Plugging the leak: Data loss and smartphones

Smartphones are becoming more powerful every day, and tablets have evolved to the point where people are using them as their on-the-go computing device, allowing them to leave the laptop at home. But while smartphones and tablets are sharing the spotlight with laptops for many business users, their underlying design makes them very different from a traditional PC. That difference could be putting your organization at risk. Luckily, there’s a way to get a handle on it.

The risk that I’m speaking of is data leakage. The very things that make smartphones easy to use (social sharing, constant connectivity, location services, etc.) are also putting your company’s data at risk. In fact, Forrester Research estimates that between $90 and $305 dollars can be lost per customer record. With devices carrying thousands, if not millions, of records, the total cost of a compromised device is high.

SHI-The-rising-cost-of-data-loss-CHART

Smartphones have been designed and built from the beginning to be easy to use. That’s because apps on mobile devices share information behind the scenes. For instance, you take a photo with the camera app and the mail app puts the photo in an email. Then it links with your Gmail account, and translates the name Ben Jones to an email address pulled from your address book, and away it goes.

By comparison, it’s never that easy on a computer. You have to use a camera or a webcam to take the photo, load it onto your PC, save the file as a JPEG, open your web browser, log into Gmail, find the photo on your hard disk, attach it, and away it goes. Is it any wonder why no one uses PCs to share photos anymore?

On the smartphone, the more complex details happen behind the scenes. This is great for a person like my mom, who doesn’t know the difference between the Internet and Internet Explorer, but can take photos of sales items and send them to my brother and me.

However, it’s exactly that ease of use that makes smartphones so dangerous in the enterprise. All this behind-the-scenes data sharing means that information can be accidentally sent to the wrong place or uploaded to a cloud provider. It might be a simple user error, or it could be a rogue app that’s pretending to be a game or social media app but is actually stealing information. All this efficiency is a huge problem for companies because it opens the floodgates for data leakage.

So how do you plug the dike? The good news is that the industry has created robust platforms for enterprises that allow end users the freedom and productivity they’re used to with mobile. But it also lets IT managers sleep at night knowing the vast majority of data leakage problems can be easily monitored and controlled.

Mobile Device Management (MDM) is software that is installed onto a mobile device that talks to the network and allows for accountability and auditing. MDM is also able to push corporate-approved apps to a mobile device and provide updates. It might also create a secure and encrypted folder on the smartphone that is not available to the other apps on the phone, where sensitive corporate data can placed.

There are a lot of companies providing MDM solutions and in SHI’s experience, not all solutions are created equal. Our work on the SHI mobility team has shown that some MDM solutions provide high security for regulated industries like medical, finance, and the military. Others have a strong presence in retail operations (think Apple stores with handheld iPod Touches as the credit card machines), while others on the market are designed to interface with existing security products sold by McAfee and Symantec.

One thing is clear: Organizations need to be thinking seriously about smartphones and the risk they pose to corporate data. Even if you officially don’t allow your people to access corporate information using a smartphone, chances are that people are finding ways to do it anyway.

Mobility is as grass-roots as it gets, because people are bringing in their own personal devices, and IT departments don’t want to be caught unawares. They know they need to figure out how smartphones fit into their corporate IT strategy and, more importantly, how they can use MDM software to lock down these devices and make sure that they’re not being used for anything unsavory.

2 thoughts on “Plugging the leak: Data loss and smartphones

  1. Chris says:

    What have you heard about Samsung’s enterprise solution, called SAFE? One of the main issues we run into is that our employees want to use the latest and greatest hardware, as in Android devices, particularly the Galaxy S3 and the Note 2. Samsung offers an enterprise solution called SAFE, but I have not had any experience with it and would love to hear some real world feedback on the topic.

  2. Ted Chalker says:

    Hi Chris,

    I like SAFE by Samsung a lot. It’s a good product, and has definitely evolved to the point that it offers greater security and control over a device than iOS currently allows. For instance SAFE allows for full device (including MicroSD) encryption. So if someone dumps the phone’s contents to a computer it will remain gibberish. Without this you’ll have to rely application level encryption and only some data will be unreadable.

    In practice what I see happening is that the technology has evolved faster than companies can adapt. Many organizations are running an iPhone-only policy and experimenting with Android on the side, essentially waiting for the Android market to shake out a bit. At the top of that list is SAFE.

    Employees will always want the latest and greatest. But, if you are thinking about a Bring-Your-Own-Device (BYOD) program one of the most important things to keep in mind is that BYOD doesn’t have to mean that employees can use any device they want. It can also mean that employees pick their device from a pre-approved list.

Submit a comment:

Your email address will not be published.

Please note: All comments will be moderated