Tag Archives: Mobile DLP

Why Mobile DLP is an Essential Security Tool for Enterprises


With increasing enterprise mobility, organizations are increasingly making effort to secure their data on mobile devices. The bigger question IT managers are worried about is, “Do we have any single solution that is employee friendly and delivers strong security while preventing data loss on a real-time basis?” The answer is affirmative. The comprehensive approach of certain DLP solutions makes them ideal solutions because:

DLP allows prevention of data leakage and safeguards unencrypted information.

Users send and receive email from corporate and personal accounts, upload information to cloud services and send files to social networking sites. According to industry reports, the majority of data loss is generated by well-meaning insiders using standard information-sharing tools (email, Web upload, etc.) since the information is not sent in an encrypted format through mobile devices. A DLP solution acts as a gatekeeper to control confidential information from compromised and unauthorized access by routing the traffic through a corporate virtual private network (VPN) server.

DLP allows access restriction for applications.

Information access privileges are usually 100 percent for each mobile device user. A DLP solution can help enforce a restriction on usage of select applications by blacklisting them or exceptionally allowing some applications to users by whitelisting them based on user business requirements and approvals.

DLP allows protection of real-time data and FSS.

Most data loss from mobile devices occurs through emails, multiple third-party apps allowing data exchange and Internet tools for file sharing and synchronization (FSS). DLP solutions offer data routing and information scanning through corporate VPN to ensure no confidential information leaves the corporate network.

DLP allows monitoring of chat (messages and voice).

Mobile devices connected to the corporate network can be monitored for voice chat activities through control of HTTP/HTTPS and can also log all outgoing text as well as multimedia messages to prevent data leakage. DLP solutions act like control centers for sensitive data, user profiles and device information. With careful definition of these three areas, they can offer lots of security and business flexibility—a perfect combination for mobile devices.

Using Zecurion Mobile DLP Solution

The Zecurion Mobile DLP provides a unique security approach to prevent data leakage from a device in or outside a corporate network.

Unique Security Approach

Zecurion Mobile DLP helps protect your organization from accidental and deliberate data leakage. It acts like a traffic controller and routes all data flow to the network DLP (i.e., Zgate) for analysis and action. This includes analysis and protection of sensitive data sent from email clients, Web browsers and applications such as Facebook, Twitter, Dropbox, etc. In the event of an incident, the user is notified of the violation of security policies.

Mobile DLP Security Model

Zecurion Mobile DLP offers an end-to-end solution to ensure data traveling between smart devices is fully protected from the start to end points. The Zecurion security model has two key elements:

  1. Data Protection—It segregates personal data from corporate data and ensures personal data is protected from monitoring and corporate data is protected from leakage or loss.
  1. Securing Network Access—It ensures data that travels in the network is secure, based on analysis of the content of the messages and file sharing on Google Talk, Yahoo Mail, etc. It also keeps tab on the information uploaded to cloud services, covering all information flow on HTTP/HTTPS.

Best Practices for Enhancing Mobile Data Security

Data loss, whether intentional or unintentional, not only leads to financial loss but also leaves a lasting impact on goodwill of the organization. With increased enterprise mobility, organizations need to implement strict regulations and safeguard confidential resources from falling into wrong hands.

BYOD, the key driver for enterprise mobility, has increased productivity and reduced costs as employees can now access corporate emails, messages, text and work files from their own personal device. They can be virtually anywhere while still being productive.

The stereotype work culture of commuting to the office or working from one fixed desktop is already a thing of the past. According to Fliplet, worldwide more than 1.3 billion workers use various mobile devices for work. Studies have also shown that usage of smart phones by mobile workforce results in increased productivity of work – a six weeks’ worth equivalent to almost 240 more hours per employee annually. BYOD is therefore here to stay and is being recognized as a megatrend impacting small and big enterprises.

However, the flip side to it is that it has also resulted in increased vulnerability of mobile data. Towards this, Zecurion recommends 10 best practices to enhance mobile data security.

  1. Classify, Tag and Analyze Data

Classifying and digitally tagging data will prevent data loss in case it falls into wrong hands. Classification of data is compulsory in order to correctly deploy the tool to thwart the loss.  Once classification of data is completed by a team of experts – comprising business process managers, legal and compliance specialists – it is easier to choose a DLP tool that best suits the need. These tools are essentially automated controls protecting data at rest, data in transit and data in use.

  1. Integrate with Mobile Device Management

Mobile Device Management (MDM), a content- aware solution, simply lets the administrator define roles and authorizations for users. This way only selected users have access to all the information and DLP can be better managed. MDM also offers jailbreaking/ rooting detection feature. Until the device is deemed safe, the mobile device will not be able to access anything on the company’s server. MDM can also block specified applications.

  1. Encryption of Data

Encryption should be a rule of thumb for any wireless mobile communication – be it cloud-based or over virtual private network. To access the encrypted data, an encryption key is required. An unauthorized interceptor can therefore not access data without this key.

  1. Authenticate Identity of the User

Multiple forms of authentication, a.k.a. biometrics, should be used for mobile devices. These include fingerprint, facial, retina and voice recognition. Biometrics is a way of making sure that the user is who he or she claims to be, thus eliminating chances of unauthorized access and preventing data loss.

  1. Test for Vulnerability of Mobile Data Periodically

Penetration testing on mobile devices must be undertaken on a regular basis. Accordingly, organizations must come up with mitigation plans in case of a breach.

  1. Train Staff Regularly

Conduct periodic training on mobile DLP to educate corporate mobile users about access policies and usage behavior.

  1. Deploy Endpoint Security

Implementing endpoint security just as in other non-mobile environments. With endpoint protection, unauthorized users or devices that do not comply with the security program cannot access, copy, share or store confidential information either accidentally or on purpose.

  1. Implement COPE – Company Owned Personally Enabled Mobile Devices

Depending on the nature of business, organizations should implement COPE – antidote to vulnerabilities arising from BYOD. COPE enables the IT department to maintain control on devices connected to enterprise networks while offering work flexibility to employees. Also in case the device is stolen or lost, the organization will have the ability to wipe out the entire data remotely. Further, COPE allows IT to control the installation of third party software and prevent any malicious software from being installed on mobile devices.

  1. Monitor Outflow and Inflow of Mobile Data

Install mobile DLP solution that successfully monitors the data that the mobile device accesses or downloads from the organization’s server. Personal and business emails can easily be bifurcated and chances of sensitive information being leaked from mobile devices are drastically reduced.

  1. Destroy Obsolete Hardware

Make sure that unused or discarded mobile devices are wiped clean of any sensitive data. Have strict well defined policies in place for proper disposal of mobile devices. Installing customized firewalls will give limited access to organization’s data to mobile users and prevent sensitive data loss.

How Zecurion Can Help

Zecurion offers Mobile DLP which is a full data prevention solution that offers content analysis for Android devices and contains all the necessary functionality for data protection. It provides complete monitoring of corporate information on employees’ mobile devices, preventing data leaks at various stages of information processing, storage, and transfer.

Zecurion Mobile DLP can help ensure data traveling between mobile devices is not compromised and provides monitoring of connecting mobile devices to computers and other devices. Zecurion Mobile DLP finds copies of confidential documents on users’ mobile devices and blocks their transfer via unsecured open networks. All traffic is channeled through a protected corporate network. In the event of theft or loss, the device can be blocked by a security officer. The solution also stores shadow copies of SMS and MMS, as well as monitors the running of applications. Its key features include file scan, application control, monitoring, SMS/ MMS logging, allow / disable certain Wi-Fi networks, remote blocking /cleaning of the device and logging of geo location.