is channeled through a protected corporate network. In the event of theft or loss, the device can be blocked by a security officer. The solution also stores shadow copies of SMS and MMS, as well as monitors the running of applications. Its key features include file scan, application control, monitoring, SMS/ MMS logging, allow / disable certain Wi-Fi networks, remote blocking /cleaning of the device and logging of geo location.

Growing Workplace Collaboration Necessitates Mobile DLP

According to Fliplet, by end of 2016, there will be more than 1.3 billion workers globally using mobile devices at the workplace. Sales of mobile devices will touch 3 billion by 2017. The stereotype work culture of commuting to the office or working from one fixed desktop will be a thing of the past. Abundant use of smart phones by mobile workforce will result in increased productivity of work – a six weeks’ worth equivalent to almost 240 more hours per employee annually.

Similarly, bring-your-own-device (BYOD), is being given proper recognition in all small and big enterprises. As BYOD has been consistently fueling mobility, this growing trend of “consumerization of IT” has increased productivity and reduced costs. This is because employees can now access corporate emails, messages, text, work-related communication over their own personal device, enabling them to be virtually anywhere while still being productive. Customer responsiveness has increased and newer engagement models are emerging that are enabling mobile devices to be used as sales tools.

But the question is “How Secure is Mobile Collaboration?” Are we implementing enough measures for Mobile DLP? How can corporates be assured that the threat of data loss over mobile devices has been mitigated?

Data loss prevention (DLP) solutions help address these challenges in a mobile environment just as they would in a workstation environment. The comprehensive approach of mobile DLP solutions makes them ideal because:

Mobile DLP allows prevention of data leakage and safeguards unencrypted information

Users send and receive email from corporate and personal accounts, upload information to cloud services and send files to social networking sites. According to industry reports, the majority of data loss is generated by well-meaning insiders using standard information-sharing tools (email, Web upload, etc.) since the information is not sent in an encrypted format through mobile devices. A mobile DLP solution acts as a gatekeeper to control confidential information from compromised and unauthorized access by routing the traffic through a corporate virtual private network (VPN) server.

Mobile DLP allows access restriction for applications

Information access privileges are usually 100 percent for each mobile device user. A mobile DLP solution can help enforce a restriction on usage of select applications by blacklisting them or exceptionally allowing some applications to users by whitelisting them based on user business requirements and approvals.

Mobile DLP allows protection of real-time data and FSS

A Gartner study reported that most data loss from mobile devices occurs through emails, multiple third-party apps allowing data exchange and Internet tools for file sharing and synchronization (FSS). Mobile DLP solutions offer data routing and information scanning through corporate VPN to ensure no confidential information leaves the corporate network.

Mobile DLP allows monitoring of chat (messages and voice)

Mobile devices connected to the corporate network can be monitored for voice chat activities through control of HTTP/HTTPS and can also log all outgoing text as well as multimedia messages to prevent data leakage.

Mobile DLP solutions act like control centers for sensitive data, user profiles and device information. With careful definition of these three areas, they can offer lots of security and business flexibility—a perfect combination for mobile devices.

Adopting a Unique Security Approach through Zecurion Mobile DLP Solution

The Zecurion Mobile DLP provides a unique security approach to prevent data leakage from a device in or outside a corporate network. Zecurion Mobile DLP helps protect the organization from accidental and deliberate data leakage. It acts like a traffic controller and routes all data flow to the network DLP (i.e., Zgate) for analysis and action. This includes analysis and protection of sensitive data sent from email clients, Web browsers and applications such as Facebook, Twitter, Dropbox, etc. In the event of an incident, the user is notified of the violation of security policies.

Zecurion Mobile DLP Security Model

Zecurion Mobile DLP offers an end-to-end solution to ensure data traveling between smart devices is fully protected from the start to end points. The Zecurion security model has two key elements:

  1. Data Protection

It segregates personal data from corporate data and ensures personal data is protected from monitoring and corporate data is protected from leakage or loss.

  1. Securing Network Access

It ensures data that travels in the network is secure, based on analysis of the content of the messages and file sharing on Google Talk, Yahoo Mail, etc. It also keeps tab on the information uploaded to cloud services, covering all information flow on HTTP/HTTPS.

How Zecurion Mobile DLP Works

Zecurion Mobile DLP works in conjunction with mobile solutions to configure and manage VPN. It also relies on a DLP server deployed in the corporate network and, in conjunction with a Web proxy, analyzes all outgoing network traffic, including SSL-encrypted content.

Benefits of Zecurion Mobile DLPZecurion Mobile DLP Benefits

Zecurion Achieves Worldwide Silver Partner Status in the Samsung Enterprise Alliance Program

New York, September 23, 2015 — Zecurion, a leading developer of data loss prevention solutions, announced it has achieved silver partner status in the Samsung Enterprise Alliance Program (SEAP) enabling Zecurion to deliver mobile solutions aimed at preventing leaks of confidential data through Samsung Android.

The partnership with Samsung enabmles Zecurion to provide complete monitoring of corporate information on employees’ mobile devices efficiently and cost effectively, thereby preventing data leaks at various stages of information processing, storage, and transfer.

SEAP is an affiliate program of Samsung and supports companies in the use of Samsung products and solutions. Besides support for global marketing and distribution activities, Samsung offers technical support and expertise to its partners to enable development of differentiated mobile solutions that meet customer demands

With the silver partner status, Zecurion now has access to the extended library of the Enterprise SDK from Samsung.

Zecurion Mobile DLP finds copies of confidential documents on users’ mobile devices and blocks their transfer via unsecured open networks. All traffic is channeled through a protected corporate network. In the event of theft or loss, the device can be blocked by a security officer.

MHA NG (Mobile Hybrid Analysis Next Generation) is used to detect confidential documents on Android devices. A new version of MHA uses six different technologies for identifying confidential data, including MorphoLogic, a search by dictionary, templates and frequent expressions. The plan for the future is to add support for DocuPrints and SmartID. MNH NG is already correctly identifying over 100 different file types as well as encrypted documents.

For more information about Zecurion DLP Mobile, please call +1 866 581-0999.

About Samsung Enterprise Alliance Program (SEAP)

Samsung Enterprise Alliance Program (SEAP) is designed to provide differentiated benefits to partners according to their various needs. The goal of SEAP is to enable partners in creating new revenue opportunities in the enterprise mobile business with Samsung products and solutions. Additional information is available at visit: http://www.samsungmobileb2b.com.

Zecurion Whitepaper: Securing Corporate Data on Mobile Devices

Regmobile_miniulating the information flow between various devices has been a top priority for Information Technology (IT) managers. With the advent of bring-your-own-device (BYOD) to the workplace, their task has become even more challenging to secure data and ensure seamless data access between desktops, laptops and mobile devices. MobMobThis situation is compounded by the fact that IT managers are often unaware of mobile devices being on the corporate network. Towards this, download Zecurion’s latest whitepaper on Mobile DLP to:

  • Explore the challenges of BYOD
  • Gain awareness about the benefits of mobile data loss prevention (DLP) solutions
  • Learn how to ensure data security on mobile devices
  • Understand how Zecurion Mobile DLP can help ensure data traveling between mobile devices is not compromised