Cloud security has been a top concern ever since organizations first began to shift data into the cloud and away from on-premises solutions.
While many cloud providers offer robust enterprise capabilities, including encrypted content, passcodes, and mobile device management, many can still fall victim to a serious security risk: data leakage.
In an age where organizations and employees muddle the boundary between personal and private devices, employees can often access or transfer data to their unmanaged and unprotected devices. Providing employees with the ability to transfer and share sensitive data significantly increases the risk of data leakage.
The cloud leakage problem is one of the greatest threats to enterprise content security. While many cloud solutions secure enterprise content within the cloud infrastructure, they often lack the controls necessary to keep mobile users from downloading and walking away with critical information on personal, unsecured devices. However, there are powerful mobile security solutions that provide extra security for content in and out of the cloud. Here are the top five features companies must look for when choosing a mobile security solution that ensures content is secure.
Email protection — One of the easiest ways for employees to compromise content is by emailing secured cloud data to themselves on unprotected, personal email accounts. This not only leaks corporate content outside of an organization, but places it at greater risk of external hacks. Find a mobile security solution that can rein in rogue emailing and button up this source of content leakage by allowing only managed devices to synchronize with and download content from the cloud. These solutions also enable IT teams to monitor downloaded content, further securing your data.
Download prevention — The advent of the cloud means IT can no longer contain sensitive content behind four walls, and managing what devices can access company data has its limits with some cloud solutions. The easiest way to prevent employees from downloading sensitive data to personal devices is by forbidding external downloads onto unsecured devices altogether. But with some services, users can access content with phones that aren’t managed, creating a major backdoor into your data. Fixing this problem will take some integration between the technology and the particular ecosystem, but this issue will likely be addressed sooner rather than later. For now, find a solution that can limit what devices have access to content in the cloud.
Containerize content on devices — Companies should monitor information downloaded onto personal devices and limit the number of apps that are allowed to interact with the virtual private network. Using containerization tools, companies can allow the corporate side of the phone to access the network and content in the cloud while restricting those rights from personal apps that might be malicious. This enables employees to access their corporate data out of the office without putting it at risk.
Self-destructing content — If content does leak, organizations need a way to stop it in its tracks. Self-destruct features can auto-delete and purge content from devices, enabling IT to control data even when it’s outside of the cloud. Beyond unauthorized downloads, a self-destruct feature helps to better manage content on mobile devices, erasing data once it’s no longer relevant or after a specific amount of time.
Content linked back to the user — The best way to deter internal leaks of sensitive data is to implement a solution with a watermarking capability. This system automatically marks documents with the email or username of the employee accessing the information. If a user steals a document from the cloud and leaks it to unapproved sources, the company can immediately identify the offender and take action. But more than likely, users will be more protective of documents that are watermarked with their name.
The biggest problem in cloud security isn’t securing the cloud. Instead, it’s securing the mobile devices accessing the cloud. All too often, mobile employees download crucial business data onto unsecured personal devices. The intent is often benign, with many employees downloading information they need to complete their jobs effectively.
The problem arises when corporate data is exposed on unmanaged or unsecure devices. In order to better protect sensitive data, companies should invest in mobile security solutions that offer end-to-end protection, ensuring employee data is always secure when leaving the workplace.
Blake Brannon is a senior solutions engineer at AirWatch by VMware, the leading enterprise mobility management (EMM) provider. In this role, Brannon is responsible for guiding overall product strategy in order to enhance the technical component of the AirWatch EMM suite. He oversees a large team of sales engineers that designs customized scenarios on a client-by-client basis to drive sales and improve the customer experience. Brannon has worked with AirWatch¹s biggest clients, fine tuning security configurations, product design and the integration of enterprise data. For more information, please visit www.air-watch.com.